Cyberlaw Predictions: The Privacy Policy Debate in the United States

This post is the tenth in a series of predictions from legal and business experts about the directions cyberlaw policy might take in 2013, solicited by editors of BNA's Electronic Commerce & Law Report during the closing weeks of 2012. We asked that the remarks be brief -- something along the lines of a Twitter "tweet" or an elevator pitch. Over 100 attorneys, law professors, online business executives, policy advocates and other cyberlaw experts responded, producing 307 separate assessments, predictions, or just plain complaints regarding any of the many legal subject areas that affect online businesses.

Information privacy is a legal issue that continues to command attention in Washington. As it has for the past 20 years. Will 2013 be any different?

Up for discussion this year: children's privacy, the "do not track" standard" effort at the World Wide Web Consortium, location privacy, "big data," a big federal privacy bill containing the U.S. Department of Commerce's consumer bill of rights, drones, and reform of the 1986 Electronic Communications Privacy Act, to name just a few of the leading privacy issues.


Privacy, as a political issue, is two-faced. Privacy is both a business and a social issue. When looked at as a business issue, privacy has several strikes against it: privacy rights impede innovation, privacy compliance costs money, privacy regulations raise thorny First Amendment issues when applied to marketers, privacy rules are difficult to impose on rapidly changing information technologies, and privacy regulations diminish the economic value of information. Privacy advocates have long made the case that strong privacy rights are actually good for business, because strong privacy rights create trust in online transactions. So far that argument has persuaded neither Congress nor business lobbyists to embrace federal privacy regulation.

Privacy, as a social issue, clearly resonates with consumers. What else would explain why is a perennial policy topic in Washington? Privacy is widely regarded as fundamental to human dignity and personal autonomy; privacy values are explicitly recognized in the Fourth Amendment to the U.S. Constitution. Consumers support having control over their information, they generally dislike online tracking, though they have little appreciation for the amount of tracking that is occurring online. Nevertheless, as a political issue, the potency of privacy's punch is unknown. Outside of the House and Senate commerce committees, little is known about federal legislators' views on online privacy. Privacy was not an issue in any of their election campaigns, as far as I could tell. It may be possible that privacy as a political issue in 2013 will follow the same arc as copyright in 2012: business as usual until another "netizen uprising" spooks federal lawmakers and forces a re-calibration of the discussion.

The experts' views:

For 2013, online businesses should view the posted privacy policy as the starting point, not the ending point, for achieving notice and choice. Jennifer C. Archie, Partner, Latham & Watkins LLP, Washington, D.C.

Judiciary Committee votes to extend ECPA warrant requirement to all stored content; but ECPA waits yet another year for uncertain reform in 2013. Albert Gidari, Partner, Perkins Coie LLP, Seattle.

Consumer privacy continues to be a hot button issue; industry should continue to educate consumers about the benefits of relevant marketing including cost savings, free content and well-tailored promotions. Francine Friedman, Senior Policy Counsel, Akin Gump Strauss Hauer & Feld LLP, Washington, D.C.

Will Congress amend the Electronic Communications Privacy Act in 2013 to require a search warrant before government can get access to the content of any electronic communications? Momentum seems to be building, but law enforcement could still put the kibosh on it. Michael Vatis, Partner, Steptoe & Johnson LLP, New York, N.Y.

Data privacy and security will continue to dominate the news in 2013--look for the Boy Scouts to issue merit badges for Scouts who master "Privacy Compliance" as well as First Aid. Joseph V. DeMarco, @devoredemarco, Partner, DeVore & DeMarco LLP, New York, N.Y.

The signature issue of 2013 will be do not track. Will the W3C come up with a consensus standard? If so, will the FTC and the European regulators approve of it? If the W3C fails, will the FTC broker a deal directly with industry? How would any such deal be seen by the Europeans? All of those questions will be answered in 2013. D. Reed Freeman Jr., Partner, Morrison & Foerster LLP, Washington, D.C.

Expect more privacy rules as lawmakers balance needs of pubs to sell ads, marketers to target consumers and individuals to protect privacy. Terri Seligman, @FrankfurtKurnit, Partner, Frankfurt Kurnit Klein & Selz PC, New York, N.Y.

In 2013 the privacy industry may remember that the state is more threatening than a cookie. Graham Smith, @cyberleagle, Partner, Bird & Bird LLP, London.

Technology simply outpaces the poor law, which struggles to balance everyone's interests. Security, privacy, big data, and IPv4 issues will be important in 2013. Michael Powell, @mpowell_iplaw, Partner, Baker Donelson Bearman Caldwell & Berkowitz PC, Atlanta.

Clash between privacy regimes and online activity will grow in 2013. Social media, analytics, geolocation, social sharing, cloud computing--it is likely too late to put the genie back in the bottle. Miriam Wugmeister, Partner, Morrison & Foerster, New York, N.Y.

Expect to see more privacy-related enforcement at both the state and federal level related to mobile apps, particularly those that collect data from children. Aaron P. Rubin, @MoFoSocMedia, Of Counsel, Morrison & Foerster, San Francisco.

In 2013, the White House Consumer Privacy Bill of Rights will be introduced and will get a surprisingly positive reception from businesses weary of media and advocacy criticism of their data practices. Jules Polonetsky, @julespolonetsky, Co-chair and Director, Future of Privacy Forum, Washington, D.C.

Will 2013 be the year that law enforcement rules governing access to electronic communications enter the 21st Century? There's more cause for optimism than ever before--especially for improvements regarding access to the content of communication and location tracking. Chris Calabrese, @CRCalabrese, Legislative Counsel, American Civil Liberties Union, Washington, D.C.

In 2013, companies will really start competing on privacy, transparency and security. Alan Charles Raul, Global Coordinator of Privacy, Data Security and Information Law Group, Sidley Austin LLP, Washington, D.C.

Recent proposed changes to Facebook's terms of services and the resultant copyright notice hoax reveal an ongoing angst over user privacy, an issue that should be watched by anyone doing business online. Joseph Geisman, @JoeGeisman, Vice President, Business and Legal Affairs, Maize Marketing, Los Angeles.

The ongoing push for new or expanded privacy laws will finally result in some sort of action with kids' privacy concerns leading the way. Adam Thierer, @adamthierer, Senior Research Fellow, Mercatus Center at George Mason University, Fairfax, Va.

Increasingly more surveillance activities, and the expanding use of drones and robots to do such spying, will bring multiple proposed privacy bills specific to surveillance in the U.S. Congress, as well as new legal proposals throughout the world for restricting such activities. Rebecca Herold, @PrivacyProf, Chief Executive Officer, The Privacy Professor, Compliance Helper, and Norwich University, Des Moines, Iowa.

California's attorney general seeks to regulate privacy on small screen mobile devices. Ian Ballon, @ianballon, IP & Internet Litigation Shareholder, Greenberg Traurig LLP, Silicon Valley & Los Angeles.

State regulators recently have made aggressive moves to regulate online and mobile privacy standards (e.g. California AG "enforcement" action against Delta for lack of mobile privacy policy), filling a void left by Congress which has yet to pass comprehensive data privacy legislation. Like earlier state efforts to prescribe standards for commercial email, this patchwork approach to regulation is unworkable and renews questions about states' ability to prescribe standards for the Internet and digital commerce. Ashlie Beringer, Partner, Gibson, Dunn & Crutcher LLP, Palo Alto, Calif.

State attorneys general are likely to play an increasingly important role in privacy enforcement. The California attorney general is leading the way on mobile apps, and the National Association of Attorneys General has made privacy a main focus for the organization. Christopher Wolf, Partner, Hogan Lovells, Washington, D.C.

More healthcare CEs and BAs will be sanctioned for HIPAA violations, by HHS as well as state AGs, in 2013 than in all previous years combined. Rebecca Herold, @PrivacyProf, Chief Executive Officer, The Privacy Professor, Compliance Helper, and Norwich University, Des Moines, Iowa.

In 2013, the emergence of web 3.0 will change the frontiers of privacy. Bradley L. Joslove, Partner, Franklin Societe D' Avocats, Paris.

As content distribution moves increasingly online and over apps, considerations of privacy law will become as important as copyright, branding and marketing law have been in the traditional distribution space. Eleanor Lackman, @EMLackman, Partner, Cowan DeBaets Abrahams & Sheppard LLP, New York, N.Y.

(photo credit: sankar govind on flickr)


Follow @tjotoole on Twitter Follow me on Twitter at @tjotoole.