10 IMPORTANT QUESTIONS ABOUT PRIVACY AS WE

HEAD INTO 2013

EU COOKIE DIRECTIVE , FEDERAL TRADE COMMIS SION, FEDERAL TRADE
COMMISSION PRIVACY, FTC, PERSONAL DATA RIGHTS, PRIVACY IN 2013,
PROTECTING PRIVACY

January 03, 2013

Photo Source

In 2012, privacy went mainstream.

Issues that were previously the sole province of policy wonks became part of the national discussion:
the Petraeus-Broadwell scandal (email privacy and ECPA reform), relaxed FAA restrictions resulting in the use of
drones by law enforcement (limits on government surveillance, more ECPA reform) and the very successful role
of big data and microtargeting in the 2012 elections (OBA compliance anyone?).

As we start 2013 with privacy firmly ensconced in the national consciousness, important questions about how
privacy policy and enforcement should be framed- remain unanswered.

PRIVACY MANAGEMENT SOLUTIONS

CONTACT US US: 888.878.7830 EU: +44 (0)203 078 6495 | www.truste.com TRUSTe Inc., 2017
Here are the questions we think will continue to loom large for consumers, industry and policymakers in 2013:
1. Should law enforcement be required to get a warrant before accessing my emails and texts?
The Petraeus-Broadwell episode demonstrated how easily the government can gain access to electronic
communications (texts, email) without an individuals knowledge or permission. Shortly after the story broke,
legislation requiring a warrant for access to an individuals electronic communications advanced
with bipartisan support in the House and Senate. The bill should have a good chance this year, but that all
depends on whether privacy will have visibility and bipartisan support in the 113th Congress.]

2. Should the phone company or Google Maps get my okay before tracking my location?
Senator Franken seems to think so. In 2012, his location privacy protection act, which advocates getting consent
for collecting or sharing location data and also bans mobile apps that secretly monitor location, advanced in
the Senate. It is expected that Senator Franken will re-introduce the bill in the 113th Congress and the prospects
for passage are good. Perhaps Congress will be forced to do something, given the visibility that location privacy
has right now.

3. Will privacy be an enforcement priority for the FTC?

For this answer, we need to see who will lead the FTCs privacy efforts in 2013 both as chair of the agency and
head of its consumer protection bureau (given the recent and imminent departure respectively of David Vladeck
and John Leibowitz). A key determinant will be how much the new chair sees privacy as a competitive
differentiator[DD1] that should be addressed in a coordinated manner between the agencys two bureaus
competition and consumer protection.

4. So will privacy become a competitive differentiator in 2013?

Put differently, will consumers decide not to purchase a product or service from a company based on how that
company handles personal info such as pictures and posts? Consumers appear to be insisting that they have
some choice and control in the matter (just ask Instagram, who recently angered users over its photo use and
sharing policies). Recent TRUSTe research of European consumers around cookie compliance indicates that
the number of consumers who will choose a website based on compliance is edging upwards.(from 33% in the
UK to nearly 50% in Germany[DD2] ). Additionally, research in the US reveals that approximately 90% of
consumers plan to only do business with companies they believe protect their privacy online.

5. Do you own your Personal Data?

While were on the subject of choice and control, its good to also remember the continuing debate over who
owns your personal data. Does the labor that a company puts into collecting, categorizing and using information
about you, entitle them to ownership of your data? Would our answer change if it meant no more webmail and
other free online services? With the growing market for personal data management (detailed in this recent NY
Times article) its likely that this issue will come to a head soon possibly in 2013.

PRIVACY MANAGEMENT SOLUTIONS

CONTACT US US: 888.878.7830 EU: +44 (0)203 078 6495 | www.truste.com TRUSTe Inc., 2017
6. Should there be damages for privacy violations?
Questions of ownership invariably lead to the issue of whether there should be damages for privacy violations.
Until now, courts have been reluctant to find those types of damages, but two types of cases are worth noting
[thanks to @PrivacyWolf (Christopher Wolf) and the Future of Privacy Forum for alerting us to these
developments[SN3] ]. First, in Resnick v. AvMed, Inc., an 11th Circuit case involving Florida state law and stolen
laptops, the court found damages where there was actual financial injury to the plaintiffs from the defendants
actions. Second, two consumer class actions filed in federal courts in California (the iPhone app litigation) and
Washington, privacy claims have been allowed to proceed on the theory that plaintiffs:
paid more for their devices than they would have paid had they known their personal information would
be misused; and
incurred higher battery and data usage costs from the unwanted collection and sharing of their personal
information

7. Will politicians continue to target constituents?

One of the most interesting privacy stories of the year was how microtargeting helped the President and other
politicians win their 2012 elections. This success almost guarantees that the practice will continue into next
years midterm elections even as the technology becomes more refined and, potentially even more privacy
invasive. Consumers at least according to this Annenberg study reject tailored political advertising. Was
the 2012 election a free pass? Should politicians let us know through notice and perhaps choice how they
plan to track our likes and dislikes for political purposes?

8. Are multi-stakeholder processes a good way create privacy rules?

The jury is still out on whether multi-stakeholder processes are an effective way to devise privacy rules (how the
current W3 process unfolds under Peter Swires leadership will provide part of this answer). Another litmus test
in 2013 will be the Department of Commerces multi-stakeholder process, including the current initiative around
mobile transparency (in which TRUSTe is participating). It remains to be seen how these efforts will be viewed by
EU data protection officials, and what significance, if any, compliance with such an industry standard would have
under section 5 of the FTC Act (which punishes actions that are deceptive, misleading, or unfair to
consumers).

9. Will EU countries enforce their cookie laws?

In 2012, there were few privacy issues that created more concern (and hurried conference calls) than the EU
Cookie Directive. To date, most European countries have passed a law requiring consent before dropping
cookies, or other trackers, on a users computer or other device. But, we havent seen significant enforcement of
these laws, prompting compliance delays on both sides of the Atlantic. Companies are concerned about
disrupting user traffic and ripping out websites to comply with a law that is simply not being enforced. Will 2013
see changes in enforcement? Its likely. The UK ICO who has provided guidance around its Cookie Law
requirements in the past couple years has stated that it plans to go after noncompliant sites in 2013. As has
the Netherlands, which has not one, but two data protection regulators, and is already enforcing cookie
compliance through automated technology.

PRIVACY MANAGEMENT SOLUTIONS

CONTACT US US: 888.878.7830 EU: +44 (0)203 078 6495 | www.truste.com TRUSTe Inc., 2017
10. What is the best way to protect an individuals privacy while not impeding future innovation?
Should the way be different for online or offline context?

This last question is food for thought answering it could possibly also provide answers to the previous nine
questions. Like you, I look forward to seeing how the privacy dialogue unfolds and whether we will get answers
to some of these questions in 2013.

Wishing you all the best for a splendid year ahead!

For the latest privacy news & information, visit truste.com/blog.

PRIVACY MANAGEMENT SOLUTIONS

CONTACT US US: 888.878.7830 EU: +44 (0)203 078 6495 | www.truste.com TRUSTe Inc., 2017