Private Parts


Washington — Privacy has gone public in the nation’s

Nearly every week brings news of another Congressional
hearing or a letter from a concerned lawmaker to an
Internet company whose data-handling practices are under

The White House has laid down the (almost) law with a
voluntary privacy “Bill of Rights” that it wants Congress
to make mandatory.

The Federal Trade Commission is preparing to recommend
changes to the Children’s Online Privacy Protection
Act (COPPA) to boost online privacy protections for kids.

The National Telecommunications & Information Administration
is hosting stakeholder meetings next week on
how to implement the Bill of Rights, with a focus on mobile
broadband, but even those have already drawn fire
from activist groups for not being sufficiently accessible
to all stakeholders.

The Federal Communications Commission has enlisted
cable operators in a self-regulatory effort to counterattack
botnets and protect Web addresses.

And lobbyists with the National Cable & Telecommunications
Association, used to focusing on matters related
to the Cable Act, find themselves ’Net-deep in privacy
and security issues.

“Go look at what the issues were on the Hill last year,”
NCTA president Michael Powell told reporters on a
conference call two weeks ago. “Very few are things
that emanated from the Cable Act. … If you asked my
government-relations staff what they’ve worked on this
year, an enormous amount of that is going to be stuff that
originated on the Web.”

Cable operators have three general options: they can
push for less cable regulation; for more regulation of Internet
players like Google or Facebook, to match cable’s
historic privacy regulation regime; or for the option the
NCTA has chosen — to argue that whichever way the federal
government comes down, a patchwork of regulation
is the wrong response.

Dan Brenner, an attorney with Hogan Lovells who used
to be a top lawyer for the NCTA, agreed. “As platforms look
more similar, different privacy regimes don’t make sense
either for consumers or for businesses because consumers
should not have to expect different privacy treatment
depending on how they watch an episode of television,”
he said.

Cable operators and other multichannel video-programming
distributors are directly in the line of fire of
most of these acts and agencies. As distributors roll out
new services that increase the interactivity with TV — and
monetize those interactions — more of customers’ privacy
will be up for grabs.

Targeted marketing and behavioral advertising are already
buzzwords, but with innovations such as Internet
tracking and geolocation, the mission to tap ever deeper
in to the psychographics of human buying behavior will
become even more critical.

“We are still in the very early stages of how people monetize
these enormous amounts of data,” Brenner said. “If
cable is offering a video service with commercials input
into VOD — just like you want to have directed ads on a
Google Web page or a Facebook — you want to have directed
ads when somebody replays a show on VOD. That
is a business that would benefit from the same access to
data as competing advertising vehicles.”

As it turns out though, cable operators are no strangers
to privacy regulations. In fact, they’ve lived with such rules
for decades — and that might even give them a competitive
advantage as over-the-top and mobile service providers.


Cable operators trying to negotiate this landscape, particularly
as they become online content providers, could
have a leg up on the pure-play competition, Scott Cleland,
chairman of cable-backed industry consortium Netcompetition.
org, said. Cable’s history of being subject to FCC
customer-privacy rules could provide MSOs with an advantage
as they delve deeper into delivering programming
directly via the public Internet, Cleland said.

In addition to enforcing existing privacy rules related to
protecting traditional cable customers’ personal information,
last March the FCC announced an agreement with
Comcast, Time Warner Cable, Cox and other ISPs on a set
of voluntary standards for combating botnets and domain
name hijackers.

MSOs have been living with restrictions on sharing
publicly identifiable information (PII) — one of the current
flashpoints for online data tracking and sharing —for almost three decades, Cleland noted.
In the 1984 Cable Act, the FCC said: “Cable
operators generally are prohibited from using
their cable systems to collect personally
identifiable information concerning any
subscriber without the prior written or electronic
consent of the subscriber.”

And in the specific instances when it can
be collected, the cable operator must provide
separate, clear and conspicuous written
notice of the nature of the information
collected, how it will be used, why it’s being
disclosed and to whom the disclosure will
be made, as well as of the subscriber’s right
to limit those uses.

In short, the 1984 Cable Act establishes
the kind of privacy regime many are trying
to apply to online information sharing.

“The cable industry understands their
consumers and has been respectful in the
privacy area,” Cleland said.

But Jeff Chester, executive director of the
Washington-based nonprofit Center for
Digital Democracy — a main proponent
of tougher privacy protections — is unconvinced.
In his view, there’s still a need for a
trust-but-legally-verify approach. “The cable
TV industry should be ground zero for
any new law protecting consumer privacy,”
he said. “The remaining cable and telco giants
drink from a digital triple-play honey
pot of user information.

“They can profile a subscriber 24/7: When
they are online, watching TV, using mobile
and multi-tasking,” he said. “Cable wants to
take advantage of new features for IPTV that
allow it to collect even more data on subscribers
so it can micro-target.”

Over the long haul, though — given the
volume of commerce, entertainment and
government business now being transacted
online — there is enough bipartisan support
for some action.

“Trying to have two privacy policies when
you have a bundled service is really hard,”
Cleland said. “If you are selling service saying,
‘Cable bundle X gives you video broadband
phone and Wi-Fi, and then you try and
say if you use Wi-Fi or broadband you don’t have the privacy
protections, but if you use cable or phone you do?’ Consumers
aren’t going to understand that.”

As more content moves online, the privacy headaches
for cable operators will multiply. “If TV is everywhere, privacy
should be too,” Chester said. Advertising opens them
up to such issues as behavioral targeting, geolocation and
do-not-track, all issues getting traction in Washington —
at minimum through pushes by the Obama administration
for self-regulation with the threat of government
action waiting in the wings.

The Rights Stuff

A bill out of Congress may be unlikely in the near term,
but a privacy Bill of Rights from the White House, by way
of the Commerce Department and National Telecommunications
& Information Administration, has received a
lot of attention.

On July 12, the administration will convene the first in a
series of stakeholder meetings to hammer out the details
of the voluntary Bill of Rights. Mobile is first on the agenda,
the NTIA said two weeks ago, because it is “a privacy challenge
that affects many consumers yet is discrete enough
to be addressed in a reasonable period of time.”

The guidelines are voluntary, but that’s with a big asterisk.
At a Senate hearing last month, Commerce Department
general counsel Cameron Kerry, a former cable
attorney, said the administration wants to give the voluntary
Bill of Rights “the force of law.” The problem with
a voluntary regime, the administration has said, is that
there is no way to get to the outliers that don’t volunteer.

If companies pledge to abide by the Bill of Rights and
break that promise, the FTC has the authority to go after
them for “false and deceptive” claims. It has no such power
over companies that don’t make any promises.

Chester said the negotiations, which are expected to
continue through the end of the year, will have everything
on the table, including tracking, behavioral advertising,
social media and teen privacy.

The FTC in the fall will be offering recommendations on
changes to COPPA, and privacy activists have asked for inclusion
of mobile and behavioral targeted marketing practices.

Advertising associations have generally
gotten behind the browser-based do not track
regime also being promoted by the administration
— a way for online surfers to decide
whether data from their browsing session is
being collected to better target advertising to
them. But Microsoft has thrown a scare into
the ad community with its announcement
several weeks ago that it was planning to make
do-not-track the default setting on its next iteration
of the Internet Explorer Web browser.

The Digital Advertising Alliance, which
convinced its members to back do-nottrack
as a voluntary option, not as a default
setting, was unhappy. The trade group
said that unilateral decision “may ultimately
narrow the scope of consumer choices,
undercut thriving business models and reduce
the availability and diversity of the Internet
products and services.”

“Microsoft’s move will shift more power
to login-based services like Facebook,
Google and other giants that will continue
to track end users without cookies,” Ran
Cohen, president of audience marketplace
firm Legolas Media, said.

The bipartisan duo of Reps. Ed Markey
(D-Mass.) and Joe Barton (R-Tex.) were
fine with Microsoft’s decision, but want
more. The lawmakers want “do not track”
to mean “do not collect,” so the government
can control both targeted behavioral advertising
and the gathering of personal data.

The FTC is on the same page, a spokesperson
for its chairman, Jon Leibowitz,
said. “The chairman believes it means
‘do not collect,’ with a few exceptions for
things like fraud detection,” the spokesperson
The FTC has been under pressure to put
more teeth into its oversight of online privacy.

Linda Goldstein, chair of the Advertising,
Marketing & Media Division of law firm
Manatt, Phelps and Phillips, who attended
an FTC workshop on mobile marketing
last month, told Multichannel News that the
agency did not seem sympathetic to the lack
of available real estate on small screens to
make privacy-policy disclosures.

“I think their view would be that if the real estate you
have available does not permit you to make disclosures
that are necessary, maybe you shouldn’t be advertising
that product or service through that platform,” she said.

Cable operators that take a page from their current privacy
regime could be well-positioned for the time when
government does weigh in. Both Chester and Cleland
agree that day will come.

“The big disconnect here is that all the polls will tell you
that vast majorities of Americans think they are protected
with privacy law, and they aren’t,” Cleland said. “That is
politically unsustainable.”


Electronic Privacy Information Center is a public-interest research organization that tracks privacy issues.
A partial list of of the hot topics it is following in the communications sphere:

Online Privacy


monitoring of
social media


Street View

record privacy




Privacy Bill of Rights

Here, in abbreviated form, are the privacy principles the White
House wants the Internet content, access and advertising communities
to live by. The Obama administration hopes to get Congress to
enshrine these “voluntary” principles in legislation. Talks begin July
12 between the industry, activists and government over how to flesh
out this Bill of Rights and make it enforceable.

Consumers have a right to exercise
control over what personal data companies collect from them and
how they use it.

2. TRANSPARENCY: Consumers have a right to easily understandable
and accessible information about privacy and security practices.

Consumers have a right to expect
that companies will collect, use, and disclose personal data in ways
that are consistent with the context in which consumers provide the

Consumers have a right to secure and responsible
handling of personal data.

Consumers have a right to access
and correct personal data in usable formats, in a manner that is
appropriate to the sensitivity of the data and the risk of adverse
consequences to consumers if the data is inaccurate.

Consumers have a right to reasonable
limits on the personal data that companies collect and retain.

7. ACCOUNTABILITY: Consumers have a right to have personal
data handled by companies with appropriate measures in place to
assure they adhere to the Consumer Privacy Bill of Rights.