Presentation is loading. Please wait.

Presentation is loading. Please wait.

Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley.

Published byMelissa Cox Modified over 9 years ago

Similar presentations

Presentation on theme: "Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley."— Presentation transcript:

1

2 Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley Law CWAG, July 20, 2010

3 Anti-Privacy Market Companies do not compete on privacy Users do not read policies They assume that privacy policies are seals Even if read, consumers wouldn’t understand them Privacy is a secondary product characteristic

4 Challenge Plaintiff suits often fail for lack of financial harm Many are “gotcha” cases anyway Industry group promises are unenforceable AGs can play a central role in aligning business practices with reasonable consumer expectations Focus enforcement actions on creating clarity around key privacy terms Third parties and information sharing Opt out Confidentiality Anonymization The list brokers & data provenance And allow firms to compete under policed definitions…

5 What is a “third party?” No one wants to admit to sale of information to “third parties.” Some companies use “affiliate,” “affinity,” “partner,” or “company with products we think will interest you” to obfuscate third party sharing.

6 Ann Taylor Privacy Policy Will my information be shared? To respect your privacy, Ann Taylor will not sell or rent the personal information you provide to us online to any third party. […] In addition, Ann Taylor may share information that our clients provide with specially chosen marketing partners. […] Residents of the State of California may request a list of all third parties to which Ann Taylor has disclosed personal information during the preceding year for the third parties' direct marketing purposes. http://www.anntaylor.com/custserv/custserv.jsp?pageName=Privacy

7 What does a “right to opt out” require? Consensus: companies should provide notices and ability to opt out. Reality: the incentive structure rewards companies for interfering with opt out.

8 Real world opt outs Sometimes require a fax to provide personal information that the company doesn’t even have—Intellius.com Sometimes require disclosure of all addresses—Victoria’s Secret Sometimes requires data subject to be a victim of DV—Lexis Sometimes requires bizarre request for paper opt-out request form— Acxiom.com Many claim they won’t accept opt outs from “third parties”

9 Catalog Choice.org Nonprofit environmental group helps consumers opt out of catalogs and list brokers Makes verifiable opt out requests Memorializes & tracks them 1.2 million households have submitted over 17 million opt- out requests to over 2,000 companies Some companies filter & bounce emails that contain “opt out” Some companies mail to opt out request email accounts

10 “Anonymization” Google Search strings: Stored w/ account info IP Addresses: Last octet deleted at 9 months e.g. 99.27.133.XXX IP address intervention makes user “anonymous” among 250 other users Cookies: Hashing at 18 months Microsoft Search strings: Not stored w/ account info IP Addresses: Full deletion at 6 months Cookies: Removed, along with other cross-session identifiers, at 18 months

11 The list brokers

12 Impulsives, matures = new sucker lists

13

14

15 Datran Media Case Datran bought lists from Gratis Internet (freeipods.com) Datran knew that Gratis promised never to sell the lists Gratis refused to change its privacy policy Datran bought the data anyway… Paid $1.1M in settlement agreement Key issue: data provenance!

16 List Broker Privacy: Contracts Ban Transparency (iv) use Experian Data in any marketing communication that refers to selection criteria or presumed knowledge about the recipient. Experian Disclosure of Source of Licensed Data; Ad Copy. Solicitation and ad copy used by Client or Client’s customers in connection with the Licensed Data: (i) shall not disclose the source of the recipient’s name and address; (ii) shall not contain any indication that Client or Client’s customers possess any information about the recipient other than name and address; and (iii) must be in good taste and of the highest integrity. Equifax Your marketing communications used in connection with any list ordered by or for you or your customer shall not make reference to any selection criteria or presumed knowledge concerning the intended recipient of such solicitation or the source of recipients name, address, and/or telephone number; Alesco

17

Download ppt "Competition-Enhancing Enforcement in Privacy: A Remedy for the Anti-Privacy Market Chris Jay Hoofnagle Director, Information Privacy Programs UC Berkeley."

Similar presentations

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
This work was supported by the TRUST Center (NSF award number CCF-0424422) Background In order to subsidize free services to consumers, web sites often.

This work was supported by the TRUST Center (NSF award number CCF ) Background In order to subsidize free services to consumers, web sites often.
Performance Indicator 4.08

Performance Indicator 4.08
Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.

Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.
Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:

Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:
TRUST, WISE 2010 Hacking the Law for Researchers Chris Hoofnagle UC Berkeley Law For WISE 2010.

TRUST, WISE 2010 Hacking the Law for Researchers Chris Hoofnagle UC Berkeley Law For WISE 2010.
PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.
An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group

An Overview of the Law on Spam Anti-Spam Research Group San Francisco, CA March 20, 2003 Jon Praed Internet Law Group
Wolf, Greenfield & Sacks, P.C. | 600 Atlantic Avenue | Boston, Massachusetts 02210 | 617.646.8000 | 617.646.8646 fax | wolfgreenfield.com Communicating.

Wolf, Greenfield & Sacks, P.C. | 600 Atlantic Avenue | Boston, Massachusetts | | fax | wolfgreenfield.com Communicating.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.

Lauren Thomas 1,3 Chris Hoofnagle, JD 2 Ashkan Soltani, MIMS 2 Louisiana State University 1 University of California, Berkeley 2 SUPERB-TRUST REU 3 Do.
McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.

McCarthy Tétrault McCarthy Tétrault LLP An Act respecting the protection of personal information in the private sector (Quebec): « Particularities of the.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Chapter 5 Brokerage and Agency 2010©Cengage Learning. All Rights Reserved.

Chapter 5 Brokerage and Agency 2010©Cengage Learning. All Rights Reserved.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.

“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
CPS Acceptable Use Policy Day 2 – Technology Session.

CPS Acceptable Use Policy Day 2 – Technology Session.

Similar presentations

Ads by Google