The APEC CBPR Framework has become the model for ensuring interoperability across privacy regimes. Over the past year, more APEC economies, such as South Korea, Australia, and Singapore, have announced participation in the framework enhancing the ability for companies to seamlessly move data across borders.
TrustArc will be co-hosting an event with the U.S. Chamber of Commerce and ITI on March 26, 2018 from 1:00 PM – 5:00 PM ET at 1615 H Street Northwest, Washington, District of Columbia, 20062.
Keynotes will be given by U.S. Secretary of Commerce Wilbur Ross and acting FTC Chair Maureen Ohlhausen.
Join us for a discussion with U.S. government leaders, APEC leaders, and industry representatives to better understand how the framework works and the benefits it provides to both companies and countries that participate and adopt its principles.
There will be a networking reception after the discussion; you can see the full agenda here.
By Alexandra Vesalga, Esq., Regulatory Intelligence Analyst, TRUSTe
In this week’s State of the Union Address, the president remarked on several privacy and cybersecurity initiatives in the works, including a proposed federal data breach law, a renewed proposal for a consumer privacy bill of rights and a student data privacy bill.
Privacy was expected to be a central topic in the address based on the president’s comments last week at the Federal Trade Commission, but comments on privacy were fleeting. All things considered, any nod to privacy — a once fringe (still sometimes fringe) topic — is notable. The president’s discussion of privacy reform initiatives during the address indicates that privacy issues are moving into the political and policy foreground, and that Americans care about the privacy of their information more than ever before.
Some interesting insights may be gleaned from examining the way President Obama discussed privacy. Looking specifically to the text of the address, it is noteworthy that privacy issues are presented squarely within a security context. For instance, the president discussed cybersecurity as a national security issue, weaving privacy issues into his call for action:
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. . . . [T]onight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Privacy lawyers and privacy professionals, you know this one: “there is no privacy without security.” Privacy and security may be interdependent, but they are certainly discrete — “Security is about what happens on the back end to keep collected data safe, while privacy focuses on what happens when you start using that data,” says Joanne Furtsch, Director of Product Policy at TRUSTe. Cyber threats are a security issue. Identity theft and data breaches are security issues. But allowable uses of student and children’s data are unquestionably issues of privacy. So, why the mashup?
At his FTC address last week, we saw President Obama tackle privacy head-on:
“We believe that consumers have the right to decide what personal data companies collect from them and how companies use that data, that information; the right to know that your personal information collected for one purpose can’t then be misused by a company for a different purpose; the right to have your information stored securely by companies that are accountable for its use.”
Next month, we can expect more robust privacy updates from President Obama as he introduces his revised consumer privacy bill of rights, which seeks to federally regulate the collection, use and disclosure of individuals’ information.
What do you think about the president’s approach to privacy and security?
The word is out that data privacy will be a key issue in President Obama’s State of the Union address next week (Jan. 20). This week, the president met with the Federal Trade Commission to give a preview of the new data privacy initiatives he plans to introduce. The anticipated legislation includes the Personal Data Notification and Protection Act, and the Student Data Privacy Act. The overall aim of the president’s proposed legislation is to tackle identity theft as well as protect student and consumer privacy at a federal level.
Everyone wants to know how the president’s proposed initiatives will impact businesses. But we don’t have to wait until next week since numerous commentators have already shared details of the president’s plan to tackle these timely issues.
The Personal Data Notification and Protection Act “would demand a single, national standard requiring companies to inform their customers within 30 days of discovering their data has been hacked,” according to the New York Times. In the president’s meeting with the FTC commissioners, he said that the current patchwork of state laws are a costly burden to companies and fail to protect Americans.
The president also would like to codify the 2012 Consumer Privacy Bill of Rights in 45 days, among other privacy protection measures.
President Obama wants privacy regulated by the federal government as opposed to individual state governments, which can vary significantly in approach. Compliance complications can arise when state governments regulate privacy since it requires companies to comply with a myriad of differing state laws, which can cause confusion.
However, some are concerned that such legislation could be too restrictive and stifle innovation.
Marketing Manager | TRUSTe
Chris Babel, TRUSTe’s Chief Executive Officer, will testify today before the House Judiciary Subcommittee on “New Technologies and Innovations in the Mobile, and Online space, and the Implications for Public Policy”. Mr. Babel will share new privacy technologies developed by TRUSTe to address consumer privacy in the mobile and online environments. He will also speak to the merits of self-regulation, the progress made by industry to date, and the need to provide adequate time for privacy best practices to evolve in the marketplace. His testimony is available here and excerpted below:
The Privacy Explosion: New Privacy Challenges and Technologies to Address Them
The rollout of new technologies and platforms continues at a rapid pace and companies like TRUSTe that offer privacy solutions must move as quickly. The industry shift to mobile devices and the cloud, the growth of online behavioral advertising, and changing global standards have created new privacy challenges, particularly given the underlying reality that data is easier to collect, cheaper to store and faster to analyze (often referred to as “Big Data”) than ever before.
Mobile & Wireless Devices
Mobile devices – especially smartphones – present unique privacy challenges because they are carried by many consumers at all times and are in a state of perpetual data collection. TRUSTe has attempted to meet these challenges in the mobile space in several ways:
- In 2012 TRUSTe partnered with the Application Developers Alliance to educate mobile developers on important privacy issues as part of a countrywide educational roadshow. This year, we also launched TRUSTed Mobile Ads, a pioneering technology platform that notifies consumers of tracking on their mobile devices and enables them to opt-out if they desire. (more…)
Marketing Manager | TRUSTe
The White House just released a major privacy report, which we previously covered here and here. Their press conference, held yesterday, also saw two important privacy developments for the online advertising industry:
1. The White House publicly endorsed the DAA program
In no uncertain terms the Obama Administration called the DAA program a model of success for “enforceable codes of conduct”. This ringing public endorsement dramatically lowers the likelihood of privacy legislation and justifies the investment hundreds of companies have made in complying with the self-regulatory program. It took the industry a while to reach critical mass, but 900 billion compliant monthly ad impressions are hard to ignore. Self-regulation is on a clear path to success.
2. The DAA will work to support Do Not Track integration
This is a logical extension of the DAA program and will remove ambiguity and uncertainty that has hampered the space. To be clear, this announcement does not mean that in-ad icons and cookie-based opt-out implementations will be replaced. The White House has clearly endorsed this current method of self-regulation. Rather, since DNT and in-ad privacy notice/choice are complimentary and each offers unique advantages, the natural evolution will be a seamless integration of these two technologies.
While I couldn’t be in Washington, D.C. today for the Senate Commerce’s Committee’s hearing on “The State of Online Consumer Privacy” (copies of hearing testimony here) I’ve been able to check in with a wide range of attendees and get perhaps more of a bird’s eye view. Key themes:
– It’s all about Trust: Every panelist talked about the importance of trust to continue to reap the benefits of the Internet. Group M’s John Montgomery: “We want to build consumer trust in the online experience, and therefore we believe that consumers should be able to choose whether and how their data is collected or used for online behavioral advertising”
– Importance of Innovation: Intuit CPO Barbara Lawler: “As we enter this important discussion, it is necessary to further emphasize the importance of both respect for the consumer participation and control of information and the value and benefit of continued innovation, in particular where the future of economic growth is goingâ€”data driven innovation. The key to our success and to ensuring balance among these interests is earning the customers trust.”
– Evolving definition of privacy: Microsoft’s Erich Andersen: “In the digital era, privacy is no longer about being ‘let alone.’ Privacy is about knowing what data is being collected and what is happening to it, having choices about how it is collected and used, and being confident that it is secure.” Note: I’d add “accountability” to the list too.
– Technology + Policy + Self Regulation: Ashkan Soltani (researcher): ” To be effective, privacy protections for consumers online will likely require both a technical and policy component, working in tandem, and I believe these discussions here today are a great step in making that union a reality.”
– Consumer Privacy Bill or Rights in legislation, including incentives for Safe Harbors and Self-Regulation: Committee Chairman Rockefeller: “There is an online privacy war going on, and without help, consumers will lose. We must act to give Americans the basic online privacy protections they deserve.”
A few things to ponder:
- Do our legislators have broad understanding that privacy issues are not only online? Do they understand that privacy issues are abundant beyond behavioral advertising?
- Is industry ready to embrace self regulatory programs, such as TRUSTe’s, to balance potential legislation?
- Will consumers step up and make the choices that we are all committed to providing?
- Finally, how can we ensure that the combo of Legislation + Co or Self Regulation and Technology meets the bar for better privacy?
You can watch s video recording of the hearing here.