Tag Archives: Consumer Privacy Bill of Rights

Twitter to Sell Two Years' Worth of Old Tweets. What's wrong with you?

epic.org writes that “Twitter recently announced a deal with the analytics firm Datasift that authorizes Datasift to sell the content of public tweets posted over the last two years.

Companies who buy the data from Datasift will be able to market to users based on the topic or location of the tweets. DataSift will be required to regularly remove tweets that users delete”.

Allowing this to happen shows that the principles enshrined in the Consumer Privacy Bill of Rights, are, for the moment, only pretty thoughts written down in a fancy manner.

Look, for instance, at principle number one: INDIVIDUAL CONTROL. It presupposes that “Consumers have a right to exercise control over what personal data companies collect from them and how they use it”. Hence, if Twitter feels like making money out of the personal data posted by its users, at least it should ask for their consent.

Yes, you may say Twitter’s deal regards only public tweets. That has nothing to do with the user’s consent that some company would profit from his or her thoughts expressed there.

Maybe if they new their data are so valuable, they wouldn’t have made it public for free in the first place.


Moving Forward with the Consumer Privacy Bill of Rights

US National Telecommunications and Information Administration announced today that “At the request of the White House, NTIA will soon begin convening interested stakeholders — including companies, privacy advocates, consumer groups, and technology experts — to develop and implement enforceable codes of conduct that specify how the principles in the Consumer Privacy Bill of Rights apply in specific business contexts”.

Therefore, the authority is seeking some… Public Comments. “As you will see in our Request for Public Comments, we think the first topic for stakeholder discussion should be a discrete issue that allows consumers and businesses to engage and conclude multistakeholder discussions in a reasonable timeframe. We list some options for an initial topic, including how to apply the Consumer Privacy Bill of Rights’ Transparency principle to the privacy notices for mobile apps. We also invite commenters to discuss lessons learned from existing multistakeholder processes in the Internet policy and standards realms as we finalize the arrangements for the privacy discussions.”

So, if you want your privacy protected, go ahead and give feedback!

Source: http://ntia.doc.gov/blog/2012/moving-forward-consumer-privacy-bill-rights

A closer look on the steaming US privacy framework

A Bill of Rights dedicated to consumer privacy is huge. The US, which enforces a quilt of privacy statues, will have some coherent guidance sourcing in a sort of a fundamental law, such as a Bill of Rights.

Data protection (or informational privacy) reform is as full of energy as a volcano on both sides of the Atlantic. While the European Commission publicized its proposed data protection regulation exactly a month ago, its US counterpart published yesterday a White Paper containing substantial privacy reforms.

The Bill of Rights is part of the new privacy framework presented in the White Paper, which encompasses three more components: a multi-stakeholder process to determine how these rights will apply in specific business contexts; an effective enforcement model; and greater interoperability between the privacy frameworks of the United States and its international partners.

Having a first look on the Bill of Rights, I noticed it uses the notion of “personal data”, just like the EU data protection legislation, and not “personally identifiable information”. It defines the personal data as “any data, including aggregations of data, which is linkable to a specific individual”. The definition is also similar to the EU definition of personal data, according to which personal data is any information related to an identified or identifiable person.

What is interesting is that the US privacy Bill of Rights recognizes directly that “Personal data may include data that is linked to a specific computer or other device“, while in the EU this is an almost endless discussion (whether the IP address falls or not under the data protection Directive provisions).

I should note that the Bill of Rights is not enforceable per se, but “The Administration supports Federal legislation that adopts the principles of the Consumer Privacy Bill of Rights”.

Another common point of the EU and the new US privacy Bill of Rights is the reference to codes of conduct. While the EU regulates in detail what a code of conduct is and how it should be used in the proposed data protection regulation, the US also recognizes such means for protecting informational privacy: “Even without legislation, the Administration will convene multistakeholder processes that use these rights as a template for codes of conduct that are enforceable by the Federal Trade Commission.

Another statement included in the Privacy Bill of Rights indicates that one of the main reasons it was adopted is precisely compliance with EU data protection standard: “These elements—the Consumer Privacy Bill of Rights, codes of conduct, and strong enforcement—will increase interoperability between the U.S. consumer data privacy framework and those of our international partners“.

I also have to underline that the US Bill of Rights envisages “consumers”, while the EU data protection legislation refers to “any person”. The two concepts are evidently not identical. Nonetheless, the EC Directive on the protection of personal data in electronic communications is also somehow guided to protect more of a consumer than a mere individual.

If you want to look closer to the Bill of Rights yourself, be my guest: http://www.hldataprotection.com/uploads/file/White%20Paper.pdf

Also, you can find HERE more on the White Paper and the Bill of Rights.