Brookings privacy expert sees “safe harbor” as part of bipartisan measure; says ITEGA might “fill the bill” — but may be premature

A Brookings Institution legal scholar who has worked for years on federal privacy initiatives thinks that the concept of “safe harbor” regimes would likely be part of any bi-partisan Congressional action on comprehensive federal digital privacy.  John B. Morris, Jr., also said in an interview with Privacy Beat that he thinks such regimes have real value.

Morris envisions that a federal baseline privacy law would create a regulatory regime in which a federal agency (he suggests the U.S. Federal Trade Commission) can review, approve, or reject proposed safe harbor systems, and then closely monitor the implementation and effectiveness of such systems.

In his view, such a regime could be a force-multiplier for the federal agency, and could allow clear privacy guidance and compliance procedures to be developed for industries that might otherwise fall under the radar of federal or state privacy enforcement efforts.  Morris and his Brookings colleague (and former Department of Commerce General Counsel) Cameron Kerry included the idea in model privacy legislation they unveiled last year. 

In the interview, Morris said:

• The Information Trust Exchange Governing Association (ITEGA.org), the publisher of Privacy Beat, would likely have “filled the bill” as an element of the safe-harbor approach included in the draft privacy legislation that the the Obama White House released in 2015 (while Morris was working at the National Telecommunications and Information Administration).

• Today, Morris sees a “chicken or egg” challenge — is law needed to empower a public-interest privacy enforcer like ITEGA, or does ITEGA need to be operational as an example to write law around? He believes the former.  “I am doubtful that voluntary nongovernmental initiatives are going to have much viability without federal legislation that expressly creates a strong federal review and oversight system,” he explained.

In the end, says Morris, something like ITEGA — a 501(c)3  public-benefit entity that proposes making and enforcing business rules and policies around a privacy and identity ecosystem by “pulling the plug” on violators — could be valuable.

“Does ITEGA have any potential?” he asked rhetorically. “My short answer is I don’t know but I hope so.  And that’s because I think that a well-crafted system for federal review of and oversight over safe-harbor systems would make federal baseline privacy law stronger, would better protect privacy, and could give small and large industries more concrete and enforceable guidance about how to respect the privacy of all users.

WASHINGTON WATCH

Klobuchar, Kennedy tee up bipartisan vehicle for privacy compromise, straddling opt-in, pre-emption and “private right” — where’s the text? 

The Democratic chair and top Republican on a Senate subcommittee dealing with online privacy have together re-introduced their data-privacy proposal that could be a platform for bipartisan compromise. Sporting a new title, the Social Media Privacy Protection and Consumer Rights Act (S.1667)  apparently straddles at least two contentious issues.

Klobucher introduced the bill in the Senate on May 18 and it was immediately referred to her subcommittee.  But the bill text had not yet been posted to Congress’ system by May 28, so precise language parsing from an official version is not yet accessible. Press statements and news accounts provide hints.

Those accounts say the bill, if enacted, will not supersede any existing state laws, such as the California Privacy Rights Act (CPRA).  California Democrats in the House have said they would not agree to federal “pre-emption” of tougher state privacy laws, but the GOP and industry want a single national standard.

But in a concession to the advertising and technology industries, the bill would preclude most options for individual citizens to sue over violations of the law. Instead, only the U.S. Federal Trade Commission — and state attorneys general — could do so. The idea of individual class-action lawsuits is a hot button for industry which fears financial exposure and massive litigation.

In a third policy area, the proposal takes an approach thought to favor industry — individual data collection would be legal unless an individual “opts out”.  European law requires “opt-in” for data collection, and even some advertising-industry executives are expecting that will be the law in the United States eventually.  The Klobuchar-Kennedy bill does impose strict rules on providing an easy, transparent way to opt out. That puts Klobuchar at odds with two powerful fellow Democrats, Rep. Jan Schakowsky, of Illinois, and Sen. Richard Blumental of Connecticut.

RELATED LINKS:

• KLOBUCHAR/KENNEDY STATEMENT
• Latest bipartisan opt-out privacy bill would not pre-empt states | Tim Butler et al., Troutman law firm
• Senators roll out bipartisan privacy bill | Makena Kelly, TheVerge.com
• Mandatory opt-out, data breach notification part of new privacy bill | Tim De Chant, ArsTechnica.com
• After a Long Pause, Bipartisan Data Privacy Bill Back in Front of Congress | Scott Ikeda, CPOMagazine.com
• VENDOR VIEW: National privacy legislation gains steam as state-level laws progress | Jason Bier, Adstra via TheDrum.com

MORE WASHINGTON WATCH 

• Facebook top lobbyist/PR person calls for bipartisan approach to break the deadlock on internet regulation | Nick Clegg via CNBC.com
• Without regulation, future could be like Orwell’s “1984,” Microsoft president says | John Bowden, TheHill.com
• U.S. FTC publishes its annual privacy update for 2020 re Facebook, Zoom | IAPP Blog

Shoshana Zuboff | Photo courtesy Wikipedia

Zuboff calls out Apple to lead alliance to spark investment opportunity away from surveillance capitalism 

Author and emeritus Harvard Business School Prof. Shoshana Zubuff is challenging Apple Chairman Tim Cook to lead a pivot of the current “surveillance” marketing ecosystem by forming alliances with other large, medium and mall companies.  Her call, in a New York Times interview, echoes similar statements she first made in 2019 after the publication of her groundbreaking book, “The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power.”

“They’ve already made it clear that they’re looking at a way to expand their own advertising model, which is different from online targeted advertising,” Zuboff says of Apple in The Times Q-and-A. “They’re putting down the elements here of an alternative advertising paradigm. This is an opportunity for that new paradigm to now converge with their stated values and not rely on massive scale collection of human generated data in secret.

In a 2019 interview with Ralph Nader, Zuboff said a big opportunity then existed for a collaborative alliance of companies to counter Google and Facebook on privacy.  At the time, she cited Apple specifically as a potential catalyst.  She said such an alliance would have the potential to have “every person on earth as a customer” and would therefore attract investment.

“This alternative ecosystem is waiting for leadership,” she says in the new Times interview, adding: “Apple is the corporation that can provide that leadership . . . . ”

PERSONAL PRIVACY 

• Lawsuit: Over 3 billion people’s photos taken from websites by AI company | Rebecca Clapper, Newsweek.com
• Want to erase yourself from the internet? Here’s how | Kim Komando via USAToday.com
• Court Hears Arguments Over “Differential Privacy” Method Used to Anonymize Census Data | Scott Ikeda, CPOMagazine.com
• Collective data rights can stop big tech from obliterating privacy | Martin Tisne, Luminate/Omidyar via MIT Technology Review
• Google, Health Care Partnership Leads To Health Algorithms Using Patient Data | Laurie Sullivan, DigitalNewsDaily/MediaPost.com
• Privacy concerns arise over Google’s deal to develop algorithms for big hospital chain | Melanie Evans, WSJ.com
• Privacy laws need updating after Google deal with HCA Healthcare, medical ethics professor says | Emily DeCiccio, CNBC.com

PLATFORM ANTITRUST 

• Facebook Urges Judge To Dismiss Class-Action Antitrust Complaints | Wendy Davis, DigitalNewsDaily/MediaPost.com
• EU competition concerns about Apple’s new app tracking policy | Thomas Höppner & Philipp Westerhoff, Hausfield law firm
• DC attorney general accusing the tech giant of abusing its power to control prices online | Katie Canales, BusinessInsider.com
• ANALYSIS: The Big Deal in DC attorney general’s Amazon antitrust suit | Shira Ovide, NYTimes.com
• How a small DC antitrust lawsuit against Amazon could mean big things for Big Tech | Sara Morrison, ReCode.com
• Amazon’s most-favored nation clauses slammed in lawsuit filed by Washington, DC | Jon Brodkin, ArsTechnica.com
• DC Antitrust Case Cuts to the Core of Amazon’s Identity | Gilad Edelman, Wired.com
• In a push for privacy, tech giants are seen cracking down on competition | Ben Brody, Protocol.com
• Google Must Face Privacy Claims Over Data Transfers To App Developers | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Facebook Commissioned Research That Says Apple’s iOS 14.5 Changes Are Anticompetitive | Allison Schiff, AdExchanger.com | DOWNLOAD STUDY
• Facebook-Funded Report Accuses Apple Of Depriving Consumers Of Choices | Wendy Davis, PolicyBlog/MediaPost.com | STUDY CO-AUTHOR
• Facebook pays for study that says Apple’s iOS 14 privacy changes are bad | Stephen Warwick, iMore.com

MEDIA AND TECHNOLOGY

• Poynter study finds 704 digital local sites; assesses field | Rick Edmonds, Poynter.org
• 10 tips on raising media money in your community | Jay Allred, WhatsNewInPublishing.com
• Dallas Morning News expanded its hyperlocal journalism through a web hub and newsletter initiative | Nicole Stockdale, DMN via BetterNews.org
• Community Foundation Support for Local Journalism Is Growing | Mike Scutari, InsidePhilanthropy.com
• Facebook Cracks Down on People, Pages Repeatedly Sharing Misinformation | Stephanie Mlot, PCMag.com

STATEHOUSE WATCH

Ad industry frets possible N.Y. Senate action on bill requiring data “opt-in” and allowing citizen lawsuits over privacy

The advertising industry is up at arms over a tough digital privacy bill introduced into the New York state Senate a couple of weeks ago — because it would require consumer “opt-in” to some data collection and would also allow individual consumers to sue for violations. The measure, SB 6701, is ready for a final Senate vote. It would still require a House vote before June 10, when Albany, N.Y., lawmakers adjourn the session.

The New York Privacy Act text would require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared. Consumer Reports, the nonprofit group, backs the bill.

RELATED LINKS

• New York Privacy Act set for final vote in state Senate | Morgan McKay, Spectrum News
• New York’s Sweeping Privacy Bill Moves Forward In Senate | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Advertisers freak out over opt-in, private-action NYS privacy bill | Wendy Davis, DigitalNewsDaily/MediaPost.com
• OPINION: New York’s private-right privacy bill too onerous for publishers? | Rob Williams, PublisherInsider/MediaPost.com

STATEHOUSE WATCH 

• Nevada Legislature Passes SB260; Will Broaden Right to Opt Out of Sales | David Stauss, Husch Blackwell law firm
• Status of Proposed CCPA-Like State Privacy Legislation as of May 24, 2021 | David Stauss, Husch Blackwell law firm
• Vaccine Passport Ban Creates Uncertainty in Iowa | Frank Harty, Nyemaster Good law firm
• Colorado appears more likely to approve a tough digital privacy act | David Stauss et al., Husch Blackwell law firm

EU PRIVACY

• Three years in, GDPR highlights privacy in global landscape | Jennifer Bryant, IAPP Staff
• The third anniversary of the GDPR: Looking ahead | Benjamin Slin et al., Baker & McKenzie law firm
• EU privacy watchdog probing the use of AWS and Azure cloud services | Daphne Leprince-Ringuet, ZDNet.com
• European privacy groups challenge facial scan firm Clearview | Kelvin Chan, Associated Press
• German antitrust watchdog investigates Google over data use | Reuters Staff

WORLD PRIVACY 

• Does iCloud Data Turned Over To Chinese Government Conflicts With Apple’s “Privacy First” Focus? | Scott Ikeda, CPOMagazine.com
• Facebook’s WhatsApp denies it will drop privacy update for Turkey users | Suzan Fraser & Kelvin Chan, Associated Press
• UK Bulk Surveillance Violated Right To Privacy | Emma Woollacott, Forbes.com
• Facebook sues Indian government to stop privacy intrusion on WhatsApp | Mike Isaac, NYTimes.com
• Look before leaping with vaccine passports, says Newfoundland and Labrador privacy boss | Peter Jackson, SaltWire.com

PRIVACY BUSINESS

• The Privacy Tech Vendor Landscape Exploded In 2021 | Allison Schiff, AdExchanger.com
• Android privacy changes are coming — are you ready? | Tyler Finn, Foursquare via VentureBeat.com