Stakeholders Debate NTIA Role, FTC Defends Involvement in Mobile Privacy Process
Mobile privacy stakeholders expressed concerns about NTIA-facilitated discussions that spanned the last year and sought to develop a code of conduct on how app developers inform users of their privacy policies, during a Thursday meeting convened by the agency. Administrator Larry Strickling praised the process and its outcome, saying he “couldn’t be happier with the results” and described the group’s work as “a learning experience for all of us.” John Morris, NTIA director-Internet policy, described the process as an “extremely constructive and productive conversation."
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Stakeholders disagreed over the needed level of involvement from NTIA. “NTIA needs to be substantially more involved as a referee,” said Joe Hall, Center for Democracy and Technology senior staff technologist. NTIA should work more actively with stakeholders between formal meetings to coordinate discussions that move the process forward, he said. Morgan Reed, executive director of the Association for Competitive Technology, urged NTIA to foster “greater participation in the education around the subject.” The discussions on mobile app practices didn’t always fit with “how things were done in the wild,” he said. Genie Barton, Council of Better Business Bureaus vice president, said NTIA doesn’t need to take a more active role.
The FTC should replace NTIA as the government entity at the helm of privacy stakeholder processes, said Center for Digital Democracy Executive Director Jeff Chester in a report evaluating the NTIA process (http://bit.ly/14c4Zxz) and at Thursday’s meeting. The FTC is “always willing to consider ways to improve our role in the process,” but is unlikely to consider taking on the role Chester described, said Division of Privacy and Identity Protection Assistant Director Chris Olsen. “We view ourselves as the enforcers” of voluntary codes like the one produced by the NTIA process, he said. As enforcers, “we are less well-suited than the NTIA to serve a convener role ... and think the NTIA should continue to serve in that role."
On previous criticism that the FTC provided feedback too late in the process and should have committed to providing safe harbor protections to signatories of the code, Olsen said: “We were pretty clear that we couldn’t offer a safe harbor at the outset of the process. It’s very difficult for the FTC to offer any sort of advanced blessing before the process even starts.” Olsen pointed to reports and other forms of guidance issued by the FTC during the stakeholder process. “We hope that groups like this ... take into account the reports we generate,” he said. Olsen cited an FTC report from earlier this year on mobile privacy that addressed the role of application platforms, which were not included in the defined scope of the NTIA process. “I came and provided a briefing to the group on that report ... encouraging the group to consider that,” he said.
A code that is directed at industry should be drafted by members of the industry, said Direct Marketing Association Senior Vice President-Government Affairs Jerry Cerasale in comments to the NTIA and again during Thursday’s meeting. “Industry is in the best position to ensure that a code is technically workable for adhering companies, and industry multistakeholder groups have demonstrated in numerous cases the ability to draft robust, enforceable codes that are widely adopted,” he wrote. The code should consider the positions of the people it affects, he said during the meeting. “If it’s something that industry can’t live with ... it’s not going to happen."
The process was harmed by the way drafting power was consolidated, stakeholders said. “There has to be some clearer way how the handling of the pen was assigned,” said Bill Baker, privacy lawyer with Wiley Rein. He described the drafting process as “kind of opaque.” There “were some major issues that really never got addressed or solved” once they were submitted to the drafting group, he said. Hall suggested the next process involve “small sets of editors,” ranging from one to three people. Members of the group need more time with each new draft and its amendments, participants said. Meetings were dominated by “eleventh-hour” changes to the texts, Reed said.
Stakeholder efforts aren’t productive, and privacy legislation is needed, privacy advocates said. Consumer Federation of America Director of Consumer Protection Susan Grant described the process as “horrible.” What “we really need is a basic privacy law that creates a framework under which the stakeholders could conceivably fill in some things” around specific issues, she said Thursday. The White House should release “its long overdue privacy legislation,” Chester said. “We are waiting, and I think our European colleagues and allies are waiting for this legislation.”