FTC Official Says US Shifting to Privacy by Design
The U.S. is shifting toward privacy by design and building safeguards into products from the outset rather than into disclosure statements consumers don’t read, FTC Office of Policy Planning Senior Economic and Technology Adviser Liad Wagman told the Technology Policy Institute Tuesday. He noted he was speaking only for himself, which the commission reiterated after his appearance.
Identifying privacy harm is pivotal to formulating a U.S. approach to regulation, said Sidley Austin privacy attorney Alan Raul. EU’s general data protection regulation and the California Consumer Protection Act take prophylactic approaches, which create barriers to the collection and use of data, he said.
Wagman noted FTC Chairman Joe Simons’ call for federal privacy legislation, saying Simons is cognizant of the interface of data regulation with competition. Statistics show foreign investors pulling out of EU tech ventures, said Wagman, claiming something in GDPR pushes investors away.
The U.S. model has worked well, resulting in sanctions from the FTC and state attorneys general addressing consumer harms, Raul said. He asked whether the GDPR and CCPA are more focused on creating bureaucracy than protection against actual harm.
Assessing the cost of injuries is exceedingly difficult, University of Arizona law professor Jane Bambauer warned. She noted that in the Cambridge Analytica breach, specific consumer harm was difficult to pinpoint because various theories splinter and are incompatible. Microtargeting can’t necessarily be defined as the problem because the internet relies on that, she said: The safest method is to rely on FTC consent decrees.
It’s possible the COVID-19 pandemic will result in shifting attitudes about properly balancing privacy and national security, Wagman said. Like the Sept. 11, 2001, attacks, societal preferences may shift more toward regulations that promote national security, he said.
It’s important to define proper data uses in a crisis, said Bambauer. The fear is that the government could use the crisis data for alternative purposes, or the data could be exploited for commercial purposes, she argued. She hopes the pandemic reveals the need for privacy tradeoffs.
Raul agreed with Bambauer, saying the EU recognized immediately that privacy laws shouldn’t stand in the way of protecting public health. Use of aggregated data is seen as necessary in protecting public health, he continued. The EU made clear privacy isn't an absolute right, he said.
Raul suggested federal privacy legislation encourage the FTC to collaborate with OMB. He wants a position or official within the executive branch responsible for coordinating the balance between privacy and security.