MMTC has filed a letter with the National Telecommunications and Information Administration (NTIA), asking the agency to consider the needs of low-income, minority consumers and small businesses as it develops the Administration’s approach to consumer privacy. The full letter is available on MMTC’s website and summarized below.
The Case for Consumer Privacy Protection
In a Request for Comments (RFC) on “Developing the Administration’s Approach to Consumer Privacy,” NTIA outlines a broad framework that focuses on a set of high-level goals and user-centric privacy outcomes designed to balance consumer protection with organizational flexibility in achieving those goals and outcomes. As the nation continues to face a persistent digital divide, with profound disparities in broadband adoption based on race, location, and wealth, it is vital that NTIA and the Administration continue to develop this approach with these concerns in mind.
Broadband access is essential to full participation and access to opportunities for education, jobs, telemedicine, civic engagement, and enhanced quality of life. Communities of color, low-income individuals, and other marginalized populations historically have had limited opportunities to gain new skills, secure quality and high-wage jobs, obtain a valuable education, participate in civic dialogue, and benefit from advanced telemedicine and other technologies.
NTIA has reported that “nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks in 2017, while a third said these worries caused them to hold back from some online activities. About 20 percent said they had experienced an online security breach, identity theft, or a similar crime during the past year.” Low-income populations and other marginalized groups are more sensitive to the harms caused by serious data breaches, without the informational and financial resources to recover. As such, it is imperative that the Administration’s approach to consumer privacy takes the unique needs of low-income and other marginalized groups into account.
In its letter, MMTC makes the following recommendations:
- The Regulatory Landscape Must Be Harmonized with Privacy Protections That Are Technology Neutral
A federal privacy protection framework applied across all fifty states will provide the strongest protection for consumers, will promote broadband adoption, and is likely to help bridge the digital divide. As it currently stands, consumer privacy is governed by a patchwork of state and federal statutes that place duplicative or contradictory privacy-related obligations on organizations and only further confuse consumers. Where a consumer lives or works should not determine how the privacy of their information should be protected. A robust federal privacy framework would eliminate a patchwork of state privacy laws, minimize confusion for consumers, and provide consistency and certainty for the organizations seeking to comply with the laws.
- The Regulatory Landscape Must Be Harmonized with Privacy Protections That Are Technology Neutral
Comprehensive Application
A federal privacy protection framework applied across all fifty states will provide the strongest protection for consumers, will promote broadband adoption, and is likely to help bridge the digital divide. As it currently stands, consumer privacy is governed by a patchwork of state and federal statutes that place duplicative or contradictory privacy-related obligations on organizations and only further confuse consumers. Where a consumer lives or works should not determine how the privacy of their information should be protected. A robust federal privacy framework would eliminate a patchwork of state privacy laws, minimize confusion for consumers, and provide consistency and certainty for the organizations seeking to comply with the laws.
Further, MMTC agrees with NTIA that “[a]ny action addressing consumer privacy should apply to all private sector organizations that collect, store, use, or share personal data in activities that are not covered by sectoral laws.” Currently, internet service providers (“ISPs” such as AT&T, Comcast, and Verizon) are regulated differently from online “edge” companies such as Facebook and Google under certain federal and state laws, which contributes to increased consumer confusion and risk, depending on where and how the consumer is using the internet.
- A Single Federal Framework with the FTC As the Enforcement Agency Using Section 5 of the FTC Act Is Preferable to a Patchwork of State Legislation, Empowering Small Businesses and Consumers
Harmonize the Regulatory Landscape under FTC Authority
When it comes to consumer privacy, the simpler the better. Thus, in addition to the confusion resulting from different privacy protections based on technology, a fragmented enforcement approach to consumer privacy will have an adverse impact on many vulnerable consumers, who are particularly susceptible to long-term consequences resulting from harmful practices conducted online and offline. The Federal Trade Commission (“FTC”) is uniquely positioned to regulate consumer privacy, with years of expertise, experience, and precedent through over 500 cases adjudicated under agency rules and regulations. Specifically, the FTC has brought enforcement actions addressing a wide range of privacy issues, including spam, social networking, behavioral advertising, pretexting, spyware, peer-to-peer file sharing, and mobile. The FTC’s history and experience grants the agency the judgment to understand how consumers interpret, manage, and are affected by online influences.
Transparency
It is vital that any regulatory approach be as transparent as possible to consumers. Currently, entities that collect, store, use, and share personal data have lengthy and legalistic privacy policies that are difficult to understand and largely unread by consumers. Many websites provide statements that pop up when users visit, generally stating that “[b]y using this website, you agree to the use of tracking cookies.” However, these statements largely used across the internet ecosystem are vague and simply require consumers to agree to the use of tracking cookies used by the website but provide little information on how the data is used.
Privacy terms should be simple to understand and clearly outline what data is collected; how it is used; how long it is stored; and what data is shared with other entities, for what purpose, and with whom. Moreover, in providing consumers with understandable privacy policies, it is important that these policies be translated into other languages. MMTC agrees with the FTC’s approach, and we believe that these requirements must extend to all BIAS and edge providers to ensure non-English-speaking and limited-English-proficient consumers are not left without access to vital information on how their data is handled.
Scalability
In its RFC, NTIA states that “[the] Administration should ensure that the proverbial sticks used to incentivize strong consumer privacy outcomes are deployed in proportion to the scale and scope of the information an organization is handling.”
For our entire 32-year existence, MMTC has advocated for policies that promote and encourage small business development and success by creating opportunities for diverse businesses to thrive, thereby enabling diverse communities to close economic gaps. The internet has provided unprecedented pathways to success for small, minority, and women-owned businesses to succeed. Thus, MMTC agrees that the FTC should ensure it does not place undue compliance burdens on “small businesses that collect little personal information and do not maintain sensitive information about their customers […] so long as they make good-faith efforts to utilize privacy protections.” Notwithstanding, any considerations about undue burdens on small businesses must be appropriately balanced with consumer privacy protection goals and outcomes, and particularly when it comes to protecting vulnerable communities as we continue to work toward closing the digital divide.
Ensure Privacy Outcomes and Goals Encompass Key Privacy Principles
In a May 2018 letter, a diverse civil rights coalition of 51 national organizations, including MMTC; the National Urban League; MANA, a National Latina Organization; and OCA - Asian Pacific American Advocates National Center, asserted that several key privacy principles be the cornerstone of any legislation designed to protect the Internet and extend its promise to all Americans. To ensure the protection of vulnerable communities, NTIA should work with these principles in mind as it continues to shape its privacy framework.
Key principles that are echoed throughout this letter include strong protections for privacy and individual control of personal information, consistent rules and equal treatment across the country and in the internet ecosystem, and a renewed commitment to closing the digital divide. Referring to the opportunities afforded by internet access, the letter holds that the principles are vital for ensuring that “this remarkable engine for civic, cultural, economic, and social engagement remain open, safe, and secure for all Americans.”
Conclusion
Our nation’s leadership has a duty to protect all Americans. In light of the persistent digital divide, distrust, and confusion among consumers and our nation’s most vulnerable communities, it is necessary that NTIA and the Administration shape privacy policies and legislation with their unique concerns in mind. In doing so, all of our nation’s consumers can enjoy a secure experience when they engage online.
The full letter is available here.