{"id":153,"date":"2009-12-08T01:49:49","date_gmt":"2009-12-08T08:49:49","guid":{"rendered":"http:\/\/www.aarontitus.net\/blog\/?p=153"},"modified":"2010-01-09T10:55:40","modified_gmt":"2010-01-09T17:55:40","slug":"highlights-from-the-ftcs-privacy-roundtable-part-1","status":"publish","type":"post","link":"http:\/\/www.aarontitus.net\/blog\/2009\/12\/08\/highlights-from-the-ftcs-privacy-roundtable-part-1\/","title":{"rendered":"Highlights From the FTC&#8217;s Privacy Roundtable: Part 1"},"content":{"rendered":"<p><em>Note: This article originally appeared on the <a href=\"http:\/\/www.jeffreyneu.com\/20091208244\/Highlights-From-the-FTC-s-Privacy-Roundtable-Part-1.html\">J.C. Neu &amp; Associates Blog<\/a><\/em><\/p>\n<p>The FTC&rsquo;s December 7th <a href=\"http:\/\/www.ftc.gov\/bcp\/workshops\/privacyroundtables\/index.shtml\">Privacy Roundtable<\/a> assembled a Who&rsquo;s Who of privacy luminaries, academics, advocates, and industry players.  This post highlights some of the more interesting comments from the meeting.  I also tweeted the event (<a href=\"http:\/\/twitter.com\/aarontitus\">@aarontitus<\/a>, <a href=\"http:\/\/search.twitter.com\/search?q=#FTC+#Privacy\">#FTC #Privacy<\/a> or <a href=\"http:\/\/search.twitter.com\/search?q=#ftcpriv\">#ftcpriv<\/a>) and the FTC has <a href=\"http:\/\/http.earthcache.net\/htc-01.media.qualitytech.com\/COMP008760MOD1\/FTC2\/120709_ftc_sess1live\/index.htm\">posted the webcast <\/a> if you missed it.&nbsp; The next Roundtable is scheduled for <a href=\"http:\/\/www.ftc.gov\/bcp\/workshops\/privacyroundtables\/index.shtml\">January 28, 2010<\/a> in Berkeley, CA and will also be broadcast online.<\/p>\n<p>The meeting consisted of five panels. This posts highlights &quot;Panel 5: Exploring Existing Regulatory Frameworks:&quot; <\/p>\n<ul>\n<li>During Session 5, <a href=\"http:\/\/www.intuit.com\/\">Intuit&#8217;s<\/a> Chief Privacy Officer <strong> Barbara Lawler<\/strong> posited that existing regulatory frameworks unfairly place the entire burden on consumers to protect themselves.  &quot;Consumers should expect a safe marketplace. They shouldn&#8217;t be the ones to police the marketplace,&quot; she said.<\/li>\n<li><strong> Barbara Lawler<\/strong> also noted that &quot;Data is never really at rest,&quot; because it&#8217;s moving between data centers and backups in multiple locations throughout the globe.  It is therefore incorrect to think of data, especially Cloud data, as being in one place.  Instead, &quot;data is in one place and many places at the same time,&quot; potentially in multiple jurisdictions.<\/li>\n<li><strong> Evan Hendricks<\/strong> of <a href=\"http:\/\/www.privacytimes.com\/\"><em>Privacy Times<\/em><\/a> and <strong>Marc Rotenberg<\/strong> of <a href=\"http:\/\/www.epic.org\">EPIC<\/a> suggested that the current model of &quot;Notice and Consent&quot; has failed to protect consumers, and that the FTC (and legislation in general) should return to well-established Fair Information Practices (FIPs), including a prohibition on &quot;secret databases.&quot; Mr. Rotenberg went so far as to conclude that Notice and Choice principles are not a subset of FIPs, but instead &quot;stand in opposition to fair information practices.&quot;  He also joked that &quot;the best part of Graham-Leach-Bliley  Act is that you get paper notices you can tape on your window and get more privacy.&quot;<\/li>\n<li><strong>Ira Rubinstein<\/strong> of <a href=\"http:\/\/www.law.nyu.edu\/index.htm\">New York University School of Law<\/a> proposed that self-regulation is not binary or &quot;monolithic,&quot; and that a self-regulatory scheme would be preferable, especially if viewed as a &quot;continuum, based on government intervention.&quot;  He argued that self-regulation would be especially appropriate in the United States, which has traditionally been very friendly to e-commerce.<\/li>\n<li><strong>Michael Donohue<\/strong> of <a href=\"http:\/\/www.oecd.org\/\">OECD<\/a> gave an overview of international legal concepts of privacy which generally agreeing with Marc Rotenberg&#8217;s observation that &quot;most countries have come to surprisingly similar conclusions about privacy.&quot;<\/li>\n<li><strong>J. Howard Beales<\/strong> of the <a href=\"http:\/\/business.gwu.edu\/index.cfm\">GWU School of Business<\/a> argued in favor of a &quot;harm-based model,&quot; because it is impossible to reach the best solution without first defining the harm.  Marc Rotenberg responded that privacy harms are almost never financial. <\/li>\n<li>Several panelists emphasized that privacy can be highly (and appropriately) subjective. One cited an example from a balding friend of his, &quot;I don&#8217;t care if anyone knows that I use Rogaine, but my 70-year-old grandmother would.&quot;<\/li>\n<li><strong>Fred Cate<\/strong> of the <a href=\"http:\/\/cacr.iu.edu\/\">Center for Applied Cybersecurity Research<\/a> emphasized that the Notice and Consent model is flawed because some activities should not be consentable.  For example, one may not &quot;consent&quot; to be served fraudulent or misleading advertising. Likewise, some uses of personal information should be prohibited and non-consentable. Most importantly, Notice and Choice are only <em>tools<\/em>&#8211; not the goal of privacy.<\/li>\n<li>After Panel 5 was done, Bureau of Consumer Protection Director <strong>David C. Vladeck<\/strong> said the FTC would investigate whether it is better to give consumers notice how their personal information may be used: 1. At the time of collection, or 2. At the time of use.<\/li>\n<li><strong>David C. Vladeck<\/strong> also said that the data broker industry warranted FTC attention because it is &quot;largely invisible to the consumer.&quot; <\/li>\n<\/ul>\n<p>More highlights on the other sessions to come.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Note: This article originally appeared on the J.C. Neu &amp; Associates Blog The FTC&rsquo;s December 7th Privacy Roundtable assembled a Who&rsquo;s Who of privacy luminaries, academics, advocates, and industry players. This post highlights some of the more interesting comments from the meeting. I also tweeted the event (@aarontitus, #FTC #Privacy or #ftcpriv) and the FTC [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,8],"tags":[],"_links":{"self":[{"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/posts\/153"}],"collection":[{"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/comments?post=153"}],"version-history":[{"count":2,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions"}],"predecessor-version":[{"id":160,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/posts\/153\/revisions\/160"}],"wp:attachment":[{"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/media?parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/categories?post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.aarontitus.net\/blog\/wp-json\/wp\/v2\/tags?post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}