X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The following discussion thread excerpt is from a recent law.com online seminar, E-Commerce: Reinventing the Law, moderated by Curtis Karnow of Sonnenschein Nath & Rosenthal. The full discussions and seminar library for this program are available for viewing. For more information on this program and other law.com seminar offerings please visit www.law.com/seminars. Jeffrey Ritter, Kirkpatrick & Lockhart, Washington, D.C. Privacy is the wrong denominator. I believe it was Andy Grove that said words to the effect that “There is no privacy. Get over it.” So how do we as lawyers evaluate and practice in this space? Here is a hint: The currency in question is personal information, largely collected and organized in electronic form, that is traded and processed for commercial gain. It is an asset, a tradeable asset which has attributes of economic value. Privacy is not about constitutional rights or intrusive networks or personal liberties. The issue is how do we construct an infrastructure of rules through which we design and execute transactions that produce the collection and exploitation of personal information? The proper denominator is “commerce in personal information.” In that context, much of “privacy law” can be viewed as the architecture of a basic contractual system for offer, acceptance, warranty, performance and recourse. Think about it for a second. Students in this class need to read the EU Directive on Personal Information and should also find a good summary on Gramm Leach Bliley, but the essential principles are roughly the same: Notice — an offer to a consumer defining what information is to be collected and the use to be made of that information. Consent — an acceptance by a consumer of the offer. Studies indicate, indeed, that a majority of consumers are prepared to sell personal data when given appropriate consideration. Choice — a principle of freedom of contract. Individuals must “opt-in” or “opt-out”–it’s all about preserving contractual freedom. Consistent Use — a principle that those who collect the data must use it consistently with the offer, and assure that downstream recipients of that data are required to do the same. There are other provisions, but the principle here is that commerce is the defining mantra. Public policy appeals have made the topic of privacy enormously attractive, but, in reality, the Net is a private system of private facilities leased under commercial contracts to conduct commerce involving individuals. It is only natural — it is only commercial — that the Net will evolve rules for doing business in the most voluminous business record of that facility: personal data. I welcome challenges that repudiate or argue with this principle. Curtis Karnow, Sonnenschein Nath & Rosenthal, San Francisco, Calif. Notice, consent, choice. … Yes, those are excellent frameworks, but they are rely on an assumption — that the user understands. None of your three key terms has content unless and until the user understands what he is being told, understands what an IP address is, understands what a cookie is, understands what it means when his data is correlated to another data base and then he’s targeted with email and so on. Those who spend a lot of time in this area need to have in mind a smart, ignorant person, with which to measure the efficacy of protections, notices, warnings, alerts, terms and conditions, and so on. I use my father — with profound apologies to him, who will never read this. He uses the computer every day. He searches on search engines for cites to his name and loves it. He sends email. He reads the newspaper online. He has no idea, at all, of the difference between his ISP, the materials provided by his browser, that which is provided by various search engines or other pages or sites on the web. Not a clue. What is his notice, his consent, his choice? How are those meaningful for him? And the technology moves so fast that after he gets the idea of email passing through multiple servers, and the remote possibility that others see those, we have to move onto cookies — and then the idea that sites can track where he was and where he’s going to on the Net — next month it’ll be something else — he will never catch up. No one knew what DoubleClick was really up to — even they didn’t know! In a way, none of us will. What is our consent, our choice? Jeffrey Ritter, Kirkpatrick & Lockhart, Washington, D.C. The compelling question: what is our choice? Answer: Turn off the computer. Life is still possible without it. However, the implicit suggestion that consumers need to be educated to use the Net and understand the technologies as a condition to data collection is an unprecedented deterrent with no effective yield. The purpose is to place into effect a meaningful process for contracting and managing personal data as an asset. My next post deals with the question of how to work as a lawyer in building privacy compliance. Curt’s policy arguments are important factors, but the central issue is how to comply with the laws in place and how to build going forward. I have forwarded to law.com for posting to the library a paper we developed explaining different models on how to build privacy systems. This paper was presented to the Computer System Security and Privacy Advisory Board and specifically addresses issues relating to the challenges facing global multinationals. I hope it is there; if not, please advise and I will forward. Jeff Riffer, Jeffer, Mangels Butler & Marmaro, Los Angeles, Calif. I agree with Curt. Under general legal principles, consent only applies when it is “informed,” i.e., a reasonable person giving consent understands what he or she is agreeing to. Accordingly, the only privacy policies which should be effective are those which state with some specificity (and written in an understandable way) what information is being collected and how that information is going to be used. However, this poses a practical problem for the site because the world is constantly changing. It is difficult to know, now, all the possible uses of the information being collected. When I checked Amazon.com’s privacy policy a few weeks ago, it stated that amazon.com would use the information collected in compliance with its privacy policy at the time that the information is used (not when it is collected). Scott Killingsworth, Powell, Goldstein, Frazer & Murphy, Atlanta, Ga. That “no privacy” quote was from a Scott McNealy press conference — the guy really knows how to schmooze reporters, doesn’t he? I agree with Jeffrey’s basic premise that what Internet privacy law is about — for now — is constructing a transparent market in personal data. I agree with the writer of a recent letter to The Industry Standard, who I quote with permission: “Privacy and privacy law are not necessarily the same thing — nor should they be. It’s hard to make good law without consensus on what should be protected, and besides, government regulation has definite shortcomings as a remedy for everyday annoyances. But unfettered trafficking in consumer data can also have serious effects. “Information, once collected, tends to move up the value chain. You can draw a lot of inferences about someone from a “marketing” database 800 fields wide, inferences that could be used in employment, insurance or credit decisions, or simply to snoop. “The problem resembles the stock market: There’s no agreement on which stocks are best, or even how to pick them. Securities law simply creates a market framework based on transparency and integrity of information. Given accurate information, investors can choose investments based on their own objectives. “This is the FTC’s approach to privacy: to create a transparent market in personal data. It beats having Congress make those decisions for me.”… The principles of notice, choice, access, security and –Jeffrey, let’s not forget the last one — enforcement, create such a market, but only to the extent, as Curtis points out, that the choices are clear and real and accessible to the person who is supposed to be making a choice. To give a very clear example, Congress decided that children under 12 couldn’t be expected to make appropriate choices in this area, so they enacted the Children’s Online Privacy Protection Act to set distinct boundaries around the “free market” in information on children that is harvested over the Net. And this “free market” approach is going to work in other areas only so long as those who collect information behave in a reasonably uniform way when it comes to offering people their choices — thus the FTC’s long campaign for self-regulation and, in particular, for the universal adoption of privacy policies among B2C Web sites. The FTC has now decided that this effort has failed and has called for legislation to universalize the basic consumer-data-market regime Jeffrey described. And we can be sure this free-market regime will endure only so long as the consumer population, growing increasingly sensitive to privacy issues, stands for it. COPPA, Gramm-Leach-Bliley and the EU directive all place some substantive restrictions on use, generally along the lines of Jeffrey’s “consistent use” concept. Where the political winds will ultimately blow on this one, and what compromises will finally become law, is anyone’s guess. But every wholesale betrayal of consumers’ expectations (never mind the fine print) by a major corporation brings us that much closer to additional substantive regulation.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.