How content providers should address users' privacy concerns – page 2
Free newsletter via e-mail
Tools
In the wireless and Internet space, the FTC has already suggested "principles" that do not have the force of law for the use of behavioral advertising, but which none the less address some of its concerns if followed.
It has also released a staff report, "Beyond Voice: Mapping the Mobile Marketplace," dated April 2009, and it is soliciting additional comment for three roundtable meetings to gather information and discuss additional courses of action.
There some people that believe that the FTC telegraphed its conclusion that industry self-regulation approaches had not done enough to ensure consumer protection, potentially leaving it no choice but to adopt a new regulatory scheme to govern privacy in our industry. In the absence of intervening horrific information about the use of the data that is now being collected, I disagree that the staff will aggressively pursue that means of regulation right now. Rather, it will continue to collect information so that is can better understand the issues.
That means that to the extent there is a consumer outcry and the FTC wants to send a really aggressive signal to the industry, it will look a for a bad actor to pursue in the context of an enforcement proceeding, and perhaps ultimately seek a consent decree between the bad actor and the FTC that might serve as a model for the industry. The staff in the enforcement proceeding would argue that specific conduct violates Section 5 of the FTC Act. That section prohibits, among other things, unfair or deceptive practices in or affecting commerce. If such a challenge to specific conduct were made, a balancing test would be applied, looking at any substantial harm to the consumer as compared with the benefit of the disclosure or use of the information to the consumer(s) or to competition.
From the FTC's perspective, as referenced above, privacy concepts also rise in the context of specific consumer protection statutes providing oversight of particular industries, such as the banking industry. But there is no statute like that here.
With this historical backdrop, it is easier to understand why neither the FCC or the FTC have privacy rules in place which directly address the obligations of a "mobile content aggregator," such as a company that contracts with advertisers providing advertising content (content providers) to wireless users. These types of entities were not on the radar screen when the FCC's privacy regulations, or the FTC's governing statute, were enacted.
Self regulation
Not to be overlooked, the industry itself has played an extremely useful role in assuring that consumers are able to provide informed consent before information is provided to third parties. In the mobile context, the CTIA has devised the "Best Practices and Guidelines for Location Based Services." In it, CTIA focused on personally identifiable information that may be used in the context of services that rely on the location of the user to achieve the greatest degree of relevance and timeliness of information, such as advertisements, to users. CTIA's guidelines reach beyond consideration of just carriers. Rather, CTIA's guidelines extend to entities that use location information in their provision of service from wherever it is obtained. Under the guidelines, if an entity is going to use personally identifying information, it should seek prior informed consent. There are also other industry best practices that deserve consideration before using personally identifying information in a service. These include those of the Mobile Marketing Association. These are "living documents." They can be modified by industry as changes in information collecting or use occur. They will potentially be modified every year going forward, while the industry is in such flux. While each industry approach, including many not referenced here, views the solutions a bit differently, in my view many provide the flexibility that is essential to the continuing rapid evolution of services specifically targeted to users at the point and locations where they may make the best use of this information as well as satisfy many of the protections the FTC is trying to afford consumers.
In my view, as noted above, that doesn't mean that content providers in the mobile sphere are free to fail to protect the privacy of consumer personally identifiable information in the federal context, or that they may not abide by individual state laws or regulations that govern privacy. Failure to take consumer needs into account will in my view lead to the prospect of increased regulation, and potentially additional costs, including the loss of flexibility users of personally identifiable information now enjoy.
Judith St. Ledger-Roty is an attorney with St. Ledger-Roty Neuman & Olson LLP. Her practice has taken her before the Federal Communications Commission, the Federal Trade Commission, the Department of Justice, over thirty state commissions and federal and state courts as well as Congress and state legislatures.
SHARE
WITH: