Federal Trade Commission (FTC) Chairwoman Edith Ramirez, acknowledging the increasingly important role that her agency plays in protecting consumer privacy, recently put forward an intriguing policy proposal. She called on the FTC to stay on top of the latest research in data security and privacy in order to foster a marketplace where technology flourishes and consumer privacy is safeguarded.
In doing so, Ramirez conveyed a realistic recognition of the gap between the FTC’s broad legal authority for online privacy issues and its available internal resources to stay current with new methods that may cause harm. However, she was not urging more filings by lawyers or studies by economists regarding the rapid growth of online activities.
Instead, Ramirez appealed to industry professionals, because they understand the underlying technologies that drive the market. These technologies have the ability to hurt millions of American consumers through spam, viruses, and hacking. The daily headlines report on a regular basis about how online customers of a retail chain or a financial institution were exposed by small groups who intentionally wreak havoc on those who trusted in the integrity of their transactions.
“Technologists are important to policymaking for a number of reasons,” Chairwoman Ramirez noted. “They can help shine a light on privacy and security gaps. They can develop honeypots, crawlers, and other tools to highlight the type of information companies collect, to identify what kinds of choices consumers are making, and to assess whether these choices are being respected.”
In short, she said that the FTC had heard from technologists before, “but not as much as we’d like—we need more of them to weigh in” on issues such mobile and online tracking or the collection of other personal data such as geolocation.
Beyond a general appeal for their greater involvement in relevant FTC proceedings, Chairwoman Ramirez is organizing a regular forum at the FTC that will bring together leading privacy and security researchers to present and discuss their findings with policymakers. The first meeting of this group, called PrivacyCon, already is being planned for the beginning of 2016.
A number of probing questions are expected to be on the table at this session. For example, are there new or undiscovered data sets that would provide more insight into consumer preferences? Can technology be harnessed to enhance consumers’ control of their personal information? What are the most effective ways to enable consumers to make informed choices?
With this type of specific issue framing, PrivacyCon promises to yield valuable information that the FTC will be able to incorporate in ongoing enforcement efforts and in long-range policy planning. PrivacyCon also can stimulate broader conversations among industry groups and consumer advocates, who will continue to shape our nation’s online privacy protection agenda.
A model for other agencies
But these concerns are not just those of the FTC. The Federal Communications Commission (FCC), under the leadership of Chairman Tom Wheeler, is expanding that agency’s influence on future directions for the Internet. The FCC’s controversial Open Internet Order, adopted in February 2015, currently is being litigated before the U.S. Court of Appeals for the D.C. Circuit. Regardless of the outcome of that case, the need for greater input and feedback from technologists has real resonance for a range of matters before the FCC.
If the FTC establishes PrivacyCon as a successful model for greater engagement with policymakers, it would make sense for the FCC to adopt it in a separate forum under its own auspices. Other federal government units may be interested in this model as well. The Department of Health and Human Services is a case in point, since it oversees health care reform that depends on consumer confidence in online data and transactions.
FTC Chairwoman Ramirez should be commended for taking a concrete first step that her government colleagues throughout Washington can emulate. Hopefully, they will be sending teams of observers to the first PrivacyCon meeting to listen and learn.