FTC Privacy Roundtable 2.0: Technology and Privacy
On January 28, the Federal Trade Commission held its second "Exploring Privacy" roundtable to discuss privacy concerns raised by technology. In anticipation, we blogged about it generally, and explored two of the panel topics in detail (cloud computing and social networking).
Privacy and consumer choice—whether through privacy enhancing technologies, consumer education, FTC regulation, improved notice and transparency—was the order of the day.
FTC Commissioner Pamela Jones Harbour opened the proceedings, contending that privacy remained important in today's technological world, while Director David Vladeck emphasized a troubling "technological arms race," where for every technology that aids user privacy, tools are developed that defeat consumer choice. One of the first discussions of the day, on Flash cookies, illustrated his point: companies deliberately started to use Flash cookies to be able to continue tracking users who had exhibited a clear intent not to be tracked by deleting normal browser cookies.
Experts from the ACLU of Northern California participated on the social networking and enterprise cloud computing panels. The ACLU of Northern California's Chris Conley focused on privacy concerns stemming from third party application access to personal data on social networking sites. On the business-to-business cloud computing panel, the ACLU of Northern California's Nicole Ozer noted that many current B2B contracts do not adequately protect the privacy of consumer records - giving the cloud company broad discretion to disclose information in response to third party (including government) demands. At the FTC Roundtable, we also released our new issue paper discussing privacy concerns with consumer cloud computing - Cloud Computing: Storm Warning for Privacy.
It's no surprise that the businesses represented (Google, Yahoo!, LinkedIn, Nokia) generally advocated against broad legislation or regulation, and instead suggested that the FTC focus on "bad actors" who abuse personal information. Meanwhile consumer and privacy advocates noted that existing federal privacy law is "incredibly decrepit and woefully inadequate," that many privacy problems could be avoided if companies retained less personal data, and that even the self-professed "good" actors collect and use personal data in ways users do not expect or understand.
"We absolutely compete on privacy."
Representatives of Google, Facebook, and LinkedIn rushed to proclaim the importance of privacy. Nicole Wong of Google stated, "we absolutely compete on privacy," and Erika Rottenberg of LinkedIn claimed that if a company breaches user trust the user will simply move to another platform, so companies take privacy seriously.
But how can Google "compete on privacy" when it is weighing cooperation with the NSA and refuses to admit how often customer information is turned over to the government or third parties? How can a Facebook user really evaluate Facebook privacy when many don't know that using a third party application can give the application access to their personal information and even that of their friends? That's why in our public comments, we urged the FTC (1) to support an annual company report of all information requests and disclosures a company receives or makes to third parties and the government, and (2) to pressure social networking companies to address privacy problems and better protect our personal information from potential misuse.
Please join us and tell companies and policy makers that you want to know how often companies share your personal information. Also, sign our petition to Facebook and tell it that you demand more control over your personal information.
For more information on how to protect your privacy online, visit the Demand Your dotRights site at dotRights.org.