Confirmed users
152
edits
Privacy/Policy/NTIA RFC: Difference between revisions
→II. Issues Suitable for Multistakeholder Processes and Codes of Conduct in Privacy
| Line 57: | Line 57: | ||
===II. Issues Suitable for Multistakeholder Processes and Codes of Conduct in Privacy=== | ===II. Issues Suitable for Multistakeholder Processes and Codes of Conduct in Privacy=== | ||
<br> | <br> | ||
One of the challenges in developing codes of conduct for online privacy is the pace of technological innovation and, in many cases | One of the challenges in developing codes of conduct for online privacy is the pace of technological innovation and, in many cases, a lack of accountable institutions specialized in those areas of development. In newly emerging technical capabilities and associated business practices, existing institutional and public stakeholders may not be well prepared, vested or focused to fully understand important nuances in how users are engaging with them, such that there aren't well defined partners to participate in developing and promulgating codes of conduct. | ||
For instance, if we look at mobile apps, with privacy issues associated with notices, location, advertising, and collection and use of new types of personal data, it isn't clear today who the particular stakeholders would be to represent all the parties engaged in this vibrant and rapidly emerging area | For instance, if we look at mobile apps, with privacy issues associated with notices, location, advertising, and collection and use of new types of personal data, it isn't clear today who the particular stakeholders would be to represent all the parties engaged in this vibrant and rapidly emerging area. Unlike the advertising industry, where a handful of influential trade associations represent both the major and independent companies, the corollary doesn't appear to exist for app developers. While there are major mobile trade associations like the GSMA, which does bring together the major mobile carriers and has developed a set of privacy principles, it's an open question as to whether it would have the convening power to mobilize the decentralized app industry to adhere to a code of conduct. | ||
This led us to consider what conditions would need to be met for a particular privacy issue to be suitable for a multistakeholder process to generate meaningful and enforceable code of conduct. From our perspective, there appear to be five conditions necessary for determining if a code of conduct is suitable as a way to create a set of rules that can effectively protect consumer privacy, as opposed to government regulation. | This led us to consider what conditions would need to be met for a particular privacy issue to be suitable for a multistakeholder process to generate a meaningful, voluntary and enforceable code of conduct. From our perspective, there appear to be five conditions necessary for determining if a code of conduct is suitable as a way to create a set of rules that can effectively protect consumer privacy, as opposed to other mechanisms like technology solutions or government regulation. | ||
# Trade associations and/or technical standards bodies have convening power to be accountable and represent the interests of leading companies and organizations in an emerging area of online privacy. | # Trade associations and/or technical standards bodies have convening power to be accountable and represent the interests of leading companies and organizations in an emerging area of online privacy. | ||
# Consumer advocates and academics have sufficient technical and business understanding in the new online privacy concern. | # Consumer advocates and academics have sufficient technical and business understanding in the new online privacy concern. | ||
# User benefits to a technology, service or data type are demonstrable and users are motivated to use the technology or online service. | # User benefits to a technology, service or data type are demonstrable and users are motivated to use the technology or online service. | ||
# Heightened concerns for privacy and security | # Heightened concerns for privacy and security represent a significant barrier for the industry to overcome. | ||
# There's a lack of existing regulation in the United States addressing that area. | # There's a lack of existing regulation in the United States addressing that area. | ||
Applying the above criteria and using the areas of interest outline by the NTIA in its <i>Federal Register</i> notice, we came up with the following analysis: | |||
{| class="fullwidth-table" | {| class="fullwidth-table" | ||
| Line 125: | Line 125: | ||
While we went back and forth internally over how to rate each dimension, and others will undoubtedly weigh things different, we hope this analysis points out that codes of conduct are not going to be a one-size-fits all approach to online privacy. | While we went back and forth internally over how to rate each dimension, and others will undoubtedly weigh things different, we hope this analysis points out that codes of conduct are not going to be a one-size-fits all approach to online privacy. | ||
From our analysis, we would end up with ranking | |||
In some case, technology itself may be the best solution to solving an issue, while in other cases, government regulations could be the right answer. The important thing for this Administration to recognize is when conditions are ideal to convene a multistakeholder process to develop a code of conduct for online privacy. | In some case, technology itself may be the best solution to solving an issue, while in other cases, government regulations could be the right answer. The important thing for this Administration to recognize is when conditions are ideal to convene a multistakeholder process to develop a code of conduct for online privacy. | ||