NTIA Holds Its First Privacy Multistakeholder Meeting

The National Telecommunications and Information Administration's (NTIA) first multistakeholder meeting on mobile privacy was held in Washington, D.C. on July 12, 2012. The goal was to develop a code of conduct to provide transparency in how companies providing applications and interactive services for mobile devices handle personal data. Mobile devices pose distinct consumer privacy challenges, such as disclosing relevant information on a small display. In addition, many have noted that practices surrounding the disclosure of consumer data privacy practices do not appear to have kept pace with rapid developments in technology and business models. 

Background

The White House’s Privacy Blueprint contains a number of key elements, including: (1) a Consumer Privacy Bill of Rights, which is a set of principles the Administration believes should govern the handling of personal data in commercial sectors that are not subject to existing federal privacy statutes; and (2) a multistakeholder process, which NTIA will convene, to develop legally enforceable codes of conduct that specify how the Consumer Privacy Bill of Rights applies in specific business contexts. (For further background information, see blogs on February 23^rd and March 12^th.)  

NTIA’s Request for Comments stated “NTIA’s role in the privacy multistakeholder process will be to provide a forum for discussion and consensus-building among stakeholders.”  More than eighty commenters filed responses to the Request for Comments. Individuals and organizations from the commercial, academic, civil society, and government sectors filed comments.

While the July 12^th meeting focused on ways to improve the transparency of the privacy practices of mobile apps, some privacy advocates questioned the value of creating more transparency without rules on the way apps will use the personal data of users.  “Mobile privacy standards need also to address the fair collection of data, security, and other issues in addition to transparency,” said Susan Grant, Director of Consumer Protection for the Consumer Federation of America.

There was early disagreement at the meeting over whether a discussion about process should precede an attempt to prioritize the issues on the table for coming up with a regime for ensuring transparency in mobile app policies. Privacy advocates including the ACLU, Consumer Federation of America and the Center for Digital Democracy argued early on that prioritizing that list.

The first half of the meeting was focused on the key issues, the second half to getting some consensus on a practical set of processes for implementing them.  Among the issues that was deemed critical was:

• that privacy policies be technology-neutral
• that there needs to be a common
• functional definition of data use, that data being collected by mobile apps be tracked across other platforms
• that it needed to be made clear why data was being collected, and that privacy policies be in clear understandable language

By the end of the day, the participants had agreed upon possible process elements that included:

• identify current common privacy practices
• involve app developers
• create working subgroups to deal with some individual issues

The next meeting will be scheduled for August, but the date is not yet set.

EDUCAUSE will continue to monitor and report on this issue.