08/03/13

The Need for Privacy Protections: Is Industry Self-Regulation Adequate? | EDUCAUSE.edu

The Need for Privacy Protections: Is Industry Self-Regulation Adequate?

On June 28, 2012, the Senate Commerce, Science, and Transportation Committee held a hearing [1] on the need for consumer privacy protections. The FTC and the Administration have both outlined voluntary industry practices, such as the implementation of Do Not Track options on Web browsers, but they have also said that further legislation is necessary. (See the March 26th blog [2] for information on the FTC consumer privacy report; the February 23rd blog [3] for information about the White Houses report on data privacy and consumer privacy bill of rights; and the March 12th blog [4] for information on NTIAs efforts to seek input on the Administrations consumer privacy bill of rights.) Chairman Rockefeller (D-WVA) opened the hearing by saying, In conjunction with the White House and FTC reports, the Digital Advertising Alliance (DAA) has announced that its member online companies will stop collecting personal information from those consumers who tell them to stop doing so. However, DAA also states that companies will still collect information on these very same consumers for market research and product development. These exceptions are so broad- they could swallow the rule. Market research and product development could encompass almost anything. Today, I want to hear from our witnesses what consumers should expect when they tell online companies that they do not want their information collected for any purpose other than the functionality of the service. No one wants to break the Internet. But what many of us want is an Internet where consumers have some control over their personal information. As I stated, I have learned that self-regulation is inherently one-sided, and that the interests of consumers are often sacrificed for the demands of the bottom-line. Sen. John Kerry (D-MA) used his opening statement to argue that industry selfregulation would not be enough to protect consumers' privacy. He said, we believe that even under the best self-regulatory proposals, industry is still not
www.educause.edu/blogs/cheverij/need-privacy-protections-industry-self-regulation-adequate 1/3

08/03/13

The Need for Privacy Protections: Is Industry Self-Regulation Adequate? | EDUCAUSE.edu

granting the individual real control and real choices. Some in industry have agreed not to use a persons information to target advertising to them, but they still fully intend to track consumers and their behavior and draw conclusions about them. They still intend to use that information with or without peoples consent for purposes unrelated to any specific transaction or service." Witnesses included [5]: Bob Liodice - President and CEO, Association of National Advertisers Peter Swire - C. William O'Neill Professor of Law, The Ohio State University Berin Szoka - President, TechFreedom Alex Fowler - Global Privacy and Policy Leader, Mozilla The witnesses represented various viewpoints on the subject. Swire testified that most consumers do not know how much info is being collected on them by websites; and, that it is only when the government and the press pay attention, do companies strongly enforce self-regulation, which is why legislation is necessary. On the other side, Liodice said, I do not think we need a clear Do Not Track, especially for cybersecurity reasons because if we block or limit collecting data we wont be able to pass on information to local law enforcement. Privacy legislation is not a welcome proposition for some of the Internet's largest companies including Facebook and Google which is why they have been lobbying furiously on the issue. Any change in how companies can collect and use consumer information would have significant implications for social media firms, many of which are banking on being able to monetize the large amount of user data they have collected. But Democrats face an uphill battle to pass a privacy bill, with stiff opposition expected from both Silicon Valley and the GOP. Given the current political landscape, industry self-regulation looks likely to be the only realistic option for privacy advocates in the short-term. EDUCAUSE will continue to monitor and report on this privacy issue.

1. http://commerce.senate.gov/public/index.cfm? p=Hearings&ContentRecord_id=aa018084-ceea-472c-af6397d7f44fac80&ContentType_id=14f995b9-dfa5-407a-9d35www.educause.edu/blogs/cheverij/need-privacy-protections-industry-self-regulation-adequate 2/3

08/03/13

The Need for Privacy Protections: Is Industry Self-Regulation Adequate? | EDUCAUSE.edu

56cc7152a7ed&Group_id=b06c39af-e033-4cba-9221de668ca1978a&MonthDisplay=6&YearDisplay=2012 2. http://www.educause.edu/blogs/cheverij/federal-trade-commission-releases-its-finalreport-protecting-consumer-privacy 3. http://www.educause.edu/blogs/rodney/white-house-releases-report-consumer-dataprivacy-networked-world 4. http://www.educause.edu/blogs/rodney/request-comments-multistakeholder-processdevelop-consumer-data-privacy-codes-conduct 5. http://commerce.senate.gov/public/index.cfm? p=Hearings&ContentRecord_id=aa018084-ceea-472c-af6397d7f44fac80&ContentType_id=14f995b9-dfa5-407a-9d3556cc7152a7ed&Group_id=b06c39af-e033-4cba-9221de668ca1978a&MonthDisplay=6&YearDisplay=2012

www.educause.edu/blogs/cheverij/need-privacy-protections-industry-self-regulation-adequate

3/3