If the National Telecommunication and Information Administration's first stakeholder meeting is any indication, coming to consensus on privacy policies among a host of stakeholders in the private and nonprofit and government sectors will be a little like herding cats -- but the herding has begun in earnest.
There was early disagreement at the Thursday meeting over whether a discussion about process should precede an attempt to prioritize the issues on the table for coming up with a regime for ensuring transparency in mobile app policies.
Privacy advocates including the ACLU, Consumer Federation of America and the Center for Digital Democracy argued early on that prioritizing that list, as facilitator Marc Chinoy and NTIA had structured the meeting, was putting the cart before the horse.
They also argued that mobile transparency should not be looked at by itself, but instead had to be treated in the broader context of other fair information practices.
Susan Grant of Consumer Federation of America said she thought the meeting should have first addressed the higher-level questions of the process, and that any discussion of transparency should not be divorced from other issues including data collection, quality, security, safeguards, and accountability.
Their concern is that focusing on transparency could be a way to sidestep those issues on the way to policies that only address notice, not whether the practice being noticed should be allowed in the first place. NTIA won the day that the meeting focused on identifying and ranking a host of issues related to mobile app privacy.
And while the discussion included numerous breaks for comment and criticism of the consensus-building process, some consensus did emerge.
During the vote, NTIA took pains to stress that it was not ranking issues per se, or excluding any issues, but simply determining what issues the group might want to address first or break out into separate working groups.
Among the issues that did draw a crowd of hands indicating it was critical to put near the top of the list were that privacy policies be technology-neutral, that there needs to be a common, functional definition of data use, that data being collected by mobile apps be tracked across other platforms (say, a mobile app that led to the cloud that led to a home computer), and that it needed to be made clear why data was being collected, and that privacy policies be in clear understandable language.
Chinoy kept the meeting reasonably on track with occasional reminders that if the meeting simply became an open-loop debate, it would be tough to identify common issues that would help them try and structure the process.
The breakdown in the room was roughly 75% industry, 12% advocates, and others, said NTIA, with more than 200 in the room to start the daylong meeting, though that number fell off in the afternoon.
The first half of the meeting was focused on the key issues, the second half to getting some consensus on a practical set of processes for implementing them.
Suggestions included having NTIA more involved, the "adult in the room" as some called it, to having it step back, provide a room and some direction and let the stakeholders drive the bus. NTIA, led by chief Larry Strickling, suggested they saw their role as facilitator, rather than the only adult in the room, and that they were looking to have stakeholders ultimately drive the process
Chester said that there needed to be an objective fact-finding process within the next 60 days, and that consumer groups needed parity in whatever voting structure there was. He also said that the Federal Trade Commission needed to be involved. CFA's Grant added that there needed to be some way beyond voting to come to consensus, since advocates would always be outnumbered by industry at the meetings.
Ed Black of the Computer and Communications Industry Association, suggested that they needed to get more senior-level executives involved in the meetings -- NTIA said the next meeting will be in August -- since senior players are the ones who will be able to resolve some of the issues.
By the end of the day, the crowd had thinned, but the critical process issues the remaining crowd seemed most interested in putting at the top of the list of possible process elements: identify current common privacy practices, involve app developers, create working subgroups to deal with some individual issues, provide advance notice of meeting material -- there was a complaint that the agenda of this meeting was only supplied the night before.