Well it certainly is not 1939 and this story doesn’t tell about a single man’s effect on American politics as the title conveys, but it is about a bit of the things I did see last week during one of my visits to Washington D.C.
For the entire month of March I was in and out of beautiful Washington D.C. meeting with different groups and people who have an effect on marketing and privacy. As you know I was just there for a meeting a few weeks ago where I spent the day at the United States Institute of Peace in Washington D.C attending the EU Conference on Privacy and Protection of Personal Data which today still has a ring in my ear of how fragmented we as a world are when it comes to government imposed privacy regulations that affect the Internet.
On March 26, the DMA hosted its annual policy conference, DMA in DC 2012 in which we heard from representatives of the nation’s enforcers of consumer protection laws. We had dinner with Representative Mary Bono Mack (R-CA) who heads the House Energy and Commerce subcommittee taking the lead on the privacy issues. In her remarks she said that Congress has considerable work to do to understand data privacy issues before deciding what, if any, sort of privacy legislation is needed. She did praise us for hard work on self-regulation and she did recognize the need for more security regulations to address the real problems with Internet.
That same day in the morning the FTC released their report and within thirty (30) minutes of that release we were treated to a lunch and keynote from FTC Commissioner Julie Brilll covering the report. In her note she said.
- The FTC would be vigilant in enforcing self-regulatory codes of conduct among companies in the area of data privacy
- A company’s failure to live up to a voluntary code of conduct would act as a scarlet letter in an FTC enforcement action which we’ve already seen heavily in the last year.
- They were interested in developing of sector-specific codes of conduct, meaning tackling specific issues with specific regulations vs. umbrella regulations.
You can see her entire keynote in more detail here
To save me time here, I am copying from the FTC site here. The final privacy report also expands on a preliminary staff report the FTC issued in December 2010. The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including:
- Privacy by Design - companies should build in consumers’ privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy. This is a wonderful concept invented and championed by Ontario Privacy Commissioner Ann Cavoukian and one in which Eloqua is taking head on by having her present it to our engineers last year and us putting into play process to help manage the concept.
- Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Greater Transparency - companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
The final report also notes that the FTC received over 450 comments on the staff’s preliminary recommendations. Based on technological advances and industry developments since the December 2010 staff report and in response to the comments. The report refines the guidance for when companies should provide consumers with choice about how their data is used. While Congress considers privacy legislation, the Commission also urges individual companies and self-regulatory bodies to accelerate the adoption of the principles contained in the privacy framework.
Over the course of the next year, Commission staff will work to encourage consumer privacy protections by focusing on five main action items:
- Do-Not-Track - The Commission commends the progress made in this area: browser vendors have developed tools to allow consumers to limit data collection about them, the Digital Advertising Alliance has developed its own icon-based system and also committed to honor the browser tools, and the World Wide Web Consortium standards-setting body is developing standards. We are confident that we as an industry can continue the self-regulatory efforts without legislation and the FTC agrees in their report
- Mobile - The FTC urges companies offering mobile services to work toward improved privacy protections, including “short” and meaningful disclosures. To that end, it will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens. If you haven’t seen TRUSTe’s mobile-optimized privacy notice, I suggest you check it out here
- Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information. As a personal note, I’m all for this idea to some extent. As an individual who tends to get a lot of junk and bulk marketing I want to know more about who has my information and how to prevent them from selling it. I’ve never been a huge supporter of data brokers whether it is legal or not. However, in context of what the FTC proposed here this will be a difficult thing to do as a centralized service.
- Large Platform Providers - The report cited heightened privacy concerns about the extent to which platforms, such as Internet Service Providers, operating systems, browsers and social media companies, seek to comprehensively track consumers’ online activities. The FTC will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking. I know the guys at The Messaging Anti-Abuse Working Group (MAAWG) will be watching this one as it could affect feedback loops and other legal and effective anti-spam services they use.
- Promoting Enforceable Self-Regulatory Codes - And again, the FTC will work with the Department of Commerce and stakeholders to develop industry-specific codes of conduct. To the extent that strong privacy codes are developed, when companies adhere to these codes, the FTC will take that into account in its law enforcement efforts. If companies do not honor the codes they sign up for, they could be subject to FTC enforcement actions.
The following day, I joined DMA’s Government Affairs team and other member companies for a series of Capitol Hill meetings, advocating directly on the issues of privacy and data security proposals. We with the offices of Senators Susan Collins (R-ME), Al Franken (D-MN), Mark R. Warner (D-VA), Michael F. Bennet (D-CO), Tom Carper (D-DE), Jim DeMint (R-SC), Pat Toomey (R-PA), John F. Kerry (D-MA), Scott Brown (R-MA), Joe Lieberman (I-CT), as well as Representatives Cliff Stearns (R-FL), G. K. Butterfield (D-NC), Marsha Blackburn (R-TN), John B. Larson (D-CT), Stephen Lynch (D-MA 9), Elijah Cummings (D-MD 7) and Adam Kinzinger (R-IL).
All in all, another wonderful trip to Washington D.C. in which we heard some great news about our ongoing efforts to build transparent and easy choices for consumers in many of our platforms. Most officials seem very happy with the way things are going and asked us to continue to push our objectives forward without the immediate need for government imposed regulations. There is lots more work to be done here though so not much time to relax.