WASHINGTON, D.C.– As the speed of technological innovation has continued to increase in recent years, it has completely outpaced the ability of companies, consumers and regulators to keep up with the ways in which those changes affect online privacy, experts say, and in order to make real improvements in the way that sensitive data is handled, all of the concerned parties will need to change the way they think about privacy.
For much of the Internet era, privacy has generally been defined and discussed in terms of helping users protect their personally identifiable information and prevent advertisers and others from using that data in unwanted ways. But that model is outdated and of little use in today’s environment, and it needs to be pushed aside in favor of a more considered approach, according to two panelists speaking at the Gov 2.0 Summit here Wednesday.
In a discussion of the current state of privacy regulation and policy and what can be done to improve it, Loretta Garrison of the Federal Trade Commission and Dorothy Atwood, chief privacy officer at AT&T, both stressed the need for more intelligent thinking and discussion of privacy issues, especially as they relate to individual privacy.
“We do need to step back and look much more broadly at privacy and regulation and what this means. There’s no such thing really as anonymity on the Web,” Garrison said. “It’s very clear there are so many digital trails and bits of information that can be assembled and used to create new profiles of consumers. There’s no agreement on what comprises sensitive information, where you draw the line. There are no rules of the road. The technology has outpaced the policymaking.
“Our reliance on notice in the past, it’s been demonstrated that you can’t expect consumers to read [privacy] notices, understand what’s going on and make informed decisions. We need a better balance between what the technology can do and what consumers expect,” she said.
Atwood agreed, saying that AT&T is thinking along the same lines and is interested in finding ways for customers to have more control over their own data and personal information. That’s a tall order, however, given how much data is gathered, stored and analyzed every which from Sunday by thousands of companies each day.
“We used to think about how to help people keep information closed. But we’ve learned that we need to help them share it on their own terms,” Atwood said. “We need to give them tools to share it and a way to control that. We don’t quite know what that means yet. We need innovation around tools. It’s a difficult task to stop the bad guys and still allow innovation.”
Part of what that might mean for users in practical terms is more of a say in the ways in which their data is used and visibility into what companies are doing with it, how they’re collecting it and what the implications are. One model could involve a third party that informs various companies that a person interacts with how that person wants her data used and stored.
“We think a lot about how to make this more usable for customers. We want to functionalize privacy controls so that you can see what’s happening to your data as it’s happening,” Atwood said. “What we need to do more of is be more useful and focus on interoperability so that consumers don’t have to tell AT&T and Google and Facebook how they want to be treated. We have to think about how we get there and who, then, the customer would be trusting in order to get there. It wouldn’t have to be one person or entity.”
In the short term, the FTC’s Garrison said she’d like to see consumers have more information to make better decisions.
“Right now, consumers don’t really understand what’s going on, and that’s an issue that needs to be addressed,” she said. “They sort of know they’re being tracked, but they don’t know how. Individuals don’t have leveraging power with companies. If they don’t want to be tracked, they should be able to say no.”