‘Notice and Consent’ at State of the Net Wireless
Posted at 5:06 p.m. on May 6, 2014
In a world where we carry and wear technologies that constantly gather information, how does the existing privacy framework of “notice and consent” apply? Adam Thiere, a senior research fellow at the Mercatus Center at George Mason University, moderated a panel discussion on the topic at the State of the Net Wireless conference yesterday.
Karen Jagielski, a senior attorney at the Federal Trade Commission noted that questions have been raised about the Fair Information Practice Principles, which she said have been around since the 1970s. (FIPPs basically inform the process of notice and consent, which you go through every time you click through a privacy notice online.) “Do we completely abandon the FIPPs? I don’t think so,” Jagielski said. “There may be ways that we need to think about how we’re going to do that going forward.”
David Leduc, senior director of public policy at the Software & Information Industry Association, said notice and consent already started to break down before the Internet of Things even emerged. He called the current system one of “privacy disclosures and policies written by lawyers for lawyers.” The legal system of notice and consent was needed, he said, but “we can’t burden users too much.”
Jagielski called that idea a type of “data paternalism.”
“Consumers have a right to understand what’s being done with their information and how it’s being gathered” she said. And to say it’s too difficult for the consumer to understand does them a “disservice,” she said.
Deepti Rohatgi, policy adviser at Lookout, said companies that make consumer wearables — i.e. businesses that might not know what the risks are — should talk to people who do and can teach them best practices, such as developers and hacker types.