On Capitol Hill on March 5, the Internet Association hosted a series of panels on issues concerning the data and tech industries. Although the event opened with three Members of Congress, a discussion among three corporate privacy officers -- Yahoo Director for International Privacy Justin Weiss, salesforce.com Head of Global Policy Lindsey Finch, and Monster Worldwide Vice President of Compliance and Fraud Gretchen Herault -- was of greater interest to the survey, opinion and marketing research profession.
Justin Weiss discussed the desirability for flexible frameworks in trans-Atlantic privacy cooperation for private data flows. He said that "big data" provides a great opportunity for innovation - a clear plus for business, but a concern for privacy. "What kind of data is big data?" As Justin noted, even if it doesn't directly identify an individual, it "doesn't mean it isn't useful... or a privacy problem." He pointed out that technology is moving so quickly, but "government is not." Self-regulation needs to take the lead and experiment to figure out what works for both consumers and businesses, Justin concluded, citing the advances made by private companies conducting constant user experience testing in consumer privacy notice and choice.
Lindsey Finch pointed out that, "the core of our business is ensuring our customers trust us with their data." Privacy and data security are thus key concerns for the company. But "interoperability is key" and as a company based on cloud computing, Lindsey stated that it "has no borders" and the U.S.-European Union (EU) Safe Harbor is essential to "making cloud computing work."
Gretchen Herault stressed the need for a "level playing field" for digital companies big & small, all around the world, and concurred that the Safe Harbor was also an important part of that. Justin also concurred on the importance of the Safe Harbor, especially as the EU works on a new data protection directive that is not necessarily going to make digital work in Europe any easier.
In retort to complaints from foreign governments about the patchwork of U.S. privacy laws, Justin said that, "no other country has done more active enforcement of privacy protection" than the U.S., under the Federal Trade Commission (FTC). Europeans do what Justin called "pre-regulation" that requires prior authorization for any innovation and creates barriers. Some in the EU, Justin said, have even floated the idea that they should consider turning to a more American style of data protection and enforcement. In the end, Justin said, one of the most important things the U.S. needs to do is stand by its existing agreements, since commerce could collapse without the Safe Harbor.
Lindsey said that, despite some Europeans criticizing the Safe Harbor for simply being a matter of self-certification, the agreement has a specific regulatory backstop in the FTC, and the agency has used its authority to enforce claims of certification to the Safe Harbor privacy principles.
An audience member asked if U.S. companies are too involved in the EU political process as they re-write EU data privacy regulations. Lindsey responded that U.S. companies are clearly impacted, so of course they should be involved. Gretchen also said that U.S. companies are the digital leaders with the most at stake in the maneuvering in Brussels. Absent a good outcome in the new data protection directive, taking the strictest privacy approach may end up being the only choice for a digital company doing business all around the world.
Another audience member asked how adopting a new "comprehensive" privacy law would affect the current sectoral laws in the US and abroad. Lindsey replied that, "laws in the United States foster innovation... and entrepreneurship." As Senator Chuck Schumer noted earlier in the morning, that entrepreneurship is not limited to Silicon Valley, but happens all around the country, including New York City. Justin lamented that, although many companies think being deemed "adequate" for data privacy purposes by the EU will "just come with the flip of a switch," a comprehensive approach to privacy law is very hard. Gretchen pointed out that other countries, like Canada, see value in the Safe Harbor self-certification and that it imputes "privacy trust."
Rigid rules around consent can create perverse incentives online, according to Justin, and the EU still hasn't learned that "the blind application of rules in a one-size-fits-all approach hurts consumers and businesses."
At the conclusion of the panel, an audience member asked about the NTIA multistakeholder process for mobile apps privacy (in which MRA participates). Justin replied that it is a special initiative, incorporating both technical experts and designers, rather than just regulators and lawyers. He seemed optimistic about its prospects for success.
Senator Ron Wyden (D-OR): "The Internet is the shipping lane of the 21st century... When Congress understands how the Internet works, everybody wins."
House Democrat Whip Steny Hoyer (D-MD) looked to the future. Instead of manufactured in America, he sees digitally innovated in America.
Senator Chuck Schumer (D-NY) touted NEw York City as a hotbed of high-tech innovation before pumping immigration reform.