Interactive Counsel

Arent Fox's interactive media law blog - latest news and trends in advertising, data security & privacy, and IP.

Interactive Counsel

At PrivacyCon, Researchers Discuss Today’s New Technologies, Highlight Not-So-New Privacy and Security Issues

alert

At PrivacyCon, Researchers Discuss Today’s New Technologies, Highlight Not-So-New Privacy and Security Issues

What’s New?

On January 12, 2017, The Federal Trade Commission (FTC) held its second PrivacyCon conference. PrivacyCon brings together researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss the latest research and trends related to consumer privacy and data security. This year’s PrivacyCon featured presentations from academics and technology researchers covering the following five main areas: (1) the Internet of Things (IoT) and Big Data; (2) mobile privacy; (3) consumer privacy expectations; (4) online behavioral advertising; and (5) information security. FTC Chairwoman Edith Ramirez, who is stepping down effective February 10, 2017, opened the conference with the myriad of ways consumer data is collected, asking if the risks associated with data collection outweigh the benefits.

Why Should You Care?

Researchers have historically brought to the FTC’s attention poor privacy and security practices, prompting the FTC to bring enforcement actions. It is therefore important that organizations pay attention to what privacy and security issues are on the FTC’s radar. Some of the practices that featured prominently at this year’s PrivacyCon include: cross-app and cross-platform tracking, privacy vulnerabilities of the smart home, unauthorized collection of geolocation information, exposure of personal information in plain text by apps, illegal acquisition of consumer data, pervasive tracking, and children’s privacy in connected toys.

What Do You Need to Know?

Applying privacy rules and security standards to new technologies was a big theme at PrivacyCon. Despite the number of new and emerging technologies discussed, the issues that emerged were not quite as novel, but merely new iterations of old problems. We have summarized them as follows:

  1. Make Sure You Have a Privacy Policy That Accurately Reflects Your Privacy Practices.  PrivacyCon attendees discussed how 71% of mobile apps that collect personal information do not have a privacy policy. They were alarmed by the supposed disconnect between what some privacy policies say and the actual personal data collected (and how they were used) by online services. We have seen the FTC bring enforcement actions against companies that made inaccurate statements in their privacy policies.
  2. Consider (Early) the Privacy and Security Implications of Rolling Out New Technologies. Chairman Ramirez discussed how new technologies that collect personal data have always presented privacy challenges. If you are unsure as to how privacy and security can be integrated into your product, consult professionals who have done this work in other areas. And do it early, to be able to incorporate privacy and security features in developing or implementing new technologies.
  3. Obtain Consent, Especially Where Geolocation Data Is Involved. Because the collection of geolocation information poses increased risks such as exposure of sensitive information (e.g. political and religious affiliations), stalking, and even burglary and physical harm, it is even more important that consumers are put on notice of--and consent to--the collection of their geolocation information.
  4. Know That the Trend of Leveraging Privacy and Security as Market Differentiators Will Continue. Consumer Reports, a nonprofit that provides product ratings and reviews, has a new initiative to start letting consumers know just how secure and privacy-protective products are so consumers can make informed choices, highlighting privacy and security’s added value of creating a competitive advantage for organizations. The nonprofit plans to launch this new initiative in 2017.
  5. Make Sure You Respectfully Serve Ads to Consumers. Research findings show that consumers are increasingly concerned about privacy, but they also recognize the value of targeted advertising when done respectfully. This finding is good for business, highlighting that so long as businesses demonstrate their trustworthiness (for example, by disclosing data practices and having reasonable security measures in place), they can minimize the risks of getting in trouble with the regulators or losing their consumers.

What’s Next?

If your organization is finding it challenging to navigate privacy and security issues in implementing new technologies, know that privacy principles are generally still applicable in new contexts. For security, there are industry standards and best practices that are available as guidance. Moreover, it might be worth remembering that leveraging privacy and security as marketing differentiators provides the proverbial “carrot” to get these issues right, where legal and compliance “sticks” have traditionally been relied upon.
 
Arent Fox’s Cybersecurity & Data Protection group monitors developments in the privacy and cybersecurity field. For more information, please do not hesitate to contact Sarah L. Bruno, Eva J. Pulliam, and Lourdes M. Turrecha.

SUBSCRIBE

Add this blog to your RSS feed reader.

Arent Fox In Your Inbox
To subscribe to Arent Fox Alerts and other news, click here.

ABOUT ARENT FOX LLP

Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.