What are you looking for?

Showing 9 of 138 Results in Privacy

Comments, California DMC Autonomous Vehicle Rules, California DMV

Regulatory Comments "On behalf of the R Street Institute, the Competitive Enterprise Institute, TechFreedom, and the International Center for Law & Economics, we respectfully submit these comments in response to the California Department of Motor Vehicles’ proposed Driverless Testing and Deployment Regulations released on March 10, 2017..."

Summary

“On behalf of the R Street Institute, the Competitive Enterprise Institute, TechFreedom, and the International Center for Law & Economics, we respectfully submit these comments in response to the California Department of Motor Vehicles’ proposed Driverless Testing and Deployment Regulations released on March 10, 2017. We believe the proposed regulations better serve the people of California—not only in terms of safety, but in terms of consumer welfare more generally. We are particularly cognizant of the DMV’s demonstrable commitment to an iterative approach to this rulemaking. On that basis and in that spirit, we believe that further revisions are necessary.”

Continue reading
Innovation & the New Economy

Clearing up the Senate’s confusion on FCC privacy rules

Popular Media At an oversight hearing on Wednesday, the Senate Commerce Committee confronted Federal Communications Commission Chairman Pai with questions over last week’s partial stay of the . . .

At an oversight hearing on Wednesday, the Senate Commerce Committee confronted Federal Communications Commission Chairman Pai with questions over last week’s partial stay of the commission’s broadband privacy order. While privacy rules are certainly highly complicated, comments from some senators telegraphed a fundamental misunderstanding of what has been done to date to protect consumers, and given the current ecosystem, what the FCC’s proper role should be going forward.

Read the full piece here.

Continue reading
Telecommunications & Regulated Utilities

Amicus Brief, LabMD Inc., v. FTC, 11th Circuit

Amicus Brief Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45 [“Section 5”], is a consumer protection statute, not a data security rule...This fundamental point has been lost in the Commission’s approach to data security.

Summary

Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45 [“Section 5”], is a consumer protection statute, not a data security rule. See Commission Statement of Policy on the Scope of Consumer Unfairness Jurisdiction, Letter from the FTC to Hon. Wendell Ford and Hon. John Danforth, United States Senate (Dec. 17, 1980) [“Unfairness Statement”], reprinted in International Harvester Co., 104 FTC 949, 1073 (1984) [“International Harvester”] (quoting 83 Cong. Rec. 3255 (1938) (remarks of Senator Wheeler)) (“Unjustified consumer injury is the primary focus of the FTC Act….’”).

This fundamental point has been lost in the Commission’s approach to data security. The touchstone for Section 5 actions is not “reasonableness,” but consumer welfare: Does this enforcement action deter a preventable “unfair” act or practice that, on net, harms consumer welfare, and do the benefits to consumers from this action outweigh its costs? Section 5’s purpose is neither fundamentally remedial nor prescriptive. Concern for consumer welfare means deterring bad conduct, avoiding over-deterrence of pro-consumer conduct, minimizing compliance costs, and minimizing administrative costs (by focusing only on substantial harms) — not preventing every possible harm. Instead of weighing such factors carefully, or even performing a proper analysis of negligence, as it purports to do, the Commission has effectively created a strict liability standard unmoored from Section 5.

Across the Commission’s purported guidance on data security, it has likewise failed to articulate a standard by which companies themselves should weigh costs and benefits to determine which risks are sufficiently foreseeable that they can be mitigated cost-effectively. Thus, in addition to violating the intent of Congress, the FTC has also violated the Constitution by failing to provide companies like LabMD with “fair notice” of the agency’s interpretation of what Section 5 requires.

Continue reading
Antitrust & Consumer Protection

The Internet Association’s vision for the future looks a lot like the past

TOTM Last week, the Internet Association (“IA”) — a trade group representing some of America’s most dynamic and fastest growing tech companies, including the likes of . . .

Last week, the Internet Association (“IA”) — a trade group representing some of America’s most dynamic and fastest growing tech companies, including the likes of Google, Facebook, Amazon, and eBay — presented the incoming Trump Administration with a ten page policy paper entitled “Policy Roadmap for New Administration, Congress.”

The document’s content is not surprising, given its source: It is, in essence, a summary of the trade association’s members’ preferred policy positions, none of which is new or newly relevant. Which is fine, in principle; lobbying on behalf of members is what trade associations do — although we should be somewhat skeptical of a policy document that purports to represent the broader social welfare while it advocates for members’ preferred policies.

Read the full piece here.

Continue reading
Intellectual Property & Licensing

FCC Chairman Wheeler’s claimed fealty to FTC privacy standards is belied by the rules he actually proposes

TOTM Next week the FCC is slated to vote on the second iteration of Chairman Wheeler’s proposed broadband privacy rules. Of course, as has become all . . .

Next week the FCC is slated to vote on the second iteration of Chairman Wheeler’s proposed broadband privacy rules. Of course, as has become all too common, none of us outside the Commission has actually seen the proposal. But earlier this month Chairman Wheeler released a Fact Sheet that suggests some of the ways it would update the rules he initially proposed.

According to the Fact Sheet, the new proposed rules are…

Read the full piece here

Continue reading
Antitrust & Consumer Protection

Letter, Deviations from the FTC Privacy Framework, FTC

Regulatory Comments "Dear Ms. Dortch: I write to express my concerns regarding the consumer welfare effects of the revised broadband privacy proposal summarized in a Fact Sheet by Federal Communications Commission (“FCC”) Chairman Tom Wheeler earlier this month..."

Summary

“Dear Ms. Dortch:

I write to express my concerns regarding the consumer welfare effects of the revised broadband privacy proposal summarized in a Fact Sheet by Federal Communications Commission (“FCC”) Chairman Tom Wheeler earlier this month. While the Fact Sheet appears to indicate that the Chairman’s revised proposal includes some welcome changes from the initial broadband privacy NPRM adopted by the Commission this Spring, it also raises a number of problematic issues that merit the Commission’s attention before final rules are
adopted.

While the Fact Sheet asserts that the Chairman’s new proposal is “in harmony” with the privacy framework outlined by the Federal Trade Commission (“FTC”) (as well as the Administration’s proposed Consumer Privacy Bill of Rights), the purported changes in this regard are merely rhetorical, and do not, in fact, amount to a substantive alignment of the
Chairman’s proposed approach with that of the FTC.

  • First, unlike the FTC’s framework, the proposal described by the Fact Sheet ignores the crucial role of “context” in determining the appropriate level of consumer choice before affected companies may use consumer data, instead taking a rigid approach that would stifle innovation and harm consumers.
  • Second, the Fact Sheet significantly expands the scope of information that would be considered “sensitive” well beyond that contemplated by the FTC, imposing onerous and unnecessary consumer consent obligations that would deter welfare-enhancing uses of data.

I agree with the Chairman that, if adopted, the FCC’s rule should align with the FTC’s. But the proposed rule reflected in the Fact Sheet does not. I urge the Commission to ensure that these important deviations from the FTC’s framework are addressed before moving forward with adopting any broadband privacy rules…”

Continue reading
Data Security & Privacy

Comments, Protecting the Privacy of Customers of Telecom Services

Regulatory Comments The NPRM and many of the comments supporting it reflect an ill-considered approach to privacy regulation for ISPs.

Summary

The NPRM and many of the comments supporting it reflect an ill-considered approach to privacy regulation for ISPs. Getting regulation right is always difficult, but it is all the more so when confronting evolving technology, inconsistent and heterogeneous consumer demand, and intertwined economic effects that operate along multiple dimensions.

[S]ecuring a solution that increases social welfare[] isn’t straightforward as a practical matter. From the consumer’s side, the solution needs to account for the benefits that consumers receive from content and services and the benefits of targeting ads, as well as the costs they incur from giving up data they would prefer to keep private. Then from the ad platform’s side, the solution needs to account for the investments the platform is making in providing content and the risk that consumers will attempt to free ride on those investments without providing any compensation—in the form of attention or data—in return. Finally, the solution must account for the costs incurred by both consumers and the ad platform including the costs of acquiring information necessary for making efficient decisions.

The NPRM fails adequately to address these issues, to make out an adequate case for the proposed regulation, or to justify treating ISPs differently than other companies that collect and use data.

Perhaps most important, the NPRM also fails to acknowledge or adequately assess the actual market in which the use of consumer data arises: the advertising market. Whether  intentionally or not, this NPRM is not primarily about regulating consumer privacy; it is about keeping ISPs out of the advertising business. But in this market, ISPs are upstarts
challenging the dominant position of firms like Google and Facebook.

Placing onerous restrictions upon ISPs alone results in either under-regulation of edge providers or over-regulation of ISPs within the advertising market, without any clear justification as to why consumer privacy takes on different qualities for each type of advertising platform. But the proper method of regulating privacy is, in fact, the course that both the FTC and the FCC have historically taken, and which has yielded a stable, evenly administered regime: case-by-case examination of actual privacy harms and a minimalist approach to ex ante, proscriptive regulations.

Continue reading
Telecommunications & Regulated Utilities

Statement, EU Evaluation & Review of the E-Privacy Directive

Regulatory Comments The Commission’s interest in protecting the privacy of its citizens is commendable.

Summary

The Commission’s interest in protecting the privacy of its citizens is commendable. This concern, however, should be well tempered by humility, and the Commission’s ultimate decision should be guided by the understanding that contemporary technology and market innovations have afforded consumers a degree of choice unparallelled in the history of the European Union. While some firms may build their products with the requirement that consumers allow them to use personal information, others will not. And when consumers defect from products that do not meet their individual mix of privacy, price, and other preferences, firms will take notice and change their behavior accordingly.

This leads to another related point: innovation moves so quickly today that uniform prescriptive regulation intended to govern the behavior of many thousands of firms and millions of consumers is doomed to frustration if not outright failure. Moreover, broad regulations meant to bring industry to heel frequently work to the benefit of incumbents, driving out smaller competitors or making entry nearly impossible, only further narrowing consumer choices and guaranteeing less than optimal results for all of society.

With that said, there are certainly actions for the Commission to take that ensure a competitive environment in which consumer interests are adequately protected. Chief among these areas would be to enact regulations that control the damaging effects of costly data localization rules. Overall, however, the Commission would do best to leave much of the implementation of privacy regulations to the individual EU members who are most in touch with the challenges and desires of their own constituents.

Continue reading
Data Security & Privacy

ICLE & TechFreedom Policy Comments

Regulatory Comments The Commission’s NPRM would shoehorn the business models of a subset of new economy firms into a regime modelled on thirty-year-old CPNI rules designed to address fundamentally different concerns about a fundamentally different market.

Summary

The Commission’s NPRM would shoehorn the business models of a subset of new economy firms into a regime modelled on thirty-year-old CPNI rules designed to address fundamentally different concerns about a fundamentally different market. The Commission’s hurried and poorly supported NPRM demonstrates little understanding of the data markets it proposes to regulate and the position of ISPs within that market. And, what’s more, the resulting proposed rules diverge from analogous rules the Commission purports to emulate. Without mounting a convincing case for treating ISPs differently than the other data firms with which they do or could compete, the rules contemplate disparate regulatory treatment that would likely harm competition and innovation without evident corresponding benefit to consumers.

Concerns relating to online privacy have been extensively studied by regulators and others over the past two decades. By and large, regulators responded to these concerns with a combination of a general case-by-case approach alongside tailored rules derived from the relevant information involved in particular areas of privacy concern. Few, if any, regulators have adopted an “opt-in” privacy regime for non-sensitive data such as the FCC proposes. The FCC’s proposed regime may have been cutting-edge in the 1980s and 1990s — but it makes no sense in today’s information economy in which firms from different segments of the economy fluidly enter each other’s markets and effectively compete in a separate, cross- sector, informatics and advertising market. The proposed rules instead dig in the heels of the Commission against the irresistible tide of progress, attempting to maintain arbitrary industry firewalls between firms.

The “problem” the Commission attempts to fix with this proposed rulemaking is not one of preventing ISPs from using personal information to prevent new entrants from effectively competing with their incumbent businesses — which was, in fact, the genesis of the CPNI rules.1 Rather, these rules are designed to keep ISPs from competing with edge providers like Google, Facebook, and Netflix. But, in truth, both edge providers and ISPs actually need general rules of broad applicability. This is what the FTC and other regulators have largely done to date. Such broadly applicable rules are designed to be competitively neutral, and to offer the flexibility needed to address the various concerns that may come up in these markets while balancing legitimate economic and privacy interests and providing an adequate level of notice to those subject to regulation about their expected norms of conduct.

In short, the Commission has not made a convincing case that discrimination between ISPs and edge providers makes sense for the industry or for consumer welfare. The overwhelming body of evidence upon which other regulators have relied in addressing privacy concerns urges against a hard opt-in approach. That same evidence and analysis supports a consistent regulatory approach for all competitors, and nowhere advocates for a differential approach for ISPs when they are participating in the broader informatics and advertising markets. Absent the collection and analysis of substantial evidence — which at this point has not been articulated by the Commission or those advocating the Commission’s proposed approach, and which is far beyond the scope of the present NPRM — the proposed approach is not supportable.

And all of the foregoing is particularly perplexing in light of the fact that the Commission will inadvertently create more consumer harm than benefit. At the same time, the Commission has not shown that regulatory efficacy, administrative efficiency or anything else demands such rules. Particularly given TerraCom and the demonstrated ability of the Commission to handle harms as they arise even absent prescriptive rules, the need for these aggressive new rules simply cannot be justified.

Continue reading
Telecommunications & Regulated Utilities