Privacy On Track (Revised 1.27.11) Saira Nayak Aba Consumer Meeting
1. Reading the Tea Leaves:
Is Privacy Regulation
on Track for Web 3.0?
ABA 2011 Consumer Protection Conference
Saira Nayak
Nayak Strategies
2. The US Data Protection Framework
1. Federal Laws & Regs – COPPA, HIPAA, etc.
2. Federal Guidance – FTC, Commerce Reports
3. State analogues to federal laws - e.g. CA’s SB1
4. State Data Breach & Security laws
5. Marketing Communications laws – TCPA, CAN-
SPAM, Junk Fax Protection Act etc.
6. Laws Compelling Disclosure – ECPA, FOIA
7. Self-Regulatory frameworks - Digital Advertising
Alliance (www.aboutads.com), BBB Interest Based
Advertising Project, NAI
3. Criticisms of a Sectoral System
• Technological Relevancy
• Inefficient oversight by regulators and
overlapping regulatory obligations
• Inadequate or insufficient enforcement
mechanisms
Will the proposed frameworks identified in
the FTC Report and Commerce Green
Paper address these criticisms?
Yes, to some extent.
4. Web 1.0
Published Content Website
• The mostly “read-only” web
• One way interaction between websites and users
• 1996 - 250,000 sites, 45 million users
• Privacy concerns: ID theft, spam, spyware
• FTC approach: notice & choice, harms-based
5. Web 2.0 Website
Affiliate
Published Content
Website
Website Affiliate
Uploaded Content
• The ”read-write” or social web
• Two-way interaction between users and websites
• 2009 – over 250 million sites, nearly 2 billion users
• 90 trillion emails sent, 1 billion videos viewed on YouTube
• Privacy concerns: new business models (OBA, geo-marketing)
• FTC approach: FTC Privacy Report
6. Web 3.0 - Characteristics
• The Semantic Web – web technologies that help
computers understand the meaning or “semantics”
of information.
• The Personalized Web – web technologies that
become more customized to personal preferences
and are easier to use.
• The Visual Web – web technologies that highlight
the convergence of the physical and virtual world.
E.g. video that is disseminated widely across
platforms - TVs, laptops, tablets, mobile devices
7. Web 3.0
“The Semantic Web is a web of data that can
be processed directly and indirectly by
machines…”
- Tim Berners-Lee
9. Web 3.0 - Search
Algorithmic search result
Local search result
Social search result
10. FTC Privacy Report
“A forward-looking policy vehicle for
approaching privacy in light of new
practices and business models.”
-FTC Privacy Report, page 39
The Challenge: Creating a framework
that protects consumer privacy and
fosters innovation at the same time…
11. FTC Privacy Framework
Four “building-blocks” of the FTC’s
proposed privacy framework:
• Scope
• Privacy by Design
• Simplified Choice
• Transparency
12. Commerce Green Paper
Four policy recommendations:
• Encouraging consumer trust through a
revitalized set of FIPPs
• Encouraging development of voluntary
codes of conduct; PPO
• Global privacy interoperability
• Ensure that security breach notification
rules are nationally consistent
13. Scope
FTC – Commercial entities that collect or use
consumer data that can be reasonably linked
to a consumer, computer or other device.”
Reading the tea leaves…
• Increased use of online and offline data in
web 3.0 personalization
• The evolution of the “reasonably linked”
concept will be particularly important
• Concern: what if there is no nexus between
the consumer and the computer/device
14. Privacy by Design/ FIPPs v. 2
FTC Report – emphasize consumer privacy
at “every stage” of product development
Commerce –a revitalized FIPPs for Web 3.0
Reading the tea leaves…
• Rising role for Access in Privacy 3.0
• Data portability will provide a new area
for companies to compete and innovate
• Concern: Companies will need to balance
personalization with privacy in Web 3.0
15. Simplified Choice
FTC recommends that choice be offered in a
timely and contextually relevant manner.
Reading the tea leaves…
• The list of “commonly accepted practices”
will get broader with Web 3.0
• Innovation in choice mechanisms that
promote information flow
• Concern: Will initiatives like “Do-Not-Track”
cause users to opt-out entirely from the
“Semantic Web”?
16. Transparency
Both reports see a strong relation between
transparency and informed choice.
Reading the tea leaves…
• Definition of “material change” will continue
to evolve based on web habits
• Expanded definition of privacy notice to
include alternate notice mechanisms (just in
time, short notices for mobile), etc.
• Larger role for machine readable policies
17. On Track?
Generally, yes.
Suggestions to stay that way?
• Continue close interaction with industry
to address technological relevancy concerns
• Address enforcement gaps with expanded
role for voluntary, self-regulatory regimes
• Encourage the development of privacy as a
competitive differentiator for web 3.0
technologies.