Consumer Privacy

This section reviews several other privacy self-regulatory activities that share some characteristics with the industry self-regulatory programs discussed above, but these activities differ in various ways. The most noticeable differences are the role of the government in the programs. The Department of Commerce is involved in the Safe Harbor Framework, and the Federal Trade Commission is involved in the Children’s Online Privacy Protection Act.

The self-regulatory efforts in this category include projects that have many components, including input from government, industry, academia, and civil society.

Is there any reason to think that privacy self-regulation will work today when it did not work in the past? Privacy self-regulation done in the same way that it has been done in the past, without sufficient consumer participation, and with the same goals of simply evading real regulation and effective privacy controls will continue to fail.

WPF executive director Pam Dixon testified at a joint subcommittee hearing focused on privacy and the collection and use of online and offline consumer information. Dixon’s testimony focused on the new “modern permanent record” and how it is used and created. Dixon said “The merging of offline and online data is creating highly personalized, granular profiles of consumers that affect consumers’ opportunities in the marketplace and in their lives. Consumers are largely unaware of these profiles and their consequences, and they have insufficient legal rights to change things even if they did know.” The testimony explored concrete examples of problematic consumer profiling activities.

If the devices are left with older versions of the iOS4 software, the data stored on the iPhones and iPads will be unencrypted and can include latitude, longitude, when the location was visited, for how long, and the data could have been collected for as long as a year. Up to 2 MG of data can be stored, which can be a lot of location data.