Archive for March, 2012

Privacy Happenings

I think it’s becoming undeniable that privacy is an important issue right now for the web and for society.  A couple of developments over the past few days struck me as worth highlighting since they cut to some core issues as I see the privacy landscape.

The first is FTC Commissioner Julie Brill’s recent statements that without addressing data collection itself, “do not track” is really just “do not target.”  At a recent privacy conference in DC, Commissioner Brill said she wants more clarity on whether the advertising industry is pledging not to collect information about consumers or whether it is only agreeing not to target some ads to consumers (while using the data for other purposes).  I am glad to see her keep the focus on that critical distinction.  After all, the relevancy of ads is not the issue that concerns users.  If we can’t address data collection as part of do-not-track but allow do-not-track legislation/regulations/self-regulations to gain traction, it will obfuscate the real issue and provide a sense of protection when none (or very little) actually exists.

The second highlight relates to an issue that I see come up a lot in my law practice.  In fact, I blogged about this a few years ago here.  I think where the “rubber hits the road” for a lot of the data security issues is in company’s contracts with IT vendors (ISP’s, colocation facilities, CDN’s, etc.).  Few companies, even huge companies, don’t rely on a variety of IT service providers to store, transmit, and otherwise handle user data.  And those service providers usually want to disclaim or greatly limit liability if the data is breached and otherwise limit their obligations to provide adequate security and other protections.  Awareness of this issue is starting to get more attention, recently in the EU and also this week in the US, where a Network World article highlights the significance that liability for data breaches is taking on in IT outsourcing agreement negotiations.  I am glad to see this issue get more visibility because I think it has a lot of impact on user data security and privacy even though it’s not necessarily a sexy topic the way mobile apps and other privacy topics may be.  IT vendor contracts are not headline grabbers.  But they matter (and the data breaches that may result from them ARE headline grabbers), and I hope they continue to get the attention they deserve in the privacy debate and from IT service provider customers.


Read Full Post »