2013: Privacy Makes a Comeback

My last post of the year, more or less, is a short toast to Privacy. I raise my glass to wish Privacy better health in 2014 as it regains its strength from a serious illness, which some said would send it to its grave, or at least into a long coma from which it would never recover. Driven partially by consumer disinterest and/or ignorance about what’s being collected, and, alas, minimal regulations, social startups and even more established Interbytes companies over the last few years have barely acknowledged that their subscribers have any right to privacy.

At least one publicly-traded social media icon continually deceives users about what it’s doing with their data. What kind of example is that for impressionable new, young companies?

Over on another channel, I’ve been writing about how a shift in regulatory policies at the federal level may ultimately change the privacy environment through either better enforcement of existing rules, enactment of new and stronger laws, or spurring higher privacy expectations and demands from consumers. Or a little bit of all of the above. On that last point, we can thank a former government-employed sys admin for raising public awareness about the personal information that social media companies do collect.

Meanwhile over at the EU, there’s been a massive regulatory battle this past year involving consumer consent for third-parties to use their own personal data, consumer’s ability to view and correct said data, “right to erase” the data, and overall data security obligations for companies to protect this data. The opposition to the new regulations has been led mainly by US Interbits companies, but the final EU rules–yet to be voted on by the EU Parliament–are a large step in the right direction. By the way, we have EU regulators to thank for enforcing its existing regulations to force the aforementioned publicly traded US-based social media company to allow subscribers to download and view their own personal data.

Some of these EU ideas–which really originated over 30 years ago from a US Marshall Plan derivative known as the OECD–have been making their way into our own FTC’s privacy policies. Under the concept of “privacy by design”, the FTC is advocating minimal data collection of personal data, data transparency, explicit consent, sensible retention policies, and a more enlightened view of data anonymization.

The FTC has a lot of work ahead of it. It’s striking to read the privacy policies of Euro-based tech companies versus their US counterparts. Here’s an excerpt from one such US company’s terms of service:

.… we cannot assure you that the personal information that we collect will never be disclosed in a manner that is inconsistent with this Privacy Policy

Charming, no?

Anyway, the FTC recently hired a new chief technologist. For those in the privacy community, Latanya Sweeney is pretty close to a legend and helped originate a more modern notion of anonymity. She dramatically showed back in the 1990s that hospitals should never, ever release anonymous health information that includes birthdate and zip code. We have Sweeney to thank for better definitions of personally identifiable information or PII in US laws and regulations, especially HIPAA.

That’s it for me. Have a great New Year!

Photo credit: LincolnGroup11