Hamilton’s most recent Common Ground event, centered around the state of privacy regulation in the U.S., was hosted on Wednesday, Feb. 22 at 7 p.m. in the Fillius Events Barn. The guest panelists were Jessica Rich, former director of the Federal Trade Commission’s Bureau of Consumer Protection and first head of the U.S. Federal Trade Commission’s division of privacy and identity theft, and Brad Weltman, Meta’s director of privacy and public policy. Their discussion was moderated by Hamilton College alumnus Stuart Ingis, chair of Washington, D.C.-based law firm Venable, co-chair of its eCommerce, privacy, and cybersecurity group and counsel to Privacy for America.
To begin, the panelists described their respective career paths and experience in the field of online privacy. After working as a lawyer in private practice, Rich found herself in the Fair Credit Reporting Act division of the Federal Trade Commission (FTC). She ran the three-person team on privacy as the internet began to grow, where she conducted surveys and reports on privacy and urged companies to post privacy policies. Weltman started his career in Washington D.C. through a fellowship on the Senate Health Committee. He immersed himself in digital and online behavioral advertising in the magazine publishing industry before meeting Ingis, who was creating the Digital Advertising Alliance at the time. Working for the Interactive Advertising Bureau allowed Weltman to get into the tech world, leading to his current career in privacy and digital advertising at Meta. Ingis graduated from Hamilton in 1993 with a concentration in government and moved to Washington D.C. to work in the environmental movement. After law school, he ended up getting a job at a private law firm with the only internet lawyer in the U.S. at the time. His current career involves industry self-regulation, where standards are written in the absence of congressional action that reputable and responsible companies can follow.
The panel covered three distinct topics: federal privacy laws, regulation of data and consumer choice.
Federal Privacy Laws
Rich explained the current issue that states have created comprehensive privacy laws that are all slightly different as a result of Congress not setting federal privacy rules. The FTC is trying to develop a rule that would apply nationwide, but they do not have the authority required to implement it. Rich believes Congress needs to establish a national standard so consumers are protected in every state. Weltman did not think there was a clear answer to this issue. However, he agreed with Rich that this is a role for Congress, as individual state privacy laws tend to create power imbalances. Ingis agreed that there seems to be consensus from business communities, consumer groups and regulators that there should be one federal law that all consumers understand. Rich pointed out that it is hard to criticize state-level actions when they were filling the void in privacy regulation before businesses came around to pushing for a federal law. Ingis defended businesses, arguing that the advancement, interconnectedness and progression of technology today may not have existed to the fullest extent if there were strict privacy regulations in the beginning. Weltman added that the lack of certainty in privacy laws kills companies, as flexibility and a broad involvement in privacy regulation is needed to account for the evolution of technology today.
Regulation of Data
Ingis noted that there is a fear of “surveillance capitalism” in consumers, as they feel like they are being monitored online everywhere they go. However, he argued that the anonymous online tracking of consumers can allow for new businesses to efficiently compete online, which creates tension between business monetization of content and privacy regulation. Rich countered that the problem with this point of view is that once data is collected, it has an uncontrolled life of its own, so there are restrictions needed on how data is used after its initial purpose.
Consumer Choice
Rich described the recommendation her team made to Congress in 2000, which required notice to consumers of companies’ information practices, consumer choice, access to collected data and security of data in efforts to emphasize privacy as an important value. She explained that when impermissible uses are established, they protect consumers by not giving consumers a choice about whether their data can be used to injure them. Weltman pointed out that the downside of consumer choice and consent is that it tends to be used for everything instead of for meaningful moments. Meta’s privacy enhancing technologies help to secure privacies in a way that is building into the technology infrastructure, such as differential privacy technology and multi-party computation, which make it harder to individually identify consumers. Rich countered that this expensive computation technology is not realistically possible for small companies to implement, to which Weltman replied that larger companies would need to open source the technology to make it more accessible.
After the speakers’ remarks, the panel opened up the discussion to questions from the audience. The first question returned to Weltman’s concept of “meaningful moments,” where Weltman acknowledged that consumers view sensitive data points in different ways and said that these societal decisions on contrasting consumer preferences make for a challenging debate. For the second question on accessibility in privacy, Weltman repeated that the industry should help to open source technologies in order to help drive privacy and facilitate notice and choice elements. The third question was about consumer trust in companies, to which Weltman replied that accountability is essential and Rich added that enforcement is needed to meaningfully implement the law and for the technology industry to fear repercussions upon violation. Further points of discourse included location privacy, the overregulation and monetization of data and data retention.
