Insights from Kelley Drye’s 3rd Annual Privacy Seminar

Kelley Drye Client Advisory

On January 21, 2011, Kelley Drye & Warren hosted the seminar and audiocast, Privacy By Design, Choice, and Transparency: What a New Framework Will Mean for Business and Technology.” The seminar highlighted key regulatory and legislative developments in privacy and information security law during the past year.

Dana Rosenfeld, Kelley Drye partner and chair of the firm’s Privacy and Information Security practice, opened the seminar by reflecting on the emphasis in 2010 and going forward for 2011 on bringing greater clarity to commercial privacy practices for the benefit of both consumers and commercial entities. Six experts representing the federal agencies and policymakers integral to recent privacy initiatives spoke during two separate panel sessions. The first panel reviewed and expanded upon the separate privacy frameworks released in December 2010 by the Federal Trade Commission (“FTC”) and the U.S. Department of Commerce1. The second panel included a discussion on the confluence of privacy policy and broadband adoption, along with perspectives on the privacy themes of greatest interest to the new Congress. This advisory provides an overview of the key takeaways from each panel.

Panel 1 - Moderated by Kelley Drye Partners Alysa Hutnik and Tom Cohen

  • Jessica Rich, Deputy Director, Bureau of Consumer Protection, Federal Trade Commission
  • Ari Schwartz, Senior Internet Policy Advisor, National Institute of Standards and Technology, U.S. Department of Commerce
  • Aaron Burstein, Telecommunications Policy Analyst, National Telecommunications and Information Administration, U.S. Department of Commerce

Panelists discussed the catalysts behind the proposed privacy frameworks, and emphasized common ground between the two approaches, as both the FTC and Commerce Department seek a balance of greater consumer protection, more robust self-regulation, and continued industry competition and innovation.
  • Jessica Rich, with the FTC, stated that the FTC’s framework is neither an enforcement document nor a proposed regulation. The framework addresses whether current laws are keeping pace with ongoing technology advances, and positions the FTC as a thought leader on a potential privacy model. Ms. Rich noted that the privacy roundtables conducted by the FTC in 2010 generated a high level of agreement among industry and privacy group stakeholders on the need to address areas such as data aggregation, as well as existing business models that don’t fit squarely within existing regulatory or non-regulatory frameworks. Ms. Rich emphasized that, regardless of the technology at issue, there will remain a need for central concepts and a vocabulary (e.g. meaningful choice,” transparency,” etc.) that resonate with consumers, and can be leveraged across various technology platforms.
  • Panelists noted that the two privacy frameworks include largely consistent themes, and discussed the likely extent of agency coordination moving forward. Ari Schwartz, with the Commerce Department, stated that privacy is one of several areas under a Commerce Department review of broader Internet policy, and he expects some level of ongoing agency coordination. Mr. Schwartz did not speculate on the final outcome of current efforts, but he anticipates that existing fair information practices will continue to serve as a baseline, while ongoing coordination and a multi-stakeholder approach are key to building trust and enabling industry to grow and innovate. Ms. Rich, while noting the FTC’s role as an independent agency, agreed with Mr. Schwartz that the various efforts will increasingly harmonize moving forward.
  • Aaron Burstein, with the Commerce Department, described the Department’s proposed framework as a first step.” Mr. Burstein stressed the need for fair information practice principles (“FIPPs”) that address transparency, accountability, data purpose specifications, and use limitations that, if widely-adopted, can form a baseline for data protection in the U.S. In advocating for the FIPPs approach, Mr. Burstein noted that the FIPPs have remained relevant despite large-scale technology changes, and the FIPPs framework is currently respected and followed within the government.
  • Mr. Burstein, Mr. Schwartz, and Ms. Rich acknowledged the FTC and Commerce Department views that self-regulation has not advanced to the extent, or with the speed, necessary. Mr. Schwartz remarked that a proliferation of industry privacy tools is inadequate to resolve privacy concerns if such tools are not consumer-friendly and are not incorporated directly into a user’s Web experience. Mr. Schwartz described the Commerce Department’s role as that of an impatient convener” that can bring together stakeholders that represent emerging technologies, and encourage problem-solving through innovation. Ms. Rich also stated that industry must take a key role in addressing privacy issues, and highlighted the proposed Do Not Track feature as a challenge placed before the industry. She also stated that the FTC would continue to use the bully pulpit” to encourage industry progress in these areas.
 

Panel 2 - Moderated by Kelley Drye Partner Dana Rosenfeld

  • Josh Gottheimer, Senior Counselor to Federal Communications Commission Chairman Julius Genachowski
  • David Tannenbaum, Special Counsel, Office of the General Counsel, Federal Communications Commission
  • Peter Swire, Professor of Law, Ohio State University; former Obama Administration Special Assistant to the President for Economic Policy, National Economic Council; and former Clinton Administration Chief Counselor for Privacy, U.S. Office of Management and Budget

Panelists discussed technology practices that are likely to attract greater awareness and scrutiny within the coming year, and commented on how current legislative and regulatory efforts might influence deployment of these technologies.
  • The FCC’s Josh Gottheimer, commenting on the link between privacy and broadband adoption, stated that consumers are less likely to engage new technologies, regardless of the benefits, if privacy concerns are not addressed. Thus, the FCC’s priorities include (1) promoting broadband and privacy in tandem; (2) encouraging providers to improve transparency and manage data in a way that protects consumers; and (3) using the FCC’s enforcement powers when necessary. Mr. Gottheimer cited third-party data sharing and location-based services in the mobile space as two areas of ongoing interest for the FCC. The FCC’s David Tannenbaum noted that the Commission continues to educate itself on privacy issues in order to determine how it can best play a constructive role in shaping privacy policy.
  • Former administration official Peter Swire highlighted two privacy areas likely to generate interest on Capitol Hill in the current session: (1) the evolution of acceptable social media practices; and (2) a growing split between edge” players - those who monetize consumer data through technologies such as deep packet inspection, behavioral targeting and location-based services - and providers in the center who operate the infrastructure over which consumer data flows. Mr. Swire believes that as edge players realize greater benefits from consumer data, infrastructure providers will become increasingly interested in monetizing this information.
  • Panelists discussed the need for a privacy policy function within the Executive Branch that would complement existing agency privacy efforts. Mr. Swire, for example, believes that a privacy stakeholder at the administration level would be in the best position to harmonize the efforts of a large cross-section of government organizations that must factor privacy into their planning (e.g. the Department of Energy and its Smart Grid initiative, the Department of Health and Human Services, etc.). Such a broad-based approach would complement the more nimble FTC efforts toward responding to privacy and data security issues.

The seminar was presented by Kelley Drye’s Privacy and Information Security and Communications practice groups.

Dana B. Rosenfeld
(202) 342-8588
drosenfeld@​kelleydrye.​com

Thomas W. Cohen
(202) 342-8451
tcohen@​kelleydrye.​com

Alysa Zeltzer Hutnik
(202) 342-8603
ahutnik@​kelleydrye.​com

1 Information about the FTC and Commerce Department privacy frameworks can be found, respectively, in Kelley Drye & Warren’s December 8, 2010 and December 22, 2010 client advisories.