1. After Senate Commerce hearing, is “private right of action” moving in direction of compromise?

The hint of a possible compromise that could remove one of two big obstacles to federal digital-privacy legislation appeared during a Senate Commerce Commmittee hearing this week. Republicans, advertisers and the tech industry generally oppose giving citizens the right to sue over privacy violations other than data breaches. Democrats support doing so.

In testimony, Michelle Richardson, director of privacy and data at the Center for Democracy and Technology urged a middle ground. “We’d like to propose that the solution lies somewhere in between allowing consumers to sue about everything and suing about nothing,” she testified.

Senator Roger Wicker, R-Miss., the committee chairman, noted recently that while his proposal does not contain a private right of action, he would consider including one in legislation if it was sufficiently narrow. Wicker’s bill proposal  l (DRAFT COPY HERE)  is called the “United States Consumer Data Privacy Act of 2019.”

“Private right of action for marginalized communities is really critical,” Dylan Gilbert, policy counsel at Public Knowledge, told The Verge’s Makena Kelly in her story on the hearing.  “Marginalized communities historically haven’t been able to rely on the government to protect their interests. It’s really important that individuals can have their own day in court.”

On the other key partisan dispute over privacy — whether federal law should pre-empt stricter state laws — there appears no clear compromise possibility yet.  The California Consumer Privacy Act and European regulations focus heavily on regulating when consumers must be offered notice, and the chance to give or withhold consent for use of personal data. 

But in Wednesday’s hearing, the testimony suggested more thought should be given to specifying what data companies can use or process, how and when.  And testimony also challenged whether defining “third-party” vs. “first-party” use was as important as when and how the data is used. 

Other important issues surfaced in testimony: 

• Where to draw the line beween what is “sensitive” personal information vs. non-sensitive information, and the different treatment for each.  One witness, Maureen Ohlhausen, attorney representing the cable and telcom industry’s 21st Century Privacy Coalition, said, “I don’t think the coalition has a position” on whether facial-recognition data is “sensitive.”
• Where regulation should be focused on “notice and consent” or on how data is used once a company has it — or both. 
• How to resolve thorny definitional questions such as “what is a data broker”?  The leading bipartisan propsals appear to want to leave this up to Federal Trade Commission (FTC) rulemaking.
• Former FTC commissioner Julie Bill, who is now a corporate attorney and privacy executive at Microsoft Inc., testified that emerging laws are putting an “unintentional thumb on the scale favoring big companies who can serve ads.”

The last comment prompted Sen. Maria Cantwell, the committee’s ranking Democrat, to observe: We are not going to have a free media in this country if we are not willing to persist on this . . . they will have all of the money and all of the advertising.” 

MORE FROM WASHINGTON:

• Wicker, GOP commerce chair, said he would consider narrow private-action right | Rebecca Kern, Bloomberg Government

• Sen. Wicker circulate’s GOP draft privacy bill preempting CCPA | Hunton Privacy Blog

• Closer than apart: Comparing Senate privacy bills |  Future of Privacy Forum staff

• Advocates hopeful dueling privacy bills can bridge partisan divide | Emily Birnbaum, The Hill

• The Edges of a Federal Privacy Law are Starting to Take Shape | Allison Schiff, AdExchanger

• Sen. Cantwell Leads With New Consumer Data Privacy Bill | Adam Schwartz, EFF

• Walmart privacy chief defends online tracking practices to Senate panel | Garrett Sloate, AdAge

• Senators’ year-end-push on privacy | Margaret Harding McGill, Axios

• Lawmakers concerned Apple’s focus on privacy is anticompetetitive | Stephen Warwick, iMore

• The other privacy bill, on discrimination, from Eshoo and Lofgren | Cory Doctorow, BoingBoing.net

• Ad industry groups offer their “privacy principles”  to Congress | Garrett Sloane, AdAge

• Americans are ‘absolutely appalled’ by the lack of a national data-privacy law, says Republican Sen. Blackburn | Victor Reklaitis, MarketWatch

• New York considers privacy legislation broader than the CCPA | InfoBytes Blog

2. Ad industry’s 41-page framework distinguishes between “sensitive” and “non-sensitive” data

A lobbying coalition of the biggest U.S. advertisers delivered its 41-page “comprehensive privacy principles” to members of Congress this week. (DOWNLOAD DOCUMENT) 

It downplays the idea of “notice and consent” which is prominent in European and California privacy laws, calling instead for “clearly defined and prohibited practices that put personal data at risk or undermine accountability, while preserving the benefits to individuals and our economy that result from the responsible use of data.” 

Privacy for America’s 41-page proposed framework largely mirrors current self-regulatory codes — but with a few tweaks, writes Wendy Davis at DigitalNewsDaily. She says that code has long called for companies to allow the use of “non-sensitive” data unless the user specifically opts-out — says “no.” It requires an affirmative “OK” — an opt-in — before so-called “sensitive” data can be collected or used. “Sensitive data” includes health, financial, biometric, and geolocation information, call records, private emails, and device recording and photos.

Commenting in AdAge’s story on the framework, digital ad consultant Ana Milicevic said the document doesn’t even mention the word advertising until page 33, and appears focused only on digital data, not on the collection of data by off-line brokers. Earlier, the Privacy for America coalition proposed in a Nov. 21 letter that Congress should require companies to obtain people’s opt-in consent before obtaining “sensitive” data.

3. Gartner research asserts 80% of marketers will abandon “personalization” by 2025; a move toward mood sensing?

An estimated 80 percent of marketers will move away from ad-tech’s pervasive attempts at “personalized” advertising by 2025, experimenting instead with artificial-intelligence-driven efforts to sense the emotions buyers,  a Gartner Inc. study predicted this week. 

The research report, “Predicts 2020: Marketers, They’re Just Not That Into You,” is offered only to clients of Gartner, a major research and advisory company.  But Gartner summarizes its findings in a news release.  It doesn’t say “personalization” as a strategy will go away, it just says it will be applied more methodically with user data consent-management at its core.

“By 2024, artificial intelligence identification of emotions will influence more than half of the online advertisements you see,” Gartner says.  It says by 2022, a quarter of marketing departments will have a dedicated behavioral scientist or ethnographer on full time. And by 2023, “one-third of all brand public-relations disasters will result from data-ethics failures,” the news release adds.

The Gartner assertions buttress the findings of a May academic study from researchers at the University of Minnesota, UC-irvine and Carnegie Mellon University, cited at the time by Jason Kint, CEO of Digital Content Next, the trade-group for branded digital publishers. It found the currrent approach to behavioral advertising did not clearly demonstrate that it works for marketers. 

In a June 6 post, “Behavioral advertising: The mirage built by Google,”  Kint said the study team “found that behavioral advertising, as measured and delivered based on third party cookies, increased publisher revenues by a mere four percent” in an ecosystem that largely benefits the finances of intermediaries, including Google, not publishers. 

RELATED LINKS:

• Is personalization a step too far? | Sean Hargrave, MediaPost 

• Edge AI decentralizing artificial intelligence by running algorithms directly on devices | Gil Levy, Forbes

• EPIC, tech-industry watchdog, scores AI-based recruitment | Jay Giunt, Employment Law Watch

• AI and the GDPR — complex risks in changing times | Brandy Worden, Robins Kaplan LLC law firm