Promising Start by White House on Privacy; But will it empower people over Big Data in the digital era? Role of TTIP/trade

We await to review the text of proposed privacy bills announced today by President Obama. Next month will mark the third (link is external)anniversary of the promise by the White House to release “Consumer Privacy Bill of Rights” legislation. The “Bill of Rights” for privacy is supposed to empower an individual to have serious control over how their data is gathered and used. While the “Bill of Rights” incorporates high-minded principles, we fear that at the end of the day legislation will sanction our ever-growing data collection status quo. Today, Americans face a greater loss of their privacy due the unchecked and growing use of commercial (link is external) surveillance (link is external)technologies, which now afflicts us regardless of whatever device (link is external) we use (and with most applications (link is external)). Rather than lead on privacy, U.S. companies are aggressively expanding their sophisticated and pervasive data mining activities on individuals, groups, and communities (link is external). Whether we are online or off, (link is external) our finances, (link is external) geolocation, ethnicity/race (link is external), health (link is external)concerns and much more are secretly gathered and used without meaningful consent—let alone our awareness. A set of invisible practices operate that assess, score and take advantage of all of this online and offline data. So far, the only tangible result of the President’s privacy promise has been online data lobbyist-dominated “stakeholder” meetings at the Commerce Department. This process has failed to develop even a modest form of more effective self-regulation, let alone truly provide privacy protection. If the President’s bill relies on these flawed stakeholder proceedings to develop privacy safeguards, it will not bring any change and merely allow ubiquitous data collection to further flourish.

We also believe that an unannounced but intended audience for today’s Administration plan is to remove a serious obstacle for an U.S.EU trade deal, known as TTIP. U.S. data giants see the TTIP (link is external)as a powerful way to expand their market in Europe without having to run afoul of the EU’s stronger data protection rules (under the guise of “free flow of data,” the TTIP would enable U.S. companies to engage in all sorts of practices without worrying about EU privacy regulators). The TTIP deal also includes a regulatory “poison pill” called “regulatory convergence.” Before the FTC or other consumer protection agency could create any new regulation, it would have to be reviewed by a new EU/US council. This would enable corporate lobbyists to have additional opportunities to weaken proposed rules even before they were made public. New regulations would face a new hurdle, having to demonstrate they wouldn’t negatively impact corporate trade profits. The EU should not accept as only a promise that the U.S. will protect the privacy of Americans. Even if the Obama bill is a good one, its congressional path ahead is a hard political road, with an uncertain outcome. The EU should be prudent and wait.

On data breach, we are wary of preempting more effective state laws—which is high on the data industry’s political agenda in 2015.

The most promising development may be a commitment by the White House to seek a national bill protecting the privacy of K-12 students. CDD intends to play an active role on this and all the other proposals.