On January 21, 2011, Kelley Drye & Warren hosted the seminar and audiocast, "Privacy By Design, Choice, and Transparency: What a New Framework Will Mean for Business and Technology." The seminar highlighted key regulatory and legislative developments in privacy and information security law during the past year.
Dana Rosenfeld, Kelley Drye partner and chair of the firm's Privacy and Information Security practice, opened the seminar by reflecting on the emphasis in 2010 and going forward for 2011 on bringing greater clarity to commercial privacy practices for the benefit of both
consumers and commercial entities. Six experts representing the federal agencies and policymakers integral to recent privacy initiatives spoke during two separate panel sessions. The first panel reviewed and expanded upon the separate privacy frameworks released in December 2010 by the Federal Trade Commission ("FTC") and the U.S. Department of Commerce1
Panel 1 - Moderated by Kelley Drye Partners Alysa Hutnik and Tom Cohen
- Jessica Rich, Deputy Director, Bureau of Consumer Protection, Federal Trade Commission
- Ari Schwartz, Senior Internet Policy Advisor, National Institute of Standards and Technology, U.S. Department of Commerce
- Aaron Burstein, Telecommunications Policy Analyst, National Telecommunications and Information Administration, U.S. Department of Commerce
Panelists discussed the catalysts behind the proposed privacy frameworks, and emphasized common ground between the two approaches, as both the FTC and Commerce Department seek a balance of greater consumer protection, more robust self-regulation, and continued industry competition and innovation.
- Jessica Rich, with the FTC, stated that the FTC's framework is neither an enforcement document nor a proposed regulation. The framework addresses whether current laws are keeping pace with ongoing technology advances, and positions the FTC as a thought leader on a potential privacy model. Ms. Rich noted that the privacy roundtables conducted by the FTC in 2010 generated a high level of agreement among industry and privacy group stakeholders on the need to address areas such as data aggregation, as well as existing business models that don't fit squarely within existing regulatory or non-regulatory frameworks. Ms. Rich emphasized that, regardless of the technology at issue, there will remain a need for central concepts and a vocabulary (e.g. "meaningful choice," "transparency," etc.) that resonate with consumers, and can be leveraged across various technology platforms.
- Panelists noted that the two privacy frameworks include largely consistent themes, and discussed the likely extent of agency coordination moving forward. Ari Schwartz, with the Commerce Department, stated that privacy is one of several areas under a Commerce Department review of broader Internet policy, and he expects some level of ongoing agency coordination. Mr. Schwartz did not speculate on the final outcome of current efforts, but he anticipates that existing fair information practices will continue to serve as a baseline, while ongoing coordination and a multi-stakeholder approach are key to building trust and enabling industry to grow and innovate. Ms. Rich, while noting the FTC's role as an independent agency, agreed with Mr. Schwartz that the various efforts will increasingly harmonize moving forward.
- Aaron Burstein, with the Commerce Department, described the Department's proposed framework as a "first step." Mr. Burstein stressed the need for fair information practice principles ("FIPPs") that address transparency, accountability, data purpose specifications, and use limitations that, if widely-adopted, can form a baseline for data protection in the U.S. In advocating for the FIPPs approach, Mr. Burstein noted that the FIPPs have remained relevant despite large-scale technology changes, and the FIPPs framework is currently respected and followed within the government.
- Mr. Burstein, Mr. Schwartz, and Ms. Rich acknowledged the FTC and Commerce Department views that self-regulation has not advanced to the extent, or with the speed, necessary. Mr. Schwartz remarked that a proliferation of industry privacy tools is inadequate to resolve privacy concerns if such tools are not consumer-friendly and are not incorporated directly into a user's Web experience. Mr. Schwartz described the Commerce Department's role as that of an "impatient convener" that can bring together stakeholders that represent emerging technologies, and encourage problem-solving through innovation. Ms. Rich also stated that industry must take a key role in addressing privacy issues, and highlighted the proposed Do Not Track feature as a challenge placed before the industry. She also stated that the FTC would continue to use the "bully pulpit" to encourage industry progress in these areas.
Panel 2 - Moderated by Kelley Drye Partners Dana Rosenfeld and John Heitmann
- Josh Gottheimer, Senior Counselor to Federal Communications Commission Chairman Julius Genachowski
- David Tannenbaum, Special Counsel, Office of the General Counsel, Federal Communications Commission
- Peter Swire, Professor of Law, Ohio State University; former Obama Administration Special Assistant to the President for Economic Policy, National Economic Council; and former Clinton Administration Chief Counselor for Privacy, U.S. Office of Management and Budget
Panelists discussed technology practices that are likely to attract greater awareness and scrutiny within the coming year, and commented on how current legislative and regulatory efforts might influence deployment of these technologies.
- Former administration official Peter Swire highlighted two privacy areas likely to generate interest on Capitol Hill in the current session: (1) the evolution of acceptable social media practices; and (2) a growing split between "edge" players - those who monetize consumer data through technologies such as deep packet inspection, behavioral targeting and location-based services - and providers in the center who operate the infrastructure over which consumer data flows. Mr. Swire believes that as edge players realize greater benefits from consumer data, infrastructure providers will become increasingly interested in monetizing this information.
The seminar was presented by Kelley Drye's Privacy and Information Security
Dana B. Rosenfeld
Thomas W. Cohen
John J. Heitmann
Alysa Zeltzer Hutnik
Christopher M. Loeffler
Information about the FTC and Commerce Department privacy frameworks can be found, respectively, in Kelley Drye & Warren's December 8, 2010
and December 22, 2010