Photo of Nigel Howard

Nigel Howard

Nigel Howard’s practice focuses on technology, outsourcing, and intellectual property issues. He represents clients in complex technology transactions, including outsourcing, licensing, corporate partnering, and strategic alliance transactions. Mr. Howard also has experience representing clients during IP property purchases and sales, and in reviews of IP portfolios in relation to corporate financing and merger and acquisition transactions. His experience includes cross-border technology transfers, development and testing arrangements, distribution channels, technology deployment, and electronic commerce as well as privacy laws with regard to electronic databases and online services.

Yesterday the Department of Transportation issued its final rule on “Enhancing Airline Passenger Protections.”  The proposed rule had been published in December 2009 and received over 2,000 comments.  One of the most controversial aspects of the original proposed rule was a requirement that airlines must provide all their fare and product information to Global Distribution Systems

I attended the ABA’s Antitrust Law Spring Meeting the last two days.  What struck me the most was the increased prominence of data and privacy as factors in analysis of markets and competition in antitrust law.  This was the topic in the Chairman’s Showcase session on Thursday.  Julie Brill, the FTC Commissioner, perhaps made the point the best.  She explained that if privacy is becoming a competitive differentiator (e.g., consumers are persuaded to use one service over another because the chosen service has better privacy practices), then privacy is clearly a non-price factor in competition law analysis.  Commissioner Brill provided an overview of the FTC’s report on consumer privacy and emphasized three parts of the report: privacy by design, transparency and choice.  She also emphasized that the FTC was focused on the fact that technical approaches to privacy solutions could impact competition in the market.  However, her view was that standards bodies would mitigate against this concern.  Ken Anderson, Assistant Commissioner for Privacy in Ontario provided an explanation of privacy by design.  Much of the information from his presentation is readily available in a useful video presentation at

HP demonstrated an automated tool that it is testing as part of its privacy by design implementation which looked impressive. The HP “Accountablity Model Tool” sends records and reports to the HP privacy office as products are developed.  Google introduced the audience to the “data liberation front” which enables users to extract their data from Google products – see Reading Privacy increasingly a factor in antitrust/competition law analysis

We have previously blogged on the FTC’s privacy report on “Protecting Consumer Privacy in an Era of Rapid Change” and the Department of Commerce’s Green Paper on “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”  We have also published client alerts on the FTC report and the DOC green paper.  In this and two subsequent blog posts, I will share some observations on themes in these proposed frameworks that have implications for how companies approach their IT contracts.  

My first observation is that both the report and the green paper emphasize the need for a coordinated and well managed set of policies with respect to privacy and security arrangements in contracts with third party business partners. 

The FTC’s framework advocates for “privacy by design” where companies promote consumer privacy throughout their organizations.  As companies’ operations are supported by a complex mix of internal and external IT resources, privacy by design necessitates that privacy and security considerations be addressed in every contract with an external IT service provider. 

The DOC focus is on broader adoption of better Fair Information Practice Principles (FIPP) backed up by the ability to assess and audit compliance.  In relation to external IT resources, that ability to assess and audit is wholly dependent on the terms of the contract between the customer and the provider.  IT contracts also need to require that the provider comply with the customer’s policies on FIPPs. Continue Reading Implications of the FTC Report and DOC Green Paper for IT Contracts