Privacy groups ask Obama for stronger FTC

About a dozen leading privacy and consumer groups met with members of President-elect Barack Obama's transition team Tuesday to discuss the Federal Trade Commission's role in protecting consumer privacy.

While participating organizations addressed a range of problems and potential solutions, the underlying message was clear: the FTC has for too long allowed industries to self-regulate their online privacy practices--to the detriment of consumers.

"The FTC keeps moving the goal post on what privacy advocates need to prove" before it provides substantive regulation, said Chris Jay Hoofnagle, director of the Berkeley Center for Law and Technology's Information Privacy Programs. "The commission has taken this posture that allowed business interests to win by just showing up. Self-regulation in online privacy has gotten more than a fair shake."

Hoofnagle took part in Tuesday's meeting, along with representatives from the Privacy Rights Clearinghouse, the Consumer Federation of America, the American Civil Liberties Union, the Center for Digital Democracy, the World Privacy Forum, the Electronic Privacy Information Center, the Privacy Times, the Privacy Journal, the Consumers Union, the Electronic Frontier Foundation, and U.S. PIRG, the federation of state Public Interest Research Groups. The groups met with Susan Ness and Phil Weiser, the FTC review team leaders for the Obama transition team.

While the transition's agency review leaders have been seeking insight from numerous sources about the functionality of agencies like the FTC, this meeting was held at the request of the privacy groups, according to Jeff Chester, the executive director of the Center for Digital Democracy.

"We wanted to impress upon the transition team that there are many online privacy issues that need to be the highest priority of the incoming Obama FTC," Chester said. "The last eight years has been a disaster for consumer protection and privacy, and the agency has not really had the interest to work on behalf of consumers to investigate the online ad industry and its harmful and problematic practices."

Along with the need for better regulation of targeted online marketing, the groups discussed the need for more oversight in the data broker industry and privacy policies for medical information, among other things. A range of solutions were offered, from more benchmarks for self-regulated industries to new legislation.

If the FTC is going to let industries self-regulate their privacy policies, it should provide clear benchmarks, Hoofnagle said. Without clearly defining the problems that need to be solved and the measures of success, the commission cannot know when it should intervene, he said.

More regulation for targeted online ads?
The Network Advertising Initiative, for example, is a group of third-party network advertisers including Google and Yahoo that has created its own online behavioral advertising guidelines. The group announced Tuesday it updated its code of conduct, but multiple groups at the meeting with the Obama transition team said that behavioral tracking and targeting is still a problem that the FTC needs to address.

Susan Grant, director of consumer protection at the Consumer Federation, called the practice "deceptive on its face."

"The FTC approach to this issue is emblematic of its timid and inadequate approach to consumer privacy in general over the past several years," she said. "Information is collected by entities with whom people have no relation, without consumers having any idea of what would be done with that information."

The Consumer Federation is calling for the FTC to establish a "Do Not Track" registry, Grant said. The FTC already oversees the Do Not Call Registry, which lets consumers opt out of receiving telemarketing calls. The registry has been very successful, Hoofnagle said, with telemarketers reporting larger profits and more effective results.

"It was a polar opposite from the self-regulatory system," he said. "It seems we can learn from these lessons but the FTC couldn't."

Groups like Center for Digital Democracy are now waiting for Congress to introduce legislation to empower the FTC to better regulate in this area, Chester said.

Congressman Ed Markey (D-Mass.) is, in fact, interested in introducing some type of omnibus electronic privacy legislation next Congress, according to his communications director Jessica Schafer. Though the legislation has yet to be drafted or finalized, it would likely include provisions to protect consumers from online Web tracking used to create targeted online ads, she said. Markey has criticized behavioral tracking in the past.

More oversight of the data broker industry
Multiple groups at Tuesday's meeting also told the transition team that the data broker industry needs better oversight from the FTC.

The Privacy Rights Clearinghouse, a nonprofit consumer rights group, has received numerous complaints from consumers about companies that sell their personal information, including companies that supposedly violate their own privacy policies, according to the Clearinghouse's director Beth Givens.

"This is an unregulated industry that needs to be investigated by the FTC," Givens said. "It's long overdue."

Data brokering may have contributed to the mortgage meltdown of the past year, Hoofnagle said, since Internet users would typically face a deluge of offers from mortgage brokers after making a single inquiry online about how to get a mortgage.

Those who participated in the meeting said it was difficult to gauge the transition team's interest in their ideas.

"They were in fact-gathering mode," Grant said.

One significant improvement Obama could make to the FTC, Hoofnagle said, would be to alter its makeup by appointing a commissioner to with a background in consumer advocacy.

"If you look around they're often antitrust lawyers," he said. "That reflects its important antitrust mission, but that leaves the other half of the mission a little short."

The privacy and consumer advocates also suggested Obama consider creating a national privacy official. The United States and Japan are the only two countries in the developed world that do not have overarching privacy laws or an official who enforces them, said Barry Steinhardt, director of the Technology and Liberty Program for the ACLU.

"It's time for the us to get in the international consensus on that," he said.

[nicmart]

By far the greatest threat to privacy is the government. It remains a perverse paradox that so-called privacy groups are almost always promoting more government. I'll take my chances with private companies. They don't have armies or police forces.

[atici]

Great comment. I was just thinking the same. I think the new buzzword "net neutrality" poses a similar danger of govt interference into internet. What makes internet so great is its inherent freedom and the way it organized itself from the bottom up. Regulation would only help impede its impact.

[scdecade]

Asking the government to protect your privacy is like asking Jeffery Dahmer to go get you a snack. You don't know what he/they are going to bring back but it probably won't be what you'd hoped for.

[iamplatinum]

The FTC and several other workgroups and commissions have made significant accomplishments with respect to privacy during the last eight years--sounds like this group, as others, are jumping on the Bush Administration bashing bandwagon. Several pieces of important privacy legislation, which is non-partisan, have lingered in Congress and the Senate for the last few legislative sessions. Since the Democrats control Congress, I have been surprised to see the legislation go absolutely nowhere, for example, Federal Breach Notification.

Yes, there should be a privacy Czar! That makes a lot of sense, and it would make a lot of sense for the government to get privacy and information security under control in their own sector -- the public sector. Similarly, the advocacy groups should focus on their sector -- the volunteer sector. At least the private sector is attempting to address privacy issues through some industry regulation while the public and volunteer sectors are permitted to handle our information indiscriminately. For example, see the recent study on public sector data breaches: http://www.prweb.com/releases/2008/12/prweb1681734.htm
The results appear to agree with the sentiments of the previous commenters concerning privacy in the public sector.

[Pete Bardo]

Unbelievable! The same government whose courts have declared that no one has a reasonable expectation of privacy on the internet is being asked to enforce privacy (read: protection from advertisers). We have no expectation of privacy when it comes to the government snooping on us, but advertisers doing the same thing commit a cardinal sin.

I saw ads on TV from the same mortgage brokers who spammed me. So I suppose TV broadcasters were implicitly involved in the mortgage meltdown, too. We should get the FTC to require TV broadcasters not accept paid advertising, too. That will definitely solve out economic crisis.

I'm all for privacy. But if my right to privacy does not apply to my government, I have no right to it at all. BTW, I don't recall any mention of the "right" to privacy in our Constitution, although I realize that any right not specifically given to the government is reserved for the people. So the argument is, "Do I really have the right to privacy, or is it just an unsubstantiated claim by these so called privacy advocates?" The courts seem to think that right does not exist.

Maybe all these folks should get together and propose a Constitutional Ammendment establishing and securing the right to privacy for all people.

[stoppoliticalcalls]

No mention of Voter Privacy here. That is, how do campaigns use the existing databases (voter registration) to contact voters without regulations (robo calls, direct mail, internet phone banks, etc..) and how do they use online data such as cookies, IP's, email, etc..

I wrote an Op-Ed in the Washington Post calling for a Voter Privacy Bill of Rights --> http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091202658.html

Shaun Dakin
CEO
StopPoliticalCalls.org