We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception.   “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks to the European Union’s General Data Protection Regulation (“GDPR”) (93 days and counting…) and its codification of “privacy by design and default” in Article 25.

Privacy can also be a key differentiator and a competitive advantage.  Read on for some points that can help drive your data privacy/data management program. Continue Reading How to Leverage Privacy as a Key Competitive Advantage

As we have been saying since the beginning of the new session of Congress, it appears that privacy is the true bipartisan issue.   Evidence of that was front and center yesterday as Senators John Kerry (D-MA) and John McCain (R-AZ) introduced their “Commercial Privacy Bill of Rights” requiring businesses that collect, use, store or transfer consumer information to implement data privacy protections when developing products (“Privacy by Design“) and providing consumers with choices about how data are used, collected and shared.

The “rights” set out in the legislation include:

  • Security and Accountability — authorizes the Federal Trade Commission to require strong data protections and implementation of “privacy by design” for all companies
  • Notice and Participation — authorizes the Federal Trade Commission to rule requiring clear and concise notice and providing choice for consumers
  • Data Minimization, Constraints on Distribution, and Data Integrity — imposes limits on the amount of information companies may collect, the period of time such information may be retained, and on uses of information shared.

Comprehensive privacy legislation at the federal level has been discussed for many years, but this is the first actual legislation to be introduced in the Senate in ten years.

The details of the legislation have been widely reported.  After the jump, we publish links to major reporting on the legislation.

Continue Reading Kerry and McCain Introduce Commercial Privacy Bill of Rights

Written by Stu Eaton

Our ongoing effort to summarize the comments (see post here) filed in response to the FTC’s Privacy Framework continues this week as we focus on the Telecommunications and Media industry.  The bulk of the comments came from the telecommunications industry, including key players such as AT&T, Verizon, the National Cable and Telecommunication Association (“NCTA”) and CTIA- The Wireless Association (“CTIA”).   As a whole, the telecommunications industry’s comments focused on the following four issues:  

  • Continued industry self-regulation based on best practices identified by the FTC; 
  •  Ensuring that any framework is competitively neutral; 
  • Maintaining the distinction between PII and Non-PII; and 
  • Consumer notice and choice (including “Do Not Track”).

 More detail on each topic after the jump.


Continue Reading Review of Telecom/Media Industry Comments to FTC’s Privacy Framework

Written by Stu Eaton

In our continuing effort to summarize the more than 400 comments posted in response to the FTC’s Privacy Framework, we have organized our summaries into the following five industry groups: Retail/Promotion/Advertising; Software/Technology; Telecommunications/Media; Privacy Advocates/Government; and Financial Services/General Business.

This week we reviewed the comments posted by companies and trade groups in the Retail, Promotion and Advertising sector.   Despite a large number of comments which covering a broad range of topics, the industry’s comments as a whole focused on the following eight issues of concern:

  • Continued use of self-regulation and education as the primary enforcement vehicle;
  • How online advertising benefits consumers and the economy;
  • Regulation of non-personally identifiable information;
  • Implementation of a “do not track” mechanism;
  • The lack of a flexible criteria for determining “commonly accepted” practices that do not require consent;
  • Continued use of “opt-out” as the preferred method of consent;
  • The FTC’s proposal that online marketers allow consumers to access and correct marketing data; and
  • The FTC’s proposal to limit data retention periods.

A detailed discussion of the industry comments for each of these topics is discussed after the jump.

Continue Reading FTC Privacy Framework: Comments from the Retail/Promotion/Advertising Industry

As we’ve discussed here since December (here, here), the Federal Trade Commission has been in a public comment period for its Privacy Framework.  The comment period closed last Friday, and more than 400 comments were filed by individuals, government agencies (both US and international) and industry groups and representatives.   Over the next few days, we’ll review and summarize the comments received.


Written by Stu Eaton

Massachusetts Attorney General Martha Coakley filed a comment letter with the FTC, on behalf of the Attorneys General of fourteen other states[1] (the “States”).  The States’ comment focused on three of the questions raised in Appendix A the Privacy Report regarding: (i) whether companies should provide substantive privacy protections in addition to those set forth in the report; (ii) the scope of the definition of sensitive information and sensitive users; and (iii) whether the FTC should explore additional protections in the context of social media services.

The States’ also argued that any federal laws or regulations protecting consumer privacy should not preempt states from enforcing their own laws and regulations.  As you’ll recall, Massachusetts has one of the toughest set of data security regulations in the country.

Notably absent from the proceedings was the California Office of Privacy Protection, which said it lacked the resources to prepare a comment but, after being contacted by Mintz Levin, explained that it approved of the FTC’s apparent effort to resurrect the forgotten Fair Information Practice Principles that would provide consumers with meaningful choices and more control over personal information by limiting the collection and use of that information.

Details of the AG’s letter after the jump. 


[1]               Attorneys General from the following states were also signatories to the letter: Arizona, Illinois, Indiana, Iowa, Montana, Nevada, New Mexico, New York, North Dakota, Rhode Island, Tennessee, Vermont, Virginia and Washington.

Continue Reading Federal Trade Commission receives large number of public comments

“Privacy by Design,” is a concept introduced by Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, way back in the 90’s.  Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.  It was discussed at length in the FTC’s Privacy Framework, and should be considered at every stage of development of technology.

Mark Lieberman has an excellent discussion of “Privacy by Design,”    in today’s MediaPostGood reading.