US Senators raise third party handling of digital data issues

August 23, 2014 |

Two US Senators, Ron Wyden of Oregon, and Jay Rockefeller of West Virginia have raised concerns about data privacy practices in different contexts.

Senator Rockefeller is reported in Senator questions airlines’ data privacy practices has sent letters to US airlines about their practices of collecting personal information and sharing it with third parties.

The article provides:

A senior U.S. senator is asking airlines about their data privacy practices, saying he’s concerned about what information the companies are collecting and sharing with third parties.

Some consumer advocates have raised concerns that airline privacy policies “can contain substantial caveats and that it is difficult for consumers to learn what information airlines and others in the travel sector are collecting, keeping, and sharing about them,” Sen. John “Jay” Rockefeller, a West Virginia Democrat, wrote in a letter to 10 U.S. airlines Monday.

The airlines receiving the letters included United Airlines, Delta Air Lines, American Airlines and Southwest Airlines. Airlines contacted about Rockefeller’s letter didn’t immediately respond to requests for comments.

A spokeswoman for Rockefeller, chairman of the Senate Commerce, Science and Transportation Committee, didn’t point to specific complaints about airline privacy policies, but noted that he has focused on raising consumer awareness about the personal information they provide online. This year, Rockefeller has introduced the Data Security and Breach Notification Act, which would create a federal standard for companies to safeguard the personal information they hold and to notify consumers if their systems are breached.

“Data collected during ticket purchase can include a passenger’s name, credit card numbers, date of birth, addresses, travel destinations, and travel companions, among other information,” Rockefeller wrote in the letter.A “No comprehensive federal privacy law currently applies to the collection, use, and disclosure of consumer travel information.”

Some privacy groups have raised concerns about airline privacy in recent years, but the focus has been more on airline security measures after the 9/11 attacks on the U.S. than on airlines collecting and sharing personal information.

Much of Rockefeller’s letter covers add-on fees that airlines charge customers for carry-on luggage, priority seating and other services. But the letter also asks the airlines what personal information they collect, how long they keep it and what privacy and security protections they have in place.

The letter also asks the airlines whether they share the personal information with third parties and the reason for sharing it.

 Senator Wyden has taken issue, as reported in  Sen. Wyden: Your data’s yours no matter on whose server it liveswith the absurdity in US Law whereby the act of handing over digital data has been seen as acquiescence to a loss of privacy.  It is a very US approach, quite contrary to EU and Australian data protection regulation.

The article provides:

At the TechFestNW event in Portland on Friday, Oregon Sen. Ron Wyden called for legal reforms that embrace an understanding that the mere act of handing over digital data doesn’t mean giving way a user’s right to privacy.

“Some will still argue that by sharing data freely with Facebook, Google, Mint, Uber, Twitter, Fitbit or Instagram, Americans are choosing to make that data public. But that is simply not the case,” the Democrat said, according to prepared remarks released by his office. He added, “When I send an e-mail to my wife, or store a document in the cloud so I can review it later, my service provider and I have an agreement that my information will stay private. Neither of us have invited the government to have a peek.”

What Wyden, long a spirited privacy advocate, is pressing for is reform of the so-called “third-party doctrine,” or the idea that by releasing data to another person, business or entity one gives up some Fourth Amendment protections. The doctrine is rooted in the 1979 Smith v. Maryland decision, in which the Supreme Court found that telephone users had no reasonable reason to believe that their calling records are private. “We doubt that people in general entertain any actual expectation of privacy in the numbers they dial,” the court found then. But what’s more, held the court, privacy is eroded by the knowledge that such data is used for “a variety of legitimate business purposes,” like for the processing of billing, for example.

The concept, though, takes on new light at a time when both data forms the basis of the business models for so many modern companies, from Uber to Instagram, and when government have an ability to collect and process data not reined in by technological limitations. And so, argued Wyden, it must be limited by law.

In Portland, Wyden ticked through possible solutions — ending bulk collection of the data of Americans, clarifying the lines between law enforcement activities and intelligence gathering, passing the GPS Bill on geo-location data he is championing with Rep. Jason Chaffetz (R-Utah) — but mostly Wyden was at TechFestNW to give language to an idea fairly newly in the air, from the June Supreme Court ruling that held that cellphone searches generally require a warrant to an on-going case about the protections that apply to an American citizens’ e-mail data stored in a Microsoft facility in Ireland.

Wyden is attempting here to stuff it all into a coherent framework, even if he’s not exactly sure yet what that might be. “Applying the Founding Fathers’ principles to the age of high-tech digital surveillance,” the senator argued in Portland, “is going to require some new thinking”

Before privacy advocates throw their hats in the air and fire off their pistolas two senators do not make a congress.  As reported in  ‘Big data’ lobbyist: Congress doesn’t want online privacy law there is significant resistance to any privacy enhancing legislation.

The article provides:

A lobbyist for one of the top companies that trades in consumer data is confident that Congress won’t set rules for how online marketers use information about consumers.

During a conference held by the Technology Policy Institute in Aspen, Colo., this week, Tony Hadley, senior vice president for government affairs and public policy for Experian, said industry standards, not legislation or regulation, should determine how companies collect and use information about Internet users for marketing purposes. 

“Should marketing data be regulated like credit, like employment, like lending data?” Hadley asked, referencing sector-specific laws that address sensitive information like financial and health data.

“I think the clear indication that we’re getting from Congress is no.”

He held up five fingers, saying, “There might be this many members of Congress that want to go in this direction.”

Pushing back on calls for a sweeping consumer privacy law in a “big data” era where companies can collect, analyze and share large amounts of information about consumers, he pointed to the state and federal rules that companies like Experian already have to follow.

Experian complies with 300 state and federal laws, he said.

“The idea that there’s a lack of data regulation and that one more law, the 301st law, will bring sense to consumers … is something that I think is questionable.”

Instead of a new law, he pointed to industry standards.

“We’re not going to see law passed in this area, but that doesn’t mean that we shouldn’t be mindful of best practices,” he said.

Hadley also touted the benefits of “big data” practices, such as using related but unregulated financial data to “create financial identities where none exist,” especially in the cases of low-income consumers who have not had the chance to build their credit.

While a lot of focus has been put on the harms that can come from companies using unregulated data to discriminate against low-income consumers, “I think there’s real opportunity in using big data analytics for financial inclusion,” he said.

In recent months, government officials have highlighted the potential harms and benefits of companies’ ability to use a constantly-growing amount of data about users, including in a report from the Federal Trade Commission and two reports from groups of White House advisers.

Marjory Blumenthal, executive director of President Obama’s Council of Advisers on Science and Technology, which prepared one of the White House reports, said technologies that use large amounts of data about consumers can have positive and negative consequences.

“Part of what your hearing is that the technologies themselves can go either way,” she said, appearing on the panel with Hadley.

“You need the legal framework to make sure that the use of the data … promotes the more positive outcome.”

Maureen Ohlhausen, a Republican on the Federal Trade Commission stressed the value of report’s like the FTC’s.

“I think it’s important for us as policymakers to think about [the potential harms], but to try to get to the right balance,” she said, adding that “it’s a lot easier to write a report than to get legislation passed.”

One Response to “US Senators raise third party handling of digital data issues”

  1. US Senators raise third party handling of digital data issues | Australian Law Blogs

    […] US Senators raise third party handling of digital data issues […]

Leave a Reply