BCLT Privacy Forum Confronts Current Issues in Privacy Law

By TAP Guest Blogger

Posted on May 7, 2014


This forum summary is written by Mark Langer.

In March, privacy professionals gathered in the Silicon Valley for the 3rd Annual BCLT Privacy Law Forum. Sponsored by the Berkeley Center for Law & Technology, the Privacy Law Forum provides an opportunity for leading figures in privacy, both practitioners and academics, to address some of the critical issues in the field. Everyone was especially interested to hear from keynote speaker Jan Albrecht, a European Parliament member and the rapporteur for the E.U.’s General Data Protection Regulation, about the future of privacy in Europe.

Panel 1: Privacy and Mobile Payments

With a booming smartphone industry, mobile payments are the new frontier for electronic transactions. Professor Paul Schwartz laid the groundwork for the panel discussion, outlining the general legal framework and potential complications. Laura Berger (Federal Trade Commission) noted the immediate concerns from a regulator’s standpoint, namely regulating deceptive privacy practices and illegal marketing while encouraging reasonable technology and security standards.

Security is not simply a concern for regulators. Scott Shipman (eBay, Inc.) and Russell Schrader (Visa, Inc.) discussed the importance of developing strong security measures and standards. Recent technological developments, like the use of tokenization, as well as growing standards in the mobile payment community, should help alleviate some of the privacy and security concerns. Tom Brown (Paul Hastings LLP) pointed out that most consumers seem willing to part with their personal information. As long as proper security measures are in effect, the other privacy aspects could be left to a competitive market.

Panel 2: Harmonizing Privacy and Innovation

Professor Kenneth Bamberger started the panel on privacy innovation and harmonization by highlighting his recent research on privacy regulation in Europe and the United States. While the European Union generally has strong privacy laws, each Member State enforces them differently. Bamberger found increasing similarities between successful privacy regimes on both sides of the Atlantic. More specifically, successful regulators have become more flexible and transparent, focusing on substantive protections and not just procedural checklists and paperwork.

Andrew Serwin (Morrison & Foerster LLP) emphasized the important distinction between privacy and data management. Privacy is based on societal norms, and any attempt at inter-cultural harmonization will generate inherent tensions. Kurt Wimmer (Covington & Burling LLP) noted that there is a great deal of agreement on baseline principles and an important focus should be to eliminate uncertainty and confusion for smaller companies that do not have budgets for large privacy programs. Christopher Sundermeier (Reputation.com) was also optimistic about privacy innovation and harmonization. He noted that privacy has become a new area for entrepreneurs, creating a new privacy culture that will promote future innovation.

Keynote Speaker: Jan Albrecht (E.U. Parliament)

Before discussing the proposed Data Protection Regulation, Jan Albrecht told the audience how he first became interested in privacy. Growing up 30 kilometers from the Iron Curtain, he had always loved technology and even studied IT law. However, his first interest in politics came from a desire to protect individuals and the environment from the radioactive waste facilities near his hometown. When the Parliament decided to work on a general E.U. Data Protection Regulation, he saw an opportunity to combine his interest in technology with his desire to protect civil rights and values. Albrecht discussed the key developments of the proposed regulation and some of its key terms. He then shifted his focus to the effect of Edward Snowden’s revelations, calling for increased transatlantic discussion on privacy issues and investment in privacy development and technology.

Panel 3: Practical Lessons from Privacy Professionals

Christopher Wolf (Hogan Lovells) led a conversation on the practical realities facing privacy professionals. Paul Martino (Alston & Bird LLP) described how privacy law is developing in Washington, D.C. as both companies and politicians are adapting to the problems that technology poses. Josh Harris (Future of Privacy Forum) argued that while complete privacy harmonization might not be possible, interoperability between privacy frameworks can and should be a focus for lawmakers. Hank Dempsey (California State Assembly) spoke on how California has approached privacy legislation. He specifically encouraged interaction with the legislature to find alternatives and solutions.

Michael Hintze (Microsoft) discussed the challenges of handling privacy matters for an international corporation. In his experience, it is best not to meet the minimum requirements but rather look to the trends and future developments of privacy legislation. Brian Gin (Cisco Systems, Inc.) noted the difficulty of advising on privacy issues, especially as public opinion on the subject keeps changing. He encouraged getting the perspective of as many people as possible (stakeholders, partners, and customers) in order to understand not only basic privacy expectations, but also how privacy fits in to the company’s product and image.

Panel 4: Big Data and Privacy Law: Classifications, Segmentation, and Fairness

In the final panel, Professor Deirdre Mulligan turned the focus to Big Data. As data brokers collect and analyze massive amounts of data, it has become necessary to articulate meaningful civil rights and protections. Drew Leibert (California Assembly Judiciary Committee) outlined his three main concerns: accessing, correcting, and protecting the information that companies are collecting. Nicole Ozer (ACLU) argued for transparency in reports and collection of information. Jim DeGraw (Ropes & Gray LLP) discussed the potential for legal enforcement against data brokers, noting the likelihood of FCRA enforcement against smaller companies that are unfamiliar with the law, as well as the potential for other laws, like anti-discrimination laws, to become a mechanism for regulation.

For more details on the 2014 BCLT Privacy Law Forum, including presentation slides and audio, please see http://www.law.berkeley.edu/16062.htm.

Mark Langer is a student at UC Berkeley School of Law.