Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley.

Slides:



Advertisements
Similar presentations
Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Advertisements

This work was supported by the TRUST Center (NSF award number CCF ) Background In order to subsidize free services to consumers, web sites often.
Performance Indicator 4.08
Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.
Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:
TRUST, WISE 2010 Hacking the Law for Researchers Chris Hoofnagle UC Berkeley Law For WISE 2010.
PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.
An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group
Wolf, Greenfield & Sacks, P.C. | 600 Atlantic Avenue | Boston, Massachusetts | | fax | wolfgreenfield.com Communicating.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.
McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Chapter 5 Brokerage and Agency 2010©Cengage Learning. All Rights Reserved.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
CPS Acceptable Use Policy Day 2 – Technology Session.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Use and Regulation of Social Media April 5, 2011 – Destin, Florida.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
This work was supported by the TRUST Center (NSF award number CCF ) Third Party Information Sharing Disclosure Practices Cody Rigney – Youngstown.
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine.
Lalit Sharma, JIM E-commerce Marketing Communications.
Chapter 17 Direct and Online Marketing: Building Direct Customer Relationships.
Marketing --one of the most powerful ways to generate leads for a product/service Know the strengths of mktg compared to other ways of reaching.
INDUSTRY COMMITMENT TO INNOVATION IN NOTICE AND CHOICE AAAA, ANA, CBBB, DMA, IAB Convene Task-Force (April 2008) Coalition begins drafting industry principles.
Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.
Privacy Issues In Market Research Duane L. Berlin, Esq. General Counsel, CASRO Principal, Lev & Berlin, P.C. PL&B Annual Conference Cambridge, MA 22 August.
2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.
Olof Nilsson.  Ex: Facebook, MySpace, LinkedIn ◦ Allows users to create web pages or profiles that provide information about themselves and are available.
CYBERLAW Cyberlaw Meets Family Law: The Children’s Online Privacy Protection Act of 1998 (COPPA) Class of Nov. 11, 2002 Professor Susanna Fischer.
Citigroup Confidential Portia Workshop on Sensitive Data in Medical, Financial and Content Distribution Systems A Financial Services Viewpoint Dan Schutzer,
Optimal Database Marketing Drozdenko & Drake,
By: John Cuong Pham Site #17. The Business  We sell discounted Burton Snowboards  Between10-25% off retail price  Accumulate inventory through sample.
Databases and Privacy Storing, Organizing and Retrieving Data.
Sears Privacy Policy & Security information Shaina Lacher.
ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.
Chapter Twelve Digital Interactive Media Arens|Schaefer|Weigold Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Restoring Privacy, Cleaning Your Computer's Cookies and Beacons.
Essentials Of Business Law Chapter 27 Conducting Business In Cyberspace McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.
Sharing Information (FERPA) FY07 REMS Initial Grantee Meeting December 5, 2007, San Diego, CA U.S. Department of Education, Office of Safe and Drug-Free.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
IBM Innovate 2012 Title Presenter’s Name Presenter’s Title, Organization Presenter’s Address Session Track Number (if applicable)
Mini Law Lesson: Who Got Sued This Month and Why Brian Heidelberger Winston & Strawn
The Lessons of the Lotus MarketPlace: Implications for Consumer Privacy in the 1990's Mary J. Culnan.
Customer Relationship Management Software A proposal by Virtual Dimensions ©Copyright Virtual Dimensions May-2010.
Katherine Sun.  Collects information (about people)  Public Records  Web browsing  Credit Card History  Other data brokers  Sells for:  Advertising.
Jim Loter Director of Information Technology
The Apple Privacy Policy zakiya mitchell
Privacy and Public Policy Implications of IoT
Student Privacy in an Ever-Changing Digital World
Whistleblower Program
Storing, Organizing and Retrieving Data
Big Data Considerations
Current Privacy Issues That May Affect Your Credit Union
Chapter 12 selling overview Section 12.1 The Sales Function
Performance Indicator 4.08
Chapter 13 E-Commerce Contracts
Explain the role of ethics in financial- information management
Privacy Principles Melinda Clarke.
Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C.
Presentation transcript:

Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley Law CWAG, July 20, 2010

Anti-Privacy Market Companies do not compete on privacy Users do not read policies They assume that privacy policies are seals Even if read, consumers wouldn’t understand them Privacy is a secondary product characteristic

Challenge Plaintiff suits often fail for lack of financial harm Many are “gotcha” cases anyway Industry group promises are unenforceable AGs can play a central role in aligning business practices with reasonable consumer expectations Focus enforcement actions on creating clarity around key privacy terms Third parties and information sharing Opt out Confidentiality Anonymization The list brokers & data provenance And allow firms to compete under policed definitions…

What is a “third party?” No one wants to admit to sale of information to “third parties.” Some companies use “affiliate,” “affinity,” “partner,” or “company with products we think will interest you” to obfuscate third party sharing.

Ann Taylor Privacy Policy Will my information be shared? To respect your privacy, Ann Taylor will not sell or rent the personal information you provide to us online to any third party. […] In addition, Ann Taylor may share information that our clients provide with specially chosen marketing partners. […] Residents of the State of California may request a list of all third parties to which Ann Taylor has disclosed personal information during the preceding year for the third parties' direct marketing purposes.

What does a “right to opt out” require? Consensus: companies should provide notices and ability to opt out. Reality: the incentive structure rewards companies for interfering with opt out.

Real world opt outs Sometimes require a fax to provide personal information that the company doesn’t even have—Intellius.com Sometimes require disclosure of all addresses—Victoria’s Secret Sometimes requires data subject to be a victim of DV—Lexis Sometimes requires bizarre request for paper opt-out request form— Acxiom.com Many claim they won’t accept opt outs from “third parties”

Catalog Choice.org Nonprofit environmental group helps consumers opt out of catalogs and list brokers Makes verifiable opt out requests Memorializes & tracks them 1.2 million households have submitted over 17 million opt- out requests to over 2,000 companies Some companies filter & bounce s that contain “opt out” Some companies mail to opt out request accounts

“Anonymization” Google Search strings: Stored w/ account info IP Addresses: Last octet deleted at 9 months e.g XXX IP address intervention makes user “anonymous” among 250 other users Cookies: Hashing at 18 months Microsoft Search strings: Not stored w/ account info IP Addresses: Full deletion at 6 months Cookies: Removed, along with other cross-session identifiers, at 18 months

The list brokers

Impulsives, matures = new sucker lists

Datran Media Case Datran bought lists from Gratis Internet (freeipods.com) Datran knew that Gratis promised never to sell the lists Gratis refused to change its privacy policy Datran bought the data anyway… Paid $1.1M in settlement agreement Key issue: data provenance!

List Broker Privacy: Contracts Ban Transparency (iv) use Experian Data in any marketing communication that refers to selection criteria or presumed knowledge about the recipient. Experian Disclosure of Source of Licensed Data; Ad Copy. Solicitation and ad copy used by Client or Client’s customers in connection with the Licensed Data: (i) shall not disclose the source of the recipient’s name and address; (ii) shall not contain any indication that Client or Client’s customers possess any information about the recipient other than name and address; and (iii) must be in good taste and of the highest integrity. Equifax Your marketing communications used in connection with any list ordered by or for you or your customer shall not make reference to any selection criteria or presumed knowledge concerning the intended recipient of such solicitation or the source of recipients name, address, and/or telephone number; Alesco

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.