The Federal Trade Commission Wants Transparency in Data Practices – But FTC Commissioners Are Not Transparent about Their Activities

It appears that we’ve got a problem with FTC Commissioners having undisclosed meetings with business representatives and business groups.  At a time when the FTC is seeking to expand its authority over data and privacy matters this is particularly troubling.

On its website, the Electronic Privacy Information Center describes one specific instance of the problem:

FTC Commissioner Wright Meets with Industry Lobbyists, Not Consumer Representatives: Through a Freedom of Information Act request, EPIC obtained the appointment calendar of FTC Commissioner Wright. The Commissioner’s calendar reveals many meetings with corporate presentatives [sic] but no meetings with public interest organizations representing consumers. One of FTC’s primary missions is to protect consumers from unfair and deceptive business practices. Commissioner Wright became an FTC Commissioner in January 2013. Since then he has met with representatives from Apple, Microsoft, Verizon, Qualcomm, the Network Advertising Initiative, and the Consumer Data Industry Association. He has attended industry conferences and given talks at trade association meetings.

Commissioner Wright isn’t the only Commissioner that has not been forthcoming about meetings with corporate interests.  Big Data and the Law has stumbled across another one.

It appears that Commissioner Julie Brill has had at least two meetings with industry representatives that do not appear on the published list of her “Speeches, Articles, and Statements” found on the FTC website. 

Commissioner Brill was scheduled to take part in presentations to the Centre for Information Policy Leadership Annual Membership Retreat on June 12-13, 2012 and June 13, 2013.  If you believe in transparency in government, the Centre is a particularly troubling group.

To begin with, Centre membership is expensive enough to be pretty exclusive.  Depending upon the level of membership, the Centre charges either $50,000 or $30,000 annually.  Not very many companies have the budget for that, which is probably why there are only 36 Centre members, and that they are companies like American Express, Apple, Bank of America, Boeing, Facebook, Google, MasterCard, Oracle, Verizon, Visa, Wal-Mart and Yahoo.

The Centre also seems to think that transparency is a bad thing.

In 2012 the National Telecommunications and Information Administration proposed a “Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct.” In a letter to the NTIA about that process, the previous President of the Centre had this to say:

When applied to the actual development of enforceable best practices, however, the Centre believes an effective process requires that the business community serve as the primary drafter of codes and be allowed a closed forum in which to probe sensitive questions and test the workability of proposed approaches.

The Centre is concerned that the Administration’s multi-stakeholder process…  While any process to create industry codes or guidance should be open and inclusive, it must also include ample opportunity for testing ideas, candidly airing points of concern and disagreement, and discussing matters that may involve proprietary information or controversial data practices.  Such robust debate would be discouraged by the presence of media or the possibility of a written transcript of discussions.  This is particularly important when best practices will likely have a direct effect on the internal processes of companies, and will be enforceable against companies that voluntarily adopt them.

This does not mean that policymakers, experts, advocates and the public have no role in the development of best practices.  The Centre urges their full engagement.  Once the initial draft of best practices is developed by industry….

The Centre’s position then, is that industry should create the Codes of Conduct in secret, otherwise industry might have to publicly disclose their “controversial data practices.”  Policymakers (presumably regulators and legislators) can say what they think after the secret drafting is done. 

If that’s the Centre’s view of things, how is it appropriate for Commissioner Brill to meet with the Centre’s members in private?  At a minimum it looks bad.  It looks worse when you see the Centre’s description of the 2013 presentation in which Commissioner Brill is listed as a participant:

Legitimacy, Fairness and Big Data

In the big data context, how should companies reconcile requirements of legitimate processing in data protection regimes with fair processing concerns in the U.S.? Have legitimate process requirements in places like Europe and fair processing concerns in the U.S. begun to coalesce over time? How should regulators approach enforcement in this context?

Let’s summarize. 

We have an industry group with a very exclusive membership. In the recent past, the principal executive of that group has expressed hostility to transparency in the development of enforceable codes of business practices – that presumably would be applicable to its members.  We have a regulator meeting in private with that group, notwithstanding that the group’s members are subject to the authority of that regulator’s agency.   It appears that in one such meeting the topic of the meeting was how such regulators should “approach enforcement” within their jurisdiction. 

One more thing – providing a detailed and lengthy list of appearances and presentations gives the impression that there aren’t any other appearances or presentations to list.  EPIC had to resort to a Freedom of Information Act request to get full disclosure of Commissioner Wright’s meetings with industry.  Big Data and the Law learned about Commissioners Brill’s meetings with the Centre by happenstance.  We have no idea whether there are any other such undisclosed meetings.

This all seems inconsistent with Commissioner Brill’s stated views on enforcement and transparency, which we here at Big Data and the Law have no reason to doubt.  

However, at a time when the FTC wants more authority over data privacy and security matters, it is more important than ever that we know about the relationships between the FTC and those subject to regulation by the FTC.  It’s clear we haven’t been told everything we should know.

This entry was posted in Big Data, Federal Trade Commission, Policy, Privacy, Regulation and tagged , , , , , , , . Bookmark the permalink.