Whispers of Consensus Among Stakeholders at NTIA Privacy Meeting
Hundreds of privacy experts began to form an early consensus around mobile privacy guidelines Thursday during the first NTIA privacy multi-stakeholder meeting in Washington. Generally stakeholders focused on the principles of transparency and standardization in the mobile environment while urging a technologically neutral privacy solution that can be eventually codified into law. Though the event ended with few conclusive results, John Verdi, NTIA’s director of privacy initiatives, said the agency will likely host a subsequent multistakeholder meeting in August.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Stakeholders generally agreed that consumers should understand who is collecting their data, what they are using it for, and where, when and how they collect it. They also urged an open, secure and universal notification regime with tools and information that are simple enough for teens and children to understand. The event was webcast and offered a conference bridge for remote participants to broadcast their comments over speakers inside the auditorium.
NTIA Administrator Larry Strickling described the discussions as “very productive, very successful and a very strong footing to move forward and do this.” The event marked “the first step in a journey that will result in a code of conduct for mobile applications,” he said. Throughout the event Strickling quietly paced up and down the auditorium, stopping at one point to chat privately with the White House Deputy Chief Technology Officer for Internet Policy Danny Weitzner, who was also in attendance.
Strickling said that NTIA’s role in the process is to coordinate the discussions rather than lead them. “The goal of the process is not to reach any consensus today but to surface issues and topics for exploring in future agendas. … There is no playbook for what we are going to do today and in subsequent meetings. The success of this process very quickly will be in your hands.”
Strickling later told reporters that the agency is “continuing to look at” drafting formal privacy legislation. “We want to work with Congress on legislation so we are certainly thinking about it,” he said. Strickling hinted that NTIA drafted legislation may come in 2012: “I wouldn’t rule out this year. We are working with the administration.”
Consumer privacy advocates said that policymakers should avoid discussing the concept of transparency without first addressing the other fair information practice principles (FIPS). ACLU Legislative Counsel Chris Calabrese said that simply discussing a mobile transparency is “not sufficient” and “of no value” without a discussion of all the FIPS first. According to the FTC, the five core principles of privacy protection must incorporate: notice/awareness; choice/consent; access/participation; integrity/security; and enforcement/redress. “A description of an unfair system is relatively valueless,” Calabrese said. “We need other elements of FIPS first to capture the broad range of elements of substantive rights.”
Morgan Reed, director of the Association of Competitive Technology told reporters there is certainly common ground for app developers and privacy groups. “I think you have to look at transparency more broadly because information that is collected through a mobile device is shared through all sorts of things. … You can’t just look at mobile apps as a narrow definition and think that you'll be one and done on transparency around mobile applications. The scope of what is a mobile application is too amorphous and changing all the time.” Reed suggested that privacy stakeholders dedicate some time to define what a mobile application actually is. “It can’t be too granular, it has to rise above that.”
Application Developers Alliance President, Jon Potter said that his members are very interested in the privacy talks. App developers “don’t like getting sued, they don’t like getting letters from Congress and they don’t like getting bad press.” Potter said that developers prefer a universal notification process that enables users to know what data are being collected. Potter also added that he was concerned that the forthcoming guidelines might create a negative user experience for consumers. “We can’t ignore the user experience … that is what consumers are buying.”
Stakeholders should consider the benefits of implementing mobile consumer privacy tools like universal notification icons said Stu Ingis, a partner at Venable and privacy counsel for the Direct Marketing Association, the Interactive Advertising Bureau (IAB) and the Digital Advertising Alliance. IAB has already implemented its Ad Choices opt-out icon into many online advertisements to help consumers understand and control how their data is collected. In February groups representing the largest online ad companies also committed to implement do-not-track technologies into most major Web browsers to enable greater user control over online tracking (CD Feb 24 p1).
Facebook’s Chief Privacy Officer Erin Egan echoed the notion of using privacy icons to provide consumers with simplified transparency and control over their data. Egan said there is “real value” in having detailed privacy policy complemented with “something simple” for mobile notice in addition to “just in time context” for users. Egan told us later that the NTIA process is very important to the company and she’s looking forward to seeing what other common themes emerge from the discussions.