Consumer Electronics Daily was a Warren News publication.
Good Intentions

Ramirez Supports Goal of Privacy Bill of Rights, Wishes It Were Stronger

March 6, 2015 by Katie Rucke|Top News

The goal of President Barack Obama’s draft proposed Consumer Privacy Bill of Rights (CPBR) legislation and the FCC net neutrality order get the support of FTC Chairwoman Edith Ramirez, she said at an International Association of Privacy Professionals event Thursday. “I do wish the [CPBR] were stronger.”

The FTC doesn’t want to minimize the administration’s CPBR proposal, since no previous president or administration has made privacy a priority, said Bureau of Consumer Protection Director Jessica Rich, but the agency has some concerns with the draft. There isn’t enough of a bottom line in the bill, FTC Commissioner Julie Brill said. “Where are the boundaries? There don’t seem to be enough boundaries,” Brill said. “We need to put the consumer back into the Consumer Privacy Bill of Rights.” The administration should be commended for putting something on the table, but “I believe there are serious weaknesses” in the CPBR and there needs to be a “reset on some of these things,” she said.

It was “hard for us to come out and say we were uncomfortable" with the proposal, but "we do think it would be a step backwards,” Rich said of the CPBR. The agency spoke out because portions of "bills" have a way of making their way into new bills, Rich said. One issue with the CPBR is the “fuzzy, fluid requirements” that would make it difficult for the FTC to enforce, Rich said. Another is that the bill pre-empts state law, which Rich said would be OK if the protections being put in place were stronger than all state laws, but they're not. And there's a two-year period when the bill wouldn’t be enforced, but state law wouldn’t be enforced, either, Rich said. If a company makes a change to a privacy policy, it wouldn’t be required to get consumers to opt in again and agree to the new privacy policy, Rich said, and there would be no special treatment for sensitive data.

When it comes to net neutrality, “reclassification does have impact on our jurisdiction” over broadband carriers due to the common carrier exemption, Ramirez said. She said she has urged Congress to eliminate the common carrier exemption so the FTC can “apply consistent standards across the board.” Overall, the FCC’s net neutrality ruling won’t have a significant impact on the FTC, Ramirez said, because the FTC already collaborates extensively with sister agencies including the FCC, the Department of Justice and the Consumer Financial Protection Bureau. “We welcome the FCC’s interest in privacy,” Rich said. The agencies could work together to protect consumers because “we have complementary tools,” she said.

We haven’t seen the details" of the FCC’s proposal on net neutrality rules, Brill said. Even so, with some officials at the FCC anticipating lengthy litigation on some parts of it, it may be years before the FTC has a clear picture of the rules' impact on the agency's role. The proposal could be deeply protective of consumers, if done right, Brill said. But the proposal could remove some protections for consumers in some areas, she said.

In the year ahead, the FTC will focus on data security, big data, the connection between the data-driven world and fraud, and the Internet of Things, Ramirez said. “Data security and privacy go hand in hand,” Brill said. Brill predicted that sensitive information, in addition to data security, the IoT, mobile, and the issue of fairness of data security will be trends the FTC will address in the year to come.

Companies need to keep in mind data minimization and de-identification, Brill said. “I worry a lot about the ‘collect it all now’ approach,” she said, given the risk of data breaches. “There’s two types of companies,” she said. “Those who have suffered from a breach, and those who don’t know they have suffered from a breach,” Brill said. “Don’t be an ostrich. Look at what’s happening in a broad perspective."

We want to see innovation,” Ramirez said. “Technology doesn’t worry us.” The FTC is concerned about sensitive information, with health information of most concern since it is not always covered by the Health Insurance Portability and Accountability Act, Ramirez said. A “lot of work needs to be done in this area,” she said.

This fall, the FTC plans a workshop on cross-device tracking data, Ramirez said. A date hasn't been set.