FEATURE28 January 2014

Top 10 US data privacy players

Who are the top 10 US government players in consumer data privacy in 2014? The Marketing Research Association (MRA) counts down its list, in celebration of Data Privacy Day ( 28 January).


10. California Attorney General Kamala Harris

California often takes the lead on privacy regulation, tacitly using peer pressure to influence the federal government to follow. California Attorney General (AG) Kamala Harris has been active on mobile apps privacy, releasing a report last year after the AG’s office came to agreement with a bunch of app platform providers and stepped up enforcement on mobile apps of California’s law requiring online privacy policies. She will also soon be enforcing new state laws requiring transparency in online behavioural tracking and giving minors an online “eraser button.” California also will continue to be at the forefront on data security – Harris released best practices on data security last year, and has an expanded new law on breach notification coming into force.

9. Senator Ed Markey

Senator Ed Markey has had a hand in many privacy laws and regulations during his tenure. Although a newcomer to the Senate (via a special election in June 2013 ), Markey served in the House of Representatives for 37 years, during which time he helped author the Children’s Online Privacy Protection Act (COPPA), a landmark law restricting data collection and sharing from minors online under the age of 13, and was involved in many other consumer privacy issues as a leader on the House Energy & Commerce Committee and co-chair of the House Privacy Caucus. Although focusing at the moment on aerial drones and government surveillance, Markey has reintroduced the Do Not Track Kids Act, which would extend COPPA privacy restrictions to teenagers and require an online eraser button. He also has launched his own investigations of companies for their online and mobile privacy practices. Now part of a Democrat Senate majority, a member of the Senate Commerce Committee, and benefiting from the inherently greater platform as a U.S. Senator, MRA expects Markey to play an even greater role in consumer data privacy debates.

8. Representative Marsha Blackburn

Currently in the spotlight for co-chairing a bipartisan House Privacy Working Group with Rep. Peter Welch (D-VT), Rep. Marsha Blackburn has made no secret of her views on consumer data privacy. In 2011, she and Rep. Pete Olson (R-TX) spearheaded an MRA-supported effort to limit FTC authority to expand the definition of personal information during a Subcommittee markup of the Safe Data Act. The data security bill already covered the standard types of data that could lead to criminal abuse of consumers and it is very difficult to go beyond that standard without sliding down a slippery slope where almost any piece of information could ultimately be included in the FTC’s definition of “personal information.” The Subcommittee eventually agreed with Blackburn, Olson and MRA. Last year, Blackburn offered cyber security legislation incorporating similar data security provisions with succinct definitions and limited legal scope favourable to the research profession. She has previously chastised the FTC for going beyond their legal bounds in their privacy regulatory efforts and the White House for lacking credibility on consumer data privacy issues because of the trouble with Edward Snowden and government surveillance. She also has recently called for caution in approaching regulation of Big Data, something which “government is uniquely unfit to control.”

7. Senator Al Franken

Far removed from his comedic days on Saturday Night Live, Sen. Al Franken has quietly and carefully built his expertise and involvement in consumer data privacy with his chairmanship of a Privacy, Technology, and the Law Subcommittee, launched in 2011. Starting with investigations of online behavioural tracking and mobile privacy, Franken delved deeper into location data concerns, joining his fellow Subcommittee member Chuck Schumer in investigating retail shopper location tracking, and crafting legislation to require express prior consent to collect or share geolocation information from a consumer’s cell phone or mobile device. The resulting Location Privacy Protection Act passed the Senate Judiciary Committee at the end of 2012; it died at the end of that Congressional session and he plans to reintroduce it soon. Most recently, Franken has been investigating automobile location services (like OnStar), worrying that, “Minnesotans and people across the country need much more information about how the data are being collected, what they’re being used for, and how they’re being shared with third parties.”

6. FTC Commissioner Maureen Ohlhausen

Federal Trade Commissioner Maureen Ohlhausen, one of two Republican members of the five-member FTC, plays an important role in trying to add a “dose of regulatory humility” to the privacy regulatory authority in the U.S. with the most impact on the survey, opinion and marketing research profession. Of course, Ohlhausen is no shrinking regulatory violet, supporting strong enforcement measures against companies that cause tangible privacy harms, under the FTC’s existing Section 5 authority regarding “unfair or deceptive acts or practices in or affecting commerce.” She recently stated that the FTC’s authority can be wielded effectively to punish and prevent such privacy mis-practices in the Internet of Things and Big Data, but that it would be “generally inappropriate to prohibit preemptively the collection of data.”

5. Representative Lee Terry

The Chairman of the Subcommittee on Commerce, Manufacturing and Trade, Rep. Lee Terry, has primary authority over consumer data privacy policy in the House of Representatives. He has taken a cautious approach to data security legislation, building “a wall” to separate it from privacy issues (unlike his predecessor’s approach with the 2011 SAFE Data Act). Instead of pursuing comprehensive privacy legislation, Terry has empowered a small group of Subcommittee members to launch the House Privacy Working Group, to come to consensus on consumer data privacy issues and possible legislation. He has also focused the Subcommittee’s work on regulatory impediments to international digital trade, defending the U.S.-European Union (EU) Safe Harbor for data transfer and the “flexibility” of the U.S. privacy regulatory regime, as the U.S. and EU try to hash out a transatlantic trade deal. As Terry puts it, “going to a European data security and privacy position is deadly.”

4. FTC Commissioner Julie Brill

Joining the FTC in 2010, Commissioner Julie Brill has brought a keen focus on privacy issues indicative of her prior two decades handling consumer protection cases as Assistant Attorney General in Vermont. She has been at the FTC through consideration of a variety of privacy issues, such as online behavioral tracking and mobile device privacy, the release of the FTC’s Privacy Report, and settlements with big technology companies like Facebook, as well as the more recent enforcement against marketing research company Compete. Brill also has led the FTC’s campaign against data brokers, which she dubs “Reclaim Your Name.” Data brokers are an undefined class of companies that collect and share personal information that may or may not include survey, opinion and marketing research companies. Whatever regulatory decisions on privacy await, Brill will help craft them.

3. Senator Jay Rockefeller

“It’s the right of an American not to be tracked.” That quote sums up the thinking of Sen. Jay Rockefeller on consumer data privacy issues. The Chairman of the Senate Commerce Committee is in a good position to do something about it, but he has a short time remaining to accomplish it: he will retire at the end of 2014. That brings fresh urgency to his efforts. Rockefeller’s Do-Not-Track Online Act (S. 418 ) would launch a federal “do not track” standard for online behavioural tracking, allowing individuals to opt out of having data collected about their online activities. The standard would appear to treat all tracking the same, regardless of purpose, and thus restrict the use of cookies, IP addresses and other online data for research purposes. The Chairman also continues an investigation of data brokers (without any clear definition of the term, just like Brill and the FTC), referring to them as part of “a dark underside of American life in which people make a lot of money and cause a lot of people to suffer.” Rockefeller ranks so high on this list because he not only has the opportunity, but his seniority and impending retirement may catalyze the veteran Senator’s views to be codified as laws or regulations.

2. FTC Chair Edith Ramirez

Appointed to the FTC in 2010, and rising to the Chair in 2013, Edith Ramirez (D) is in the most powerful position at the most important privacy regulator. While the FTC already has broad authority to regulate “unfair or deceptive acts or practices in or affecting commerce,” Ramirez has at times echoed her predecessor, John Leibowitz, in advocating for expanded FTC powers. Meanwhile, the FTC continues to punish mistakes and wrongdoing in consumer data privacy, such as the deceptive collection of location data with a mobile app, and companies purportedly pretending to adhere to the U.S.-EU Safe Harbor when they do not. The FTC intensely scrutinises companies’ privacy and data security practices and seeks to bring them into compliance with (sometimes vague) standards through complex and costly settlements. Anyone who fails in their privacy practices could find themselves at the wrong end of the FTC’s sharp spear. Ramirez recently warned that the Internet of Things could “swell the ocean” of Big Data and cause major privacy risks, calling upon companies to be good stewards and abide by the principles outlined in the FTC’s Privacy Report. Researchers would be wise to pay attention.

1. President Barack Obama

President Barack Obama tops our list of the biggest government players in consumer data privacy, for two key reasons: ( 1 ) the multistakeholder approach advocated in the White House’s Consumer Privacy Bill of Rights initiative and ( 2 ) the use of his bully pulpit to indirectly demonise private-sector data collection. On the first point, the Consumer Privacy Bill of Rights spawned the NTIA multistakeholder process for mobile apps privacy in which MRA participated, which wrapped up somewhat ambiguously this past summer. Many industry stakeholders, like MRA, remain committed to positive results, for fear that activists will seize upon failure to push for aggressive regulatory manoeuvres instead. The multistakeholder process’s next focus, privacy in facial recognition technology, may hold significantly greater promise, since the technology’s uses are still emerging and stakeholders’ positions may not yet have hardened. On the second point, President Obama tried to distract somewhat from concerns about reforming government surveillance during his remarks on January 17th by comparing the NSA to private-sector data collectors: “Challenges to our privacy do not come from government alone. Corporations of all shapes and sizes track what you buy, store and analyse our data, and use it for commercial purposes.” In the same speech, he promised that his advisor John Podesta would “lead a comprehensive review of big data and privacy.” While it remains to be seen if the Administration intends to look at only citizen’s privacy from government surveillance, or if consumer privacy will be a major part of it as well, reports indicate that the White House has been drafting its own comprehensive consumer data privacy legislation, partially spurred on by EU proposals. That would seem to mean that anyone involved in the private sector data business, including survey, opinion and marketing researchers, will need to be on the lookout for more action from the White House this year.

Honourable Mentions

Senator Chuck Schumer

The outspoken Senator and member of the Senate Judiciary Committee made his mark on privacy by leading the charge for transparency in retail location analytics. Starting back in 2011, when he helped shut down a Black Friday research study by Path Intelligence, Schumer has pushed for at least minimal consumer notification and a chance for opting out of efforts to track their cell phone movements around retail establishments. MRA generally supported his efforts. They bore fruit last fall with an agreement on a code of conduct for location analytics companies requiring them to post signs alerting shoppers that tracking is going on and how they can opt out. What issue he decides to dig into next could determine his prominence on consumer data privacy in the future.

FTC Commissioner Joshua Wright

The newest FTC Commissioner, Joshua Wright joined in early 2013 and has spent much of his time trying to clarify the “vague and ambiguous nature” of the FTC’s statutory authority, as he explained at a TechFreedom event on December 16. The only reason he did not make the list was his overriding focus on the antitrust side of the Commission’s authority, rather than consumer protection. While antitrust can certainly impact privacy issues, it is rarely front and center.

Senator Richard Blumenthal

Building on his ambitious enforcement efforts as Connecticut Attorney General, freshman Senator Richard Blumenthal already has been involved in consumer privacy in Congress. While his ambitious 2011 bill on privacy and data security (the Personal Data Protection and Breach Accountability Act), which included enforcement with private lawsuits, did not go far, he now sits on both of the key Senate committees impacting consumer privacy: Judiciary and Commerce. Both platforms could combine to give him greater influence n the future.

John Verdi

If the next round of meetings in President Obama’s multistakeholder process are to reach useful conclusion in a workable code of conduct for facial recognition privacy, John Verdi will be key. Stakeholders began the first round of meetings, on mobile app privacy, with a professional facilitator. However, after a few sessions, Verdi, NTIA’s director of privacy initiatives, stepped in as an indefatigable and fair moderator. The first round ended somewhat ambiguously, producing a code of conduct for mobile app privacy that hardly anyone has adopted, but it was a sold first step. If the stakeholders can reach agreement on a code of conduct for facial recognition, Verdi will certainly increase his influence further.

Howard Fienberg is director of government affairs at the MRA.


Marketing Research Association (MRA)