On March 24, 2016, the Massachusetts Attorney General’s Office gave us a glimpse. In collaboration with Harvard’s Berkman Center for Internet and Society, and MIT’s Internet Policy Research Initiative and Computer Science and Artificial Intelligence Laboratory, the AG’s Office convened a “Forum on Data Privacy.” In this first-of-its-kind conference, stakeholders from government, academia, business, and consumer groups assembled to discuss the inherent problems with consumer data collection and usage, and to search for solutions. Attorney General Maura Healey emphasized the importance of the problem, and expressed her concerns about the ubiquitous collection of consumer data in e-commerce. Noting the real and potentially deleterious effects on ordinary citizens, especially the most vulnerable, Healey identified three important areas where the AG’s office might begin to focus in the coming weeks, months, and years:
- Use of consumer data to discriminate (for example using zip codes as a proxy for race in targeted advertisements).
- Inaccurate consumer data being bought and sold in the market, which can often lead to frustrating consequences for consumers.
- Use of consumer data to charge certain categories of customers more for the same products.
Healey also acknowledged the importance of balancing the protection of consumers with tech innovation, suggesting that regulations that might be crafted in Massachusetts would need to account for both.
This tension — between the privacy of ordinary consumers and the need to grease the wheels of innovation — was a common theme throughout the day’s two panel discussions. In both panels — one entitled “Consumer Privacy Risks in an Evolving Digital Market Place” and another on “The Role of States in Protecting Consumer Privacy,” experts from industry, academia, as well as consumer protection advocates, volleyed theories about how best to balance the potentially competing initiatives. Carole Rose of the ACLU best summarized this dilemma in explaining that technological innovation is not in direct conflict with civil liberties, but there is always a potential for erosion of civil liberties as technology advances. As a result, in her view, all parties must remain vigilant.
The spirited dialogue between industry and consumer advocates exposed both consensus and disagreement about the future of data privacy regulation. Industry representatives acknowledged the need for better transparency and privacy controls, but also expressed frustration with the patchwork of state laws regulating consumer data collection and storage. They expressed concern regarding the inability of smaller companies to comply with the labyrinth of state laws and its potentially stifling impact on innovation. In unison, they called for comprehensive federal action. Consumer advocates similarly called for a refresh of the regulatory framework, but for different reasons. They protested the outdated web of privacy laws based on subject matter (health information, student information, financial information) and called for comprehensive reform. Consumer advocates, though, called for state action noting the inability (or unwillingness) of Congress to act in this space. Specifically, advocates called for a Consumer Bill of Rights which would provide law enforcement with a broad and principled foundation on which it could stand and protect vulnerable consumers. They also implored state Attorneys General to more actively pursue bad actors under current consumer protection laws, and called for emboldened consumer protection laws specifically targeting consumer data abuse and misuse. Assistant AG Sara Cable appreciated and acknowledged both sides of the debate when presenting the AGO’s vision for the future. She expressed her belief that this dilemma requires state action of some form, and alluded to the possibility sharpening ch. 93A’s blade with a rulemaking specifically addressing unfair consumer data collection and/or use practices. In the end, though, her message was inclusive. She called on stakeholders to openly discuss this topic and welcomed continued input from panelists and attendees.
Ultimately, the AG’s conference on data privacy is potentially a critically important step in the development of privacy rights in Massachusetts (and one that could eventually be replicated nationally). Given the number and variety of interested attendees and panelists, it is apparent that this is an issue that not only government, but industry leaders and stakeholders of all kinds are taking seriously. Anticipate developments in this space; we will keep you updated.