What are the consumer protection issues of online social media sites and what’s the right regulatory balance? That was the focus of today’s Northern Virginia Technology Council (NVTC) event called “Social Media and Consumer Protection: Finding a Balance” that featured Tim Sparapani of Facebook, Pablo Chavez of Google, and Ari Schwartz of the Center for Democracy and Technology (CDT).
But the event wasn’t about consumer protection (in the traditional sense), it was about privacy. Privacy online is today’s issue du jour, whether it is marketing to children or collecting and sharing data for targeted ads. The FTC has devoted a series of roundtable discussions toward privacy, with the first one beginning Dec. 7.
Privacy’s getting so hyped-up that I believe it to be the next “online safety” sort of issue where isolated and particularized incidents become sensationalized in the media and among regulators, creating counterproductive techno-panics that other commentators have described. This shift is apparent as many policymakers and advocacy groups become increasingly hostile toward targeted online advertising.
But are social media and privacy at odds such that there needs to be a “balance”–whatever that entails? While this question was never explicitly asked, it is clear that Ari Schwartz would say “yes” because he asserts that consumers don’t know what information is being collected and that users need help to gain control over their own data.
Ari acknowledged that when it comes to privacy, lawsuits would be filed and that the courts might rule differently on whether social media sites or their advertiser would be liable, depending on the circumstances. The case-by-case approach in the courts is something that many pro-market advocates would support–but it flies in the face of CDT’s public comments for next week’s FTC Privacy Roundtable.
A cornerstone recommendation in CDT’s comment is that “[t]he FTC should encourage Congress to pass general consumer privacy legislation that is based on a full set of Fair Information Practices. Self-regulation cannot adequately protect consumer privacy when it is not girded by legal standards and more direct oversight from the FTC.” It’s a sweeping statement that ignores the unintended consequences of a general, one-size-fits-all privacy law.
The Maine law regulating “predatory” marketing to children that passed this year is a great case study on the pitfalls of general privacy regulation. The law prohibits the collection of personal and “health-related” information from minors without parental permission, and bans outright its use in marketing to teens.
Because the law was not specific to a particular harm, it was way overbroad. Legitimate advertising and information sharing was now illegal, violating the free speech rights of both advertisers and teenagers. Thankfully, a legislative committee voted in October to recommend repeal of the law.
You often hear privacy advocates rail against the sectoral approach of the U.S. toward privacy, where we have particular laws specific to financial and health care information. They’d rather see a European model of general consumer privacy regulation. But there’s no one-size-fits-all to something that is as highly contextual and personal as one’s privacy.
At the event we heard Pablo Chavez say how hard it is to convince consumers to click on display ads. Online publishers and service providers are constantly thinking of new ways to show relevant and compelling advertising to consumers. It is this experimentation and innovation that, by making ads more relevant, keep paying for the free services we all use on the ‘Net. When this experimentation goes too far and some consumers get harmed–which will undoubtedly happen as it does in any other commercial context–consumers can sue and the FTC can enforce.
Perhaps I’m reading too much into Ari’s acknowledgment that litigation and FTC enforcement will likely figure this out. CDT is an influential and respected organization, so it would be nice to see them acknowledge the pitfalls of a one-size-fits-all solution and talk more about how targeted enforcement can help to weed out any bad actors in targeted advertising. I hope CDT might agree that we need more FTC enforcement and private lawsuits, not new legislation.