Comments of Privacy Times Concerning Consumer Privacy - P954807
I hereby request participation in the FTC's June hearings on privacy, sessions one & two.
I am one of the nations's leading privacy experts (there aren't that many of us). I consistently attempt to advocate on behalf of consumers so they have stronger legal rights in relations to their own personal data.
For session one requirements, I will first address questions 1.27 - 1.29 on "self-regulation."
Generally, industry self-regulation, as it is currently practiced, is inadequate and destined to fail. This is mainly because many members of any given industry that operates databases do not take seriously self-regulation efforts. A recent book by Profs. Paul Schwartz & Joel Reidenberg, for instance, found that a significant percentage of the direct marketing industry did not adhere to the Direct Marketing Association's self-regulation program, The Mail Preference Service. Considering that DMA works harder at promoting self-regulation than any other trade association, this does not promote confidence in self-regulation.
FTC question 1.28 addresses the fundamental flaws in industry self-regulation initiatives. They are always permissive, not mandatory; there is seldom, if ever, any oversight or enforcement; and no sanctions are ever imposed for non-compliance. Thus, it's no mystery why so many companies do not take self-regulation seriously.
At the June hearings, I will provide specific, examples of the failures of self-regulation. I will stress the need for legislation that will increase consumers' control over their own personal information.
Similarly, for session two, I want to address self-regulation, specifically questions 2.12 & 2.13. The guidelines of the Coalition for Advertising Supported Information and Entertainment's "Goals for Privacy in marketing on Interactive Media" do not comport with any traditional fair information principles and cannot even be considered a good-faith effort to promote privacy.
In particular, the CASIE's first "privacy" goal addresses educating consumers that sharing data about themselves will help marketers service them more economically and effectively. CASIE fails to understand that privacy goals must focus on the individual and promoting control over the collection and use of his or her information. CASIE's goal instead emphasizes the needs of marketers seeking to exploit personal data, and therefore cannot even be considered a "privacy" goal or principle. The FTC has a duty to declare this unequivocally so that other industries realize that they cannot get away with such nonsense.
CASIE's third "privacy" Goal is similarly self-serving and Orwellian. It states: "We believe that marketers need to respect privacy in the use of 'personal information' about individual consumers collected via interactive technology. 'Personal information' is data not otherwise available via public sources. In our view, personal information ought to be used by a marketers to determine how it can effectively respond to a consumer's needs."
In this "goal," CARE mangles the definition of "personal information," and then proceeds to advocate marketers' use of personal information, as marketers supposedly are the best judges of "consumers' needs." A real privacy principle gives consumers the choice of how their personal data will be used; a real self-regulation program would enforce those choices.
Of course, I have comments for many more of the FTC's questions, but my other obligations impose tremendous time constraints which limit my ability to comment further at this time.
In addition, I know that the Electronic Privacy Information Center (EPIC) shares many of my concerns and agrees with many of my points, as I agree with many of EPIC's comments.