Privacy Laws Seen as ‘Inevitable,’ But Not This Year
Privacy laws “need to change to keep pace” with technology, Microsoft General Counsel Brad Smith said at the International Association of Privacy Professionals (IAPP) summit. Companies opposing broad privacy laws said legislation is unlikely this year, but Smith said new privacy law is inevitable: The question is whether it will be “good law.”
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Privacy “is more important than it has ever been,” given the explosion in use of computing devices, Smith said. “That means, more than ever, we need to get it right.” It’s important that policymakers regulate in terms of today’s technology and “societal norms” rather than those of yesterday, he said. It’s no longer about expecting information to be secret, but rather “what you expect people to do” with the information, he said.
Banning technologies in the name of privacy could have “unintended consequences and unintended dangers,” Public Parts author Jeff Jarvis warned in a separate keynote speech. Policymakers should instead seek to stop specific bad behaviors, he said. “Privacy is important but so is publicness,” and policymakers should not “go overboard with what could happen,” said Jarvis, a prolific blogger and former president of Advance.net. Some government leaders want to ban facial recognition and geolocation, but they forget that the technologies could be used for laudable purposes like finding missing children, he said. Meanwhile, “Do Not Track” and “the demonization of cookies” could mean massive losses for media dependent on ad revenue, he said.
Passing any privacy law is unlikely in an election year, said Direct Marketing Association Executive Vice President Linda Woolley in a later panel discussion. Data security legislation is unlikely, too, because Congress “has no will to preempt” the states, she said. The predicted inaction is OK with Woolley, who said she believes self-regulation by the private sector is the best way to keep up with changing technology. The U.S. doesn’t need a law, but the industry on its own should try to improve on privacy, said Experian Government Affairs Senior Vice President Tony Hadley.
While it probably won’t legislate, Congress could have hearings on mobile and children’s privacy, said Mike Zaneis, senior vice president of the Interactive Advertising Bureau. Hadley predicted many “policy discussions” about privacy this year in congressional committees and the states, as well as among industry and at the FTC.
Companies should keep privacy policies simple to communicate effectively to their customers, Smith said. Privacy agreements are too long, he said, saying Apple’s privacy agreement for the iPad requires customers to hit a “next” button about 45 times. “If you try to cover everything,” it’s likely that you won’t “communicate anything,” he said. “Every time you make something simpler, you are going to make it better."
It may not be possible to simplify privacy policies and at the same time fully maintain transparency, LinkedIn Legal Director Eric Heath said. The social network displays a long, “legalistic” notice, he said. To make it easier to read, the website includes a summary and highlights changes to the policy. Social game developer Zynga engages users by integrating privacy notifications into its games, said Zynga General Counsel Reggie Davis. Zynga, known for its FarmVille game, also developed an interactive app describing its privacy policies called PrivacyVille, and the game has attracted a large number of players.
A good privacy policy means “no surprises to the user,” Davis said. Zynga developers ask themselves if a new feature feels “creepy,” and won’t allow it if so. “Say what you do,” Heath said. “Do what you say.”