The Senate Commerce Committee held a privacy hearing yesterday with three government witnesses from the agencies responsible for this issue: Federal Trade Commission Chairman Jon Liebowitz and Commissioner Maureen Ohlhausen, and Commerce Department General Counsel Cameron Kerry. The Senators and witnesses went over a lot of familiar ground. A few takeaways from the hearing:
– Perhaps because of sparse attendance on the part of Committee members, the privacy issue appeared to be more partisan than it used to be. The two skeptics about the need for legislation were Senator Pat Toomey (the only Republican to show up) and newly-confirmed Commissioner Ohlhausen. Senator Toomey stressed the need for evidence of market failure, harms to consumers and cost-benefit analysis (a position with which I agree and have made before this committee). Senator Kerry, on the other hand, stated that the record is clear on the need for a privacy law, even suggesting that Senator Toomey’s concerns have been addressed at previous hearings (they have not). Commissioner Ohlhausen expressed “concerns about the ability of legislative or regulatory efforts to keep up with the innovations and advances of the Internet without imposing unintended chilling effects on many of the enormous benefits consumers have gained from these advances.” Senator Rockefeller acknowledged that a consensus doesn’t yet exist on legislation, but indicated after the hearing, “I really don’t see it as that complicated a subject.” In fact, it is a complicated subject.
– The issue is viewed as a consumer protection issue (which it is), but it is perhaps more importantly an innovation issue, as suggested by Commissioner Ohlhausen. This is because virtually all innovation on the Internet depends in one way or another on the use of information – to develop the product itself and/or the financial resources for it. Thus, privacy regulation, which necessarily limits the collection and use of information, can have a profound effect on both the magnitude and direction of innovation on the Internet. The legislation proponents do not acknowledge these tradeoffs. They simply assume that regulations can be adopted without any adverse effect on innovation.
– There remains substantial confusion about the anonymity of data. Much of the discussion conflated data from social networks – clearly not anonymous – with data used anonymously for a variety of commercial purposes on the Internet. Individuals understandably get upset when personal information posted on social networking sites which was previously available to one group of people becomes unexpectedly available to a wider group. This is the type of information at issue in the recent FTC consent decrees with Facebook and Google. In these instances, both companies were forced by their users to stop the questionable practices as soon as they became known, long before the consent decrees were entered into. In any event, some combination of consumer unhappiness and the FTC’s existing statutory authority was sufficient to stop the questionable practices. But information on social networking sites is different from the vast amount of data collected and used for behavioral advertising or to refine search engines, to take two examples. These data are “known” to computers, not to individuals. No one is sitting around saying, “What can I sell Tom Lenard today.” Rather, computers are using algorithms to serve advertisements to consumers who have certain interests.
– There is a lot of confusion about the market for privacy and whether firms compete on the basis of privacy. The two government reports did not do a good job of illuminating this central issue. Senator Toomey suggested companies are competing on privacy, while the pro-legislation group at the hearing argued that companies always lose profits by providing more privacy (i.e., sacrificing some data), so they will never want to do it. But companies do things like this all the time – i.e., provide better service, which costs money, in order to attract more customers, which makes them more money. What the pro-legislation camp seems to be arguing is that companies won’t be able to attract consumers by offering more privacy, even though consumers are unhappy with the privacy protections they’re currently receiving. This is not a compelling argument. In fact, we really don’t know that consumers are, on the whole, unhappy with current privacy protections, which gets us back to Senator Toomey’s opening remark: “Seems to me neither this committee nor the FTC nor the Commerce Department fully understands what consumers’ expectations are when it comes to their online privacy.” We should know more with all these reports.