As a final project for Brad Rosen’s Yale seminar—Control, Privacy, & Technology—we took on the task of close-reading and comparing four recently proposed online privacy bills. The inspiration from the project comes from President Obama’s recent historic call for a privacy bill of rights.
The proceeding chart is meant to present all of the bills’ key features, providing a sense of each bill’s thoroughness and effectiveness. Rather than coming up with our own ideas about what the ideal privacy bill should and should not include, we relied on the FTC’s principles as a guide.
After parsing all of the information presented in the bills into categories, we gave each section a score out of 10, based on how many of the FTC’s guidelines the bill adhered to. We gave each section an individual weight, based on how much emphasis the FTC puts on its relative importance. After coming up with this percentage score (points out of 10 multiplied by section weight), we gave each bill a traditional letter grade. We actually ended up curving the scores by adding 10 percentage points, because the highest grade turned out to be a B. While this does speak of the need for even better privacy legislation, we did feel that at least one of the bills received an A grade because it generally conformed with all FTC guidelines.
While the chart should speak for itself, we did want to point out a few interesting points that became apparent after combing through all of the data:
1) Notice how the bills became less strict over time. While H.R. 611 seems to be the bill which would be enacted in the FTC’s ideal world, one can infer (from the fact that there were no contributions reported) that it never got off the ground, perhaps because it was indeed overly idealistic.
2) At least a couple of the bills include exemptions which make them a lot less effective. For example, the Kerry-McCain bill includes an exemption for the use of information within the context of “established business relationships.” Many bloggers have written that this creates a special loophole for social networks, calling it the “Facebook Loophole.”
3) Notice the way that “sensitive data” gets redefined over and over again, becoming less strict. While the most stringent bill includes the protection of data such as biometric data or precise geo-location data, other bills make no mention of this, offering a lot less protection.
—Nadia Danford ’12 and Cynthia Weaver ’12
Yale Law Tech 