In a briefing convened by the Congressional Bi-Partisan Privacy Caucus December 13, 2012, co-chairs Ed Markey (D-MA) and Joe Barton (R-TX) tried to advance their agenda of enhancing children’s online privacy in the context of exploring the scope and practices of “data-brokers.” Panelists included credit bureaus, marketing companies, FTC Commissioners, and privacy advocates.

Markey kicked things off with a pithy characterization of the current situation regarding technology and big data as both the best of times and the worst of times, with immense benefits and huge potential costs. He seemed pleased with companies’ “timely and detailed” responses to his request for information in July. Neither he, nor Barton wants to shut down targeted advertising. Nonetheless, existing law has “gaps” and he wants to “ratchet up” transparency and give consumers more control over their personal information. Commissioner Brill, who served as the moderator while Markey and Barton attended to floor votes, expressed several concerns about comprehensive data collection:

  • Current sectoral laws, such as HIPAA, protect information only in limited circumstances; reacting to Markey’s hypothetical of a girl doing online research on anorexia, Brill suggested additional types of information may need protection.
  • ‘E-scores’ or marketing scores that rank consumers by potential value have could have negative, discriminatory impacts on consumers, placing them in marketing “buckets,” i.e. for subprime loan advertisements, potentially based on incorrect information, from which there is no escape.
  • Responding to industry concerns about capturing the thousands of diverse companies that use consumer data in defining the term “data-broker” and fears of a one-size-fits-all approach to regulation, Brill suggested a distinction between consumer-facing and non-consumer facing companies may be appropriate, due to the latter lacking transparency and consumer access.

Several company panelists argued for self-regulation, while others pointed to FCRA as a model that has withstood the test of time – a point with which the privacy advocates concurred. Ultimately, Brill and Markey seemed to agree that an appropriate starting point would be to address practices of the top 100-200 data-brokers, however that term is ultimately defined.

On kids’ privacy, Markey and Barton plan to reintroduce their Do Not Track Kids Act (H.R. 1895) next year and amass well beyond its current 45 cosponsors. In its current form, the bill would, among other things, amend COPPA to prohibit Internet companies from sending targeted advertising to children and minors. However, at the briefing, Barton suggested there be a flat prohibition on collecting information from kids under 13, while Markey suggested COPPA cover kids up to age 15. When pressed, several data-broker panelists were indifferent to the proposals, saying they simply don’t collect data from children. Others, however, noted difficulty with determining the age of online consumers. In response, FTC Chairman Jon Leibowitz strongly implied he disagrees with those who have argued for inclusion of an “actual knowledge” standard in any updates to COPPA, saying with kids, “the benefit of the doubt” has to be given to privacy over data collection. (In subsequent remarks, Brill indicated the FTC’s proposed changes to COPPA should be finalized by year-end.) Markey concluded the briefing saying that everyone should be able to agree on protecting kids; they should be protected first and then [industry, privacy advocates, and policy-makers] can return to work out other issues. As readers of this blog know by now, 2013 promises to be another banner year for privacy law and policy.