The following is edited testimony from Rachel Welch, Charter Communications senior vice president of policy and external affairs, at a Sept. 26 Senate Commerce Committee hearing on consumer data privacy.
Advances in technology have radically changed the privacy landscape.
Despite Americans’ daily reliance on websites, apps and social media, it is difficult for consumers to understand and appreciate how companies are collecting, analyzing, sharing and selling a tremendous amount of information about them.
An increasingly important aspect of ensuring that consumers continue to utilize all the services the internet has to offer is making sure that they are confident that their personal information online is protected. While we strive to give our customers confidence with our current policies and practices such as not selling any information that personally identifies our customers to third parties, we recognize that there is still more to do.
That is why, last April, Charter CEO Tom Rutledge called for uniform privacy protections that would provide more meaningful consent for the use of their online information for all Americans no matter where they go on the internet.
Consumers as the Starting Point We appreciate that Congress is taking up the issue of online privacy and data security and recognize that there are a range of ideas and methods for protecting online data. We believe that a national online privacy framework should start with the consumer and be grounded in the concept of empowering and informing consumers to control the personal information that is collected about them online.
Charter believes such a framework should focus on the following core principles:
• The first principle is control. Consumers should be empowered to have meaningful choice for each use of their data. We believe the best way to ensure consumers have control over their data is through opt-in consent. Any legal framework that is ultimately adopted should ensure consumer consent is purposeful, clear and meaningful. That means no more pre-ticked “boxes,” take-it-or-leave-it offers, or other default consents. It also means that the use of personal data should be reasonably limited to what the consumer understood at the time consent was provided. Companies also should ensure that consent is renewed with reasonable frequency.
• The second principle is transparency. Consumers should be given the information they need to make an informed decision. Explanations about how companies collect, use and maintain consumers’ data should be clear, concise, easy-to-understand and readily available. Privacy policies should be separate from other terms and conditions of service. If all online entities provide such transparency, consumers will have the ability to weigh the potential benefits and harms of the collection and use of their personal data, and truly provide informed consent.
• The third principle is parity. Consumers are best served by a uniform framework that is applied consistently across the entire Internet ecosystem not based on who is collecting it, or whether a service is free or paid. From a consumer standpoint, they want their online data protected whether they are using an ISP like Charter, a search engine, an e-commerce site, a streaming service, a social network or a mobile carrier or device. Quite simply, we believe consumers should know that their personal information is being treated with the same level of protections wherever they go on the Internet.
• The fourth principle is uniformity. For these protections to be effective there should be a single, national standard that protects consumers’ online privacy regardless of where they live, work or travel. Whether a consumer’s information is adequately protected should not differ based on which state he or she is logging in from. A patchwork of state laws would be confusing for consumers, difficult for businesses to implement, and hinder continued innovation on the internet, which is a borderless technology.
• The final principle is security. At Charter, we believe privacy is security and security is privacy. Strong data security practices should include administrative, technical, and physical safeguards to protect against unauthorized access to personal data, and ensure that these safeguards keep pace with technological development.
We support the adoption of legislation that is based on these principles. We also believe that the Federal Trade Commission is the appropriate agency to oversee and enforce online privacy and data security.
Control Is Key
Revelations of data misuse in recent years have led to a long-overdue public conversation about what happens to data online and the vulnerabilities that develop when online data goes unprotected. Consumers today and in the future deserve to have the ability to control how their information is collected and used whenever they use the internet and wherever they go online.