by Cary J. Calderone
I had the pleasure of attending an event sponsored by the Churchill Club on Location and Privacy, Where Are We Headed? The panel members (listed below) represented a diverse group of very knowledgeable people connected to privacy law. They ranged from attorneys and privacy officers working for location based social networking companies, to a representative from the FTC concerned with regulating the players. After listening to the very interesting discussion can I provide a quick summary of the law for you? Not really. This is because the law is in flux and not very settled. Here is a video of part of the discussion on finding a balance between usefulness and safety.
Even the FTC has requested comments on its Proposed Framework for Businesses and Policymakers because they realize they may need more information to determine how technology can help or hurt their efforts to inform and protect consumers. With constant innovations to location-based technology, it will be even more challenging, but there are things you can do to be better prepared.
In trying to protect consumers, the policymakers and players are constantly struggling to "get it right." It is akin to the challenge of Goldilocks and the Three Bears; is the porridge too hot, too cold, or just right? There is value to information collected around a consumer's location, but how dangerous might it be? What about those who happen to be with the person who is posting pictures and checking in? The "second-hand smoke" of privacy? What about the risk faced by a potential criminal enterprise posing as a legitimate player in this space? Now let's compound this challenge by the Catch 22 that the policymakers face. The FTC has required more and more complete disclosure from companies whose websites collect information, but what are the odds the consumer will understand the disclosure, and be able to make an informed consent? This is a daunting challenge. We lawyers are trained to be specific and thorough when we write. But, easy for consumers to understand? Not so much.
The panel touched on another important issue that is caused by the fact that the location-based technology is evolving so quickly. Definitions have to be specific and yet open to future innovations in technology. For example, a company's policy may collect location based GPS information from a person who is aware of it. But what about recognizing that whenever somebody logs in from a computer, the header information and meta-data probably reveals more about the user's whereabouts than the user would ever believe? Does consenting to an obvious location based technology also include the less obvious technology utilized in the background? Or, what about the facial recognition capabilities that can find pictures of you in the background of pictures posted by complete strangers? And the pictures may be geographically tagged, letting people know where you were on a certain date and time? Call in sick and head to a ball game? Not a good idea if your friend decides to memorialize your outing with status updates and pictures. Or, it may be that stranger sitting in front of you with a camera phone who likes to post pictures? Or, how about the fact that your Smart Phone will send an email through a cell tower or Wi-Fi network that is at the ball park, and not your home or office? That too can be tracked! It really can start to sound scary. What information should remain private?
There were quite a few other interesting questions debated by the panel:
- Will there be a "do not track" list similar to the "do not call" registry?
- If you block all collection of data, do you effectively kill the value of the user's web experience?
- Where is the line? How can people have access and still be protected?
For a blogger who has attended far too many legal seminars where the materials and the speakers can be rather dry, this was an especially enjoyable event. The area is new and exciting and the speakers were passionate and entertaining. I will look for more DRED related topics at the Churchill Club and keep you posted.
Laura Berger, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission
Jim Dempsey, Vice President for Public Policy, Center for Democracy & Technology
Brian Knapp, Chief Operating Officer, Loopt
Brendon Lynch, Chief Privacy Officer, Microsoft
Owen Tripp, Chief Operating Officer, Reputation.com
Moderator: Melissa Parrish, Research Analyst, Forrester Research