The IAF has submitted its comments on the FTC Advanced Notice of Proposed Rule Making on Surveillance Capitalism and Security (ANPR). The IAF staff thinks it is time for the FTC to issue an unfairness rule on the fair processing of data pertaining to people. However, that rule should be tailored to preventing a set of adverse processing impacts that are designated in the rule. The comments reflect the views of the IAF staff and not necessarily those of the IAF Board or members.
Data minimization and purpose limitations are broad concepts, and, as defined by the FTC, so is corporate surveillance. Bright-line rules based on broad concepts are very tantalizing, and they should be very rare. An example of a bright-line rule is found in the 1992 FTC consent orders with TRW Information Systems & Services and Equifax that established that any combination of tradeline information and identifying information from a consumer reporting agency was a consumer report. Those consent orders were a privacy case that essentially outlawed a marketing support service called reverse bank card append. Since 1992 such bright-line privacy cases that outlaw a line of commerce have been few and far between.
Appropriate data collection and use are very context driven and need to be assessed in context. As a result, privacy laws in Virginia, Colorado and Connecticut require risky processing be assessed for harm to individuals, groups, and society at large. Likewise, the IAF continually defaults to risk assessments measured against a yardstick of adverse processing impacts in its model legislation, THE FAIR and OPEN USE ACT, and such risk assessments are a key point in the IAF’s comments on the ANPR.
There has been criticism that the ANPR is too broad. Given the nature of a digital society, the breadth of questions in the ANPR is respectful of the extent of the issues related to broad data collection/creation, transformation of data into information and knowledge, and then using that knowledge to create action.
In responding to the ANPR, the IAF relied on research conducted by IAF principals dating back to the early 2000’s. The IAF’s comments addressed the difference between observation and commercial surveillance, the importance of accountability, and the need for a clear set of standards to assess risks and benefits against. As mentioned above, the IAF also addressed the weakness associated with bright line principles, such as data minimization and purpose limitations, particularly as it relates to knowledge discovery (the use of data to create new insights).
The IAF sees the ANPR as another milestone in establishing fair processing guidance for commerce in the United States. The process would be useful even if Congress were to enact a new privacy law because the research submitted would be applicable to any rulemaking required by a new law.
The IAF team welcomes your thoughts on its ANPR comments.
Related Articles