Policy

Privacy: Trust But Verify

2/28/2011 12:01 AM Eastern

As adminstrator of the Commerce Department’s National
Telecommunications & Information Administration,
Lawrence Strickling is the Obama administration’s chief
telecom policy adviser, and he has plenty to say about
the issue of protecting privacy in the broadband world. Commerce, headed by Secretary Gary Locke, is putting
the final touches on a report that will represent its
best advice on how government and industry can work
together to protect that privacy. Strickling told Multichannel
News
Washington bureau chief John Eggerton that
he is all for self-regulation, but says there will need to be
government enforcement. An edited transcript follows:

MCN: NTIA is taking the lead on privacy for Commerce.
How important is the issue?

Lawrence Strickling: Our goal is to promote consumer
privacy online while ensuring the Internet remains a platform
for innovation, job creation and economic growth.
Given the growing importance of online commerce to the
American economy, this is a very important issue. For example,
domestic online transactions are currently estimated
to total $3.7 trillion annually.
For online commerce to continue
thriving, consumers must be able
to trust the Internet. Privacy is a
very important piece of that.

We are also very much committed
to preserving innovation on
the Internet, which we think calls
for having a flexible approach to
privacy that can deal with new issues
quickly when they emerge,
as opposed to being tossed into
the regulatory bin where they get
solved in two or three years, when
we have moved on to other issues.

So flexibility is key. That is why
we recommend baseline privacy
obligations concerning how online
companies collect and use
personal information for commercial
purposes. These obligations
— Fair Information Practice Principles,
as they’re called — would
be akin to a Privacy Bill of Rights
that everybody understands. But
then codes of conduct would be
created for specific services based
on these principles. The codes would be created with input
from the full range of stakeholders and need to be enforceable
by the appropriate parties. In our green paper we
suggested that the FTC play that role as the enforcement
agency. [The green paper is a proposed policy framework for
privacy protection].

MCN: When does the green paper become a white paper?

LS: We are in the process now of doing just that. Comments
were received as of Jan. 28. So folks are starting to take a look
at those comments. We will also be involved with the other
agencies in a detailed process as we work through our comments
and recommendations. Our hope is that the white
paper speaks not just for the Department of Commerce, but
for the administration.

MCN: The Commerce Department has been pushing selfregulation
on privacy. How long does the industry have?

LS: I would push back on the idea that it is a self-regulatory
mechanism. We do recommend that as an important component,
but there are really three aspects that need to be
taken together. The first is having the baseline, a certain
level everyone must satisfy. Second is giving the industry
the opportunity to prepare these codes of conduct to maintain
the flexibility. But the third piece is the enforceability of
those codes of conduct. You have to take the three together
rather than just say this is a self-enforcement recommendation.

MCN: But if you have government enforcement of voluntary
codes, isn’t it regulation by proxy?

LS: We’re looking at what works and what doesn’t and what
is going to provide flexibility for Internet industries to evolve
and innovate and provide real protection for consumers.
The key is what is going to produce results.

Part of what we did in the green paper is to look back over
the past 15 years at what has worked well and what has not
worked well in the Internet privacy environment. And we
think that industry initiative has created a lot of very positive
sets of privacy practices. But we need to inject a greater
sense of urgency into that process and we need to broaden
that process to ensure practices are taken up by players
throughout the Internet environment.

MCN: Does the paper recommend
an opt-in over opt-out
regime?

LS: We are taking a much
broader look at the privacy environment
than just opt in vs. opt
out. We have pointed to the full
set of fair information practice
principles as the set of baseline
protections that we think everyone
needs. So, one of those
obviously is a principle involving
consent or choice. There
are going to be different ways to
implement that in different situations.

MCN: Federal Trade Commission
chairman Jon Leibowitz
suggests that there is less ‘sky
is falling’ rhetoric from industry.
Are you getting a sense from
industry that it will be able to
work with the government on a
privacy solution?


LS: We are just now analyzing
the comments, but anecdotally, now that the document
is actually out there, as opposed to just press reports, rationality
has been restored to the discussion.

MCN: There are privacy bills teed up, one mandating a
do-not-track option, one without. Do you support either?

LS: It is too soon to tell what the administration
position will be.

MCN: Are you concerned at all that you might have a
tendency to under-regulate privacy for fear of hurting
the economy?


LS: I don’t think that is the choice we are making here. I
said one of our bedrock principles is flexibility. To some,
that may look like under-regulation. But I think we can
have a flexible approach here that is quite responsive to
issues as they arise in the marketplace. And I think that is
more important than spending two years writing regulations
or passing laws. It is more important to have rapid
response to the issues when they emerge, which in our
mind we think depends on how well industry can respond
to these things.

September