November 9, 2018
Protecting Consumers with Federal Privacy Legislation .
When it comes to our online privacy, CTIA’s members follow and advocate for two simple principles: protect consumer privacy and let innovation continue to flourish.
In practice, these principles mean developing transparent, consumer-friendly programs and policies that ensure consumers know how their information is being used—and mean building strong safeguards to protect that information.
While these practices and policies have been part of the wireless industry’s operating principles for years, the past 12 months have sparked new conversations among policy and industry stakeholders about online privacy and how best to protect it in this connected world.
Today, CTIA filed comments with NTIA, the executive branch agency spearheading an important effort to create a set of national privacy principles. In that filing, we reiterated our support for uniform, national privacy standards across the digital economy, enshrined by Congress in federal law and enforced by the Federal Trade Commission.
A twenty-first century privacy regime should protect all Americans’ personal information consistently across platforms and technologies. That’s why we’re calling on Congress to adopt federal privacy legislation that:
- Protects consumers equally. Crossing state or city lines doesn’t change your internet experience. The laws governing that experience shouldn’t change either. Fifty or more different privacy regimes—and the hundreds of different notifications that follow—will generate consumer confusion and warning fatigue.
- Regulates technologies equally. A national framework should establish consistent privacy protections no matter your choice of technology platform. A level regulatory playing field will enable all players in the digital economy to provide a consistent and robust level of privacy protections for your online experience.
- Empower a national regulator. A single federal agency should enforce a national privacy framework to avoid duplication and inconsistent outcomes across locations and platforms. The FTC is the right agency to do so, thanks to their decades of experience protecting all internet users as the chief federal agency focused on privacy.
To build this consumer-centric, innovation-friendly framework, we recommend four principles:
Transparency. CTIA supports legislation that requires companies to provide consumers with clear and comprehensible information about the categories of data that are being collected, used or shared, and the types of third parties with which that information may be shared.
After all, when it comes to connectivity, consumer trust is key. That’s why companies across the wireless industry have already adopted pro-consumer policies such as CTIA’s Consumer Code for Wireless Service and the broader industry’s ISP Privacy Principles.
In addition, wireless providers provide clear privacy notices, typically on their websites. These notices give consumers insight into how their data is collected, stored, used and shared—and creates accountability, allowing the FTC to hold companies to policies they publish.
Consumer Control. Consumers should be able to exert reasonable control over how the personal information they provide online is collected, used, stored and shared. Consumer choice is a key component of the relationship between wireless companies and their customers, empowering people to decide the approach that’s right for them.
That’s why CTIA, alongside various other associations and member companies, publicly committed to the importance of reasonable consumer choice—as outlined by the FTC—in the ISP Privacy Principles.
Risk-Based Security. Organizations should put reasonable security measures in place to protect consumers’ personal data.
The wireless industry takes the security of our customers’ data very seriously, building security protections into our networks. Consistent with the FTC’s existing framework, these privacy and security protections are based on the sensitivity of the data, the size of the internet service provider and technical feasibility.
Flexibility. Adaptable, technology-neutral privacy protections are key to continuing the American tradition of innovation. New technologies, like AI and VR/AR, are poised to unlock powerful consumer benefits and they require large sets of data to do so.
Privacy and security practices like de-identification and aggregation of data remove the personally identifiable elements of data, allowing these new technologies to flourish while also protecting consumers. Such practices, developed by the private sector under the FTC’s risk-management approach, illustrate how flexibility can promote innovation and protect our personal information.
* * *
It’s time for Congress to act on federal privacy legislation, based on the principles of transparency, customer choice, security and flexibility. Nationwide, technology-neutral rules for the entire digital economy can protect consumers’ personal information and foster American leadership in the industries of tomorrow.