Tuesday, May 24, 2011

Online Consumer Privacy - "Do Not Follow"


Bloomberg News, Eric Engleman and Adam Satariano reported on a hearing in the Senate Commerce subcommittee on mobile privacy on May 19, 2011.

Apple
, Google and Facebook and the makers of applications for these these companies’ platforms faced scrutiny at the hearing over how they collect, use, store and share information on users’ wireless devices, from smartphones to any sort of PDA.

Google’s director for public policy, Alan Davidson stated that Google seeks consent from users of its Android software for collection of information and location data. “Google is also very careful about how we use and store the data that is generated by these services.” Location information sent to Google servers when users opt in with Android is stripped of personal identifying tags, for instance, so it cannot be tied or traced to an individual user, and then stored in an aggregated form. And Google provides parental controls to protect children, and requires developers of apps to rate them according to appropriate age level.

One of Apple’s vice-presidents, Catherine Novelli, testified that Apple does not knowingly collect any data about users below the age of 13. Like Google, all location information gathered from iPhones and iPad tablet computers are stripped of individual identifying data, and not traceable to an owner. They use the aggregated information to improve the functionality of devices. “Apple does not track users’ location, has never done so and has no plans to do so,” said Novelli. (I also understand that some manufacturers use the internal GPS and an accelerometer in the devices to find out if the malfunction for which you bring the machine in for repair was caused by it being dropped or hurled. The GPS and accelerometer function together to locate the device in space, determine its speed, and whether it stopped very suddenly. There is also a device that measures humidity levels, so if you drop a phone or PDA into water, or even a steam room, it may void the warranty.)

Bret Taylor, Facebook's chief technology officer said that Facebook has "robust privacy protections ... if people lose trust in a service like Facebook, they will stop using it." (This seems pretty ironic in light of the continuing battle between Facebook trying to "monetize" their site and the outrage of their users whenever Facebook creates a new set of "opt-ins" that streams all the user data out to third party vendors! See this C-Net Op-ed). When asked about Facebook protections for children, Taylor said that nobody under 13 is allowed to create a Facebook account, and that they remove such accounts when they are alerted to them.

In December, the Federal Trade Commission issued a proposed regulation, commonly referred to as “Do Not Follow,” patterned after the popular “Do Not Call” regulation they issued some years ago for telemarketers. The comment period recently closed, and I have heard from a spokesperson for the agency at the GigaNet conference in early May that they received about 200 comments from consumers on the proposal, which was a surprising number. Here is an announcement with links to a report they issued on the matter, including links to make comments and view comments (note that the comment period is now closed). You can track it on their website with the handy "quick finder" from the FTC homepage by following "Privacy and Data Security," to "Behavioral Advertising."

This was a hot topic at the GigaNet conference. There were commentators who felt that the FTC proposal, which relies on the website owners to self-enforce, (because consumers cannot tell if they are being followed) was just too lax. But there was also a commentator, who represented a number of different large web corporations, who warned that if the companies could no longer “monetize” their websites, that many services that are now free, might become billable. Interestingly, there was also a moderator from the European Union, which was mentioned as a place of intense regulation, who spoke up and said that, although the regulations there did allow all consumers to opt out of being followed, that in practice only about 10% of consumers actually did. I was later told as well, that the regulation and laws in the EU were passed long enough ago that technology has bypassed them and there are now many “work-arounds” that web companies exploit.

No comments: