Privacy Protection: Going Global
A Conversation with David Vladeck, Director, Bureau of Consumer Protection, U.S. Federal Trade Commission; hosted by Jonathan Ewert, President, TransforMedia LLC
JE: Big data: cars that talk to each other; cars that talk to people. New requirements will be placed on companies that create enterprise apps. What is actually happening legislatively?
DV: Dominant framework for consumer privacy was notice and choice until about 3 years ago: complicated legalese and opt-out.
This does not map to the mobile era. FTC and EU embarked on a reworking of privacy.
Two competing models are emerging: US vs. EU
- US: Built on
- Fundamental privacy legislation, soft data collection restrictions, self-regulatory process
- gives consumers control over their own data
- transparent data practices
- better data security
- access and accountability
- enforcement by the FTC
- We don’t have monopoly on wisdom and we don’t want to interfere with innovation
- EU: Non-binding directives
- EU data collection directive
- cookie fight: whether cos can use cookies without consent
- decentralized
- 6 months ago EU proposed sweeping overhaul of law with worrying factors
- “Right to be forgot”
- Rights of portability
- special rules for children
- strict regulation of data security
- claim of worldwide jurisdiction
- interoperability of data transfers are cast down upon
- Need to get both council of Europe and another body to adapt these measures
- EU is rule-driven. Any violation of rule makes an entity subject to sanctions
- Us has crafted our policies by way of enforcement actions
JE: What should big companies be thinking about?
DV: Cloud provides innovation benefits, so it’s here to stay. From the EU’s is concerned about cloud. Want to see servers that serve the EU within the EU>
Big cloud service providers tend to provide very robust security measures. Security breaches that we’ve seen have nothing to do with the fact that the data is in the cloud.
EU’s changes would put larger U.S. companies at risk, who will struggle to meet some of the more demanding aspects of EU, like right to delete any information from the web. Under EU law, if someone else posts a picture of you, you have the right to ask FB to figure out who d/l the photo of you, and police the rest of the web. That’s an enormous burden.
This debate will have global ramifications as S. America and Asia look to us to figure out how and what to do themselves.
It’s one thing to give up your data to Google and get ads that target your browsing history, it’s another thing to be able to sell information about your browsing habits to insurers, etc.
Europeans are really concerned about initial data collection. The US wants to give consumers more control over their data, but doesn’t want to prohibit them from giving it out.
Burdens
- Companies collecting data have obligation to safeguard that data.
- Be transparent: If you’re taking data and selling it to data broker, that should be a choice.
- Wary of take-it or leave-it offers, especially from large platforms.
- The ability to operate a platform lets you track millions of consumers across the web. Should those platforms be able to access your browsing history?