Posted below is another contribution from my colleague David Broadwin on our Emerging Enterprise Center blog about the potential for legislative change in 2011. I agree with the conclusions he draws:
- This is an area where bipartisan concensus is possible.
- The industry powers will fight against “Do Not Track” and will win that fight.
- Industry will accept some other form of regulation in exchange for defeating “Do Not Track.”
We could see passage of a federal data security and privacy statute, not unlike those that the various states have been adopting. The states have already passed models for such legislation and have shown that these increased protections can be implemented without too much opposition from the business sector. Also, adoption of a single standard for data security and privacy could actually relieve some of the regulatory burden on business: instead of having to comply with 50 different state laws, there would just be one federal law. This is the very same logic that led to the passage of HIPAA (and its standards for health information privacy) in 1996.
* * *
The other day at Mass TLC’s Mobility Summit I had a brief conversation with Mark Herrmann (an entrepreneur here in Boston) that touched on the FTC’s recent proposal for protecting consumer privacy online. We were talking about the “do not track” proposal and the consensus in the tech industry that it just won’t fly.
“It is creepy that ‘they’ can and do track you out in the net, but ‘creepy is the new cool.’” There is just no question that some people accept the fact that they are being tracked and fed targeted online advertising. It is not just OK by them; it’s a value add. I don’t disagree. But, for anyone who has read “1984” (and even a lot of people who haven’t) the notion of being tracked is creepy. There are a lot of these folks – perhaps a significant majority of the U.S. population – that feel this way.
In 2011 the FTC and Congress are going to pay attention to these concerns. It is good politics.
Prediction #1: Legislation in this area will be one of the few places where we will see bipartisan consensus in the next Congress.
Why: No Congressperson wants to be opposed to consumer privacy, and they all want to have supported some legislation that passed, when running in the next election. Mark (and others) made the point that if you really end tracking, you will end Facebook. So, whatever happens it won’t be that. However, the political snowball is rolling down the mountain – there will be regulatory activity around consumer privacy. The only question is: What will be the nature and scope of the activity? The big boys (those with well established businesses that either make money or have ready access to capital) are going to be lobbying hard for a regulatory framework that does not dent their current business model.
Prediction #2: The big boys will fight anything that disrupts tracking and they are going to win this battle – no one in Congress wants to run on the platform that they put Facebook (or others) out of business. But the big boys are going to have to trade something. The easy things for them to trade are procedural protections for the consumer.
- The FTC wants the industry to adopt “privacy by design” principles. This means that companies should adopt internal processes to promote consumer privacy and security protections into their daily practices and to consider privacy issues at every stage of design and development of products and services.
- The FTC wants the industry to make consumer data more available to consumers. This means allowing for increased consumer access to data collected.
Prediction #3: The big boys will trade lots of procedural protections for the consumer to prevent substantive regulation that will directly affect their business models.
Why: The big boys can afford the administrative burden implicit in procedural protections. It is just a matter of more money, more people and more oversight. A company that is well established and profitable or that has easy access to capital can afford to write the code, hire an army of new engineers, consultants, lawyers etc. and create an entire Department of Privacy Compliance and Protection. In fact, to the extent that having to do all that makes it harder for start-ups, it may even be helpful to the established companies. Some folks I talk to have expressed real concern about this looming regulatory push and how it might affect the entire ecosystem for digital media start-ups. There is still a chance to influence the inevitable regulation that is upcoming and I am working on assembling a group of industry leaders to do just that. I recently sent out a letter (here’s a link) to people I thought might be concerned enough to actually do something.
Read it and let me know what you think.