Data Security, Privacy a Global Issue, Brill, Others Say

Privacy and data security continue to be a top priority for the FTC as the Internet increasingly becomes today’s global trade route, Commissioner Julie Brill said Tuesday at a U.S. Council for International Business event. Innovation must be allowed, but consumers must be protected as big data can serve as a tool to exclude or include populations, she said. The challenge of securing data and ensuring privacy is as “staggering as the amount of data involved,” said Daniel Sepulveda, the State Department's coordinator for international communications and information policy. Brazil, Europe and Japan have taken measures to protect consumers by adapting, passing or reshaping data privacy laws, Brill said. The Mexican government is currently working on reforming 12 different aspects of its tech policies, including transparency, said Mexico's Director General for Innovation, Services and Domestic Commerce Raúl Rendón Montemayor.

Consumers need to be kept front and center in the increasingly connected world, Brill said. The data collected from the Internet of Things could help solve challenges in industries such as healthcare, energy and education, but the “information coming from our homes and bodies is deeply personal,” she said. Citing a recent Hewlett Packard study, Brill said 90 percent of connected devices collect personal information, yet 70 percent of those devices transfer data without encryption. Soon, “connectivity will just be a part of the way things work,” which is why “security is going to be paramount,” Brill said. Not just for the information collected, but for some devices themselves such as pacemakers and smart cars, she said.

Data minimization plays a key role in data security and privacy, as one can’t lose or misuse what one doesn’t have, Brill said. Companies need to be creative when it comes to informing consumers, as notice and choice, data minimization, security and other fair information practice principles apply to the IoT just as they do to the Internet and smartphones, she said.

The administration has taken big steps on privacy and data security in the past year, but its Consumer Privacy Bill of Rights falls short, Brill said, as it allows companies to interpret context, offers too few consumer bottom-line protections, and relies too heavily on codes of conduct and privacy review boards. “An appropriate baseline privacy law should provide strong, specific, enforceable protections for consumers, and clear rules of the road for businesses,” Brill said. She pledged to work with members of Congress, the administration and “all stakeholders” to put the “consumer back in the Consumer Privacy Bill of Rights.”

In addition to efforts in the U.S. to protect privacy and data, efforts to ensure that cross-border data flows are legal and consumers are protected would benefit consumers and businesses worldwide, Brill said. The “viability” of the U.S.-EU safe harbor program was threatened in 2013 after Edward Snowden detailed activities the NSA and other intelligence and law enforcement agencies engaged in, Brill said. The European Commission “commended” the FTC for its efforts on safe harbor but demanded 13 changes be made to the policy, Brill said. As for Europe’s right to be forgotten, Brill said she agrees with the idea but finds the term misleading. She proposed instead the concept be called the “right of obscurity” and said the U.S. already has in place narrower and more focused aspects of the concept. For example, the Fair Credit Reporting Act prohibits old information from appearing on credit reports, criminal records can be expunged and California has enacted some “eraser” laws that allow children to better control social media pages, she said.

“We need more rights of obscurity, particularly when it comes to search firms,” Brill said. The FTC has called for consumers to be given the rights to view information collected about them and correct or expunge the data, depending on its use. “First Amendment issues will arise in some of these contexts,” Brill said. It’s a complicated issue that should not be simply written off, she said.

The Internet's future lies in the developing communities around the globe, Sepulveda said, noting mobile banking isn’t just a new way to do something in Africa, it is an entirely new thing. “Our goal is to connect the world,” said Sepulveda, who is also vice chairman of the Organization for Economic Cooperation and Development Committee on Digital Economy Policy Ministerial 2016. “We’re still billions of people away from that goal,” as a billion people in India are not online, he said. In addition to privacy and security, “e-literacy” must be addressed, as not every member of the population knows how to use a PC, said Jørgen Abild Andersen, chairman of OECD’s Committee on Digital Economy Policy. Last year, the Danish government made it mandatory to communicate with the government digitally, despite not everyone's being able to use a computer, said Anderson, who is also the former director-general telecom for the Danish Ministry of Business and Growth.