DOT issues final rule on passenger rights

Posted by Nigel Howard on April 26, 2011

Yesterday the Department of Transportation issued its final rule on "Enhancing Airline Passenger Protections."  The proposed rule had been published in December 2009 and received over 2,000 comments.  One of the most controversial aspects of the original proposed rule was a requirement that airlines must provide all their fare and product information to Global Distribution Systems (GDSs) to enable full disclosure of product and price information to consumers.  Most airlines and a number of commentators pointed out that this proposal would have a number of unintended consequences which would be detremental to consumers, including impacting the privacy and security of passenger information.  The GDSs and travel agency groups disagreed and welcomed the requirement.  In Monday's final rule the DOT states that it needs more time to consider this issue in relation to the GDSs and thus has deferred its decision on this requirement.  Thus the debate on this topic will continue.

Survey Indicates Banks Taking "Wait and See" Approach to Mobile Payments

Posted by Mike Nonaka on April 14, 2011

Fiserv, Inc. recently released the results of a survey suggesting banks are taking a "wait and see" approach to mobile payments. Fiserv commissioned and Forrester Consulting conducted the survey of 15 large U.S. banks, which found that most of the banks offered mobile banking services allowing customers to make transfers between accounts, find an ATM, and pay bills online. Only one of the banks offered mobile banking for purposes of person-to-person payments and none offered mobile banking for making brokerage trades. The survey found that all of the banks had clear mobile banking strategies but few had a defined strategy for mobile payments, including point-of-sale or contactless payments and person-to-person payments.

The law governing mobile payments is a complex blend of existing laws including the Electronic Fund Transfer Act and Gramm-Leach-Bliley as well as rapidly-changing state laws. In deploying mobile payment technologies, depository institutions should carefully analyze and address all of the relevant authorities.

Privacy increasingly a factor in antitrust/competition law analysis

Posted by Nigel Howard on March 31, 2011

I attended the ABA's Antitrust Law Spring Meeting the last two days.  What struck me the most was the increased prominence of data and privacy as factors in analysis of markets and competition in antitrust law.  This was the topic in the Chairman's Showcase session on Thursday.  Julie Brill, the FTC Commissioner, perhaps made the point the best.  She explained that if privacy is becoming a competitive differentiator (e.g., consumers are persuaded to use one service over another because the chosen service has better privacy practices), then privacy is clearly a non-price factor in competition law analysis.  Commissioner Brill provided an overview of the FTC's report on consumer privacy and emphasized three parts of the report: privacy by design, transparency and choice.  She also emphasized that the FTC was focused on the fact that technical approaches to privacy solutions could impact competition in the market.  However, her view was that standards bodies would mitigate against this concern.  Ken Anderson, Assistant Commissioner for Privacy in Ontario provided an explanation of privacy by design.  Much of the information from his presentation is readily available in a useful video presentation at  www.privacybydesign.ca

HP demonstrated an automated tool that it is testing as part of its privacy by design implementation which looked impressive. The HP "Accountablity Model Tool" sends records and reports to the HP privacy office as products are developed.  Google introduced the audience to the "data liberation front" which enables users to extract their data from Google products - see www.dataliberation.org.

Continue Reading

Implications of the FTC Report and DOC Green Paper for IT Contracts

Posted by Nigel Howard on January 28, 2011

We have previously blogged on the FTC’s privacy report on “Protecting Consumer Privacy in an Era of Rapid Change” and the Department of Commerce’s Green Paper on “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”  We have also published client alerts on the FTC report and the DOC green paper.  In this and two subsequent blog posts, I will share some observations on themes in these proposed frameworks that have implications for how companies approach their IT contracts.  

My first observation is that both the report and the green paper emphasize the need for a coordinated and well managed set of policies with respect to privacy and security arrangements in contracts with third party business partners. 

The FTC’s framework advocates for “privacy by design” where companies promote consumer privacy throughout their organizations.  As companies’ operations are supported by a complex mix of internal and external IT resources, privacy by design necessitates that privacy and security considerations be addressed in every contract with an external IT service provider. 

The DOC focus is on broader adoption of better Fair Information Practice Principles (FIPP) backed up by the ability to assess and audit compliance.  In relation to external IT resources, that ability to assess and audit is wholly dependent on the terms of the contract between the customer and the provider.  IT contracts also need to require that the provider comply with the customer’s policies on FIPPs. 

Continue Reading