This is another big week for privacy. On Monday, Senate Commerce Chairman Jay Rockefeller introduced the Do-Not-Track Online Act of 2011, which we posted about here. And yesterday, the newly created Senate Subcommittee on Privacy, Technology and the Law held its first hearing.  The hearing focused on mobile privacy issues, but also touched on other important privacy-related matters, including reform of the Electronic Communications Privacy Act and data security breaches. The following are highlights from the hearing:

  • Jessica Rich, Deputy Director of the Federal Trade Commission’s Bureau of Consumer Protection, testified that the FTC has “a number of active investigations into privacy issues associated with mobile devices, including children’s privacy.”
  • Ms. Rich also noted that the draft Staff Report published by the FTC in December addresses mobile privacy issues in certain respects, including recommending that companies obtain affirmative express consent before collecting or sharing sensitive information such as precise geolocation data. In response to a question from Senator Al Franken, Ms. Rich explained that location data is especially sensitive because it often involves the data of children and teens and, when gathered over time, can be used to determine what church or political meetings a person attends and when and where a child walks to and from school. She also noted stalking concerns. Ms. Rich also expressed concerns that mobile users are even less likely than other online consumers to read detailed privacy screens, given the small screens of most mobile devices, but noted that the FTC Staff Report recommends clearer disclosures and simpler consent mechanisms. With respect to the status of the Staff Report, Ms. Rich’s written remarks indicate that FTC staff is analyzing the comments it received on its draft Staff Report and will take them into consideration in preparing a final report for release later this year.

  • Senate Judiciary Chairman Patrick Leahy indicated that he plans to “introduce a bill very shortly” to update the Electronic Communications Privacy Act to address the development of remote data storage. In questions directed to Deputy Assistant Attorney General Jason Weinstein, Senator Leahy expressed concern about whether there are gaps in ECPA with respect to remotely stored location information.
  • Senator Tom Coburn asked Ms. Rich several questions to determine the extent to which the FTC needs additional statutory authority to facilitate the FTC’s ability to protect consumers. (Senator Coburn asked Ms. Rich to submit to the Committee a list of the proposals from the FTC staff report that currently can be implemented under Section 5 of the FTC Act and which are forward-looking policy goals.) While Senator Franken seemed disposed toward legislation, his remarks noted that he appreciates business models that provide users free services and the continued ability of technology companies to provide innovative services to users.
  • In his testimony, Mr. Weinstein indicated support for congressional action with respect data retention and data breach notification. He indicated that it is vital that law enforcement be notified of breaches in order to investigate cybercrimes. Specifically, he said for law enforcement to be successful in investigating identity theft, law enforcement needs to receive prompt reporting from victim companies and the opportunity to delay notification to consumers where appropriate. Ms. Rich noted that the FTC strongly supports data security and data breach legislation, with strong civil penalties, although noted that data security legislation should not require “perfection.”
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

As part of her practice, she also regularly represents clients in strategic transactions involving personal data and cybersecurity risk. She advises companies from all sectors on compliance with laws governing the handling of health-related data. Libbie is recognized as an Up and Coming lawyer in Chambers USA, Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”