Areas of Law
Topics
Advanced Search
FTC to "Rethink" Approach to Privacy Protections
June 19, 2009 | Posted by Barry Reingold | Print this page | E-mail the editor
Topic: Commentary

The keynote speaker at the ABA Consumer Protection conference in DC on June 18, 2009 was Bureau of Consumer Protection Director Dave Vladeck. He identified as one of this goals "rethinking" the agency's approach to privacy issues. He asked for the audience's "help," meaning the agency will probably convene a town hall meeting this fall to address these issues. We and our clients are all invited to attend. A synopsis of his substantive views follows.

Over the past ten years the agency has followed two approaches. Neither has worked well. The first was notice and consent. But consumers don't know what they are consenting so, especially regarding secondary uses of their data. The second was a "harm" approach like GLB. Certain data collection practices pose privacy risks so great that we protect consumers by banning or imposing defined obligations on the practices, regardless of what the collecting firm has disclosed to consumers or asked them to consent to. But the "harm" model doesn't address "non-quantifiable" harms (he didn't define those harms). So we need a new approach.

Although Vladeck didn't say more on the subject (this was only his third day on the job!) his deputy, Eileen Harrington, hinted at the agency's proposed approach. She said that internet communication of consumer data runs along two continuums, consisting of the consumer's (a) conscious provision of data (like using a charge card to make a purchase) versus unconscious provision (like generating click stream data), and (b) control over the dissemination and use of that data (like an email I send to a single person with a "private" designation that prevents the recipient from retransmitting it, versus my lack of control over my ISP's deep packet inspection of my emails). Consumers need the most protection from practices that generate large amounts of information about them and use it freely.

So deep packet inspection, in her view the most dangerous form of data collection, should be the most carefully regulated.

Although Harrington didn't say this, she would probably propose banning it, or regulating it directly (like GLB), without regard to traditional notice and consent principles.

Email
Legal Disclaimer   © 2009 Perkins Coie LLP and Affiliates