If the National Telecommunication and Information
Administration's first stakeholder meeting is any indication, coming to
consensus on privacy policies among a host of stakeholders in the private and
nonprofit and government sectors will be a little like herding cats, but the
herding has begun in earnest.
There was early disagreement at the Thursday meeting over
whether a discussion about process should precede an attempt to prioritize the
issues on the table for coming up with a regime for ensuring transparency in
mobile app policies.
Privacy advocates including the ACLU, Consumer Federation of
America and the Center for Digital Democracy argued early on that prioritizing
that list, as facilitator Marc Chinoy and NTIA had structured the meeting, was
putting the cart before the horse.
They also argued that mobile transparency should not be
looked at by itself, but instead had to be treated in the broader context of
other fair information practices.
Susan Grant of Consumer Federation of America said she
thought the meeting should have first addressed the higher-level questions of
the process, and that any discussion of transparency should not be divorced
from other issues including data collection, quality, security, safeguards, and
Their concern is that focusing on transparency could be a
way to sidestep those issues on the way to policies that only address notice,
not whether the practice being noticed should be allowed in the first place.
NTIA won the day that the meeting focused on identifying and ranking a host of
issues related to mobile app privacy.
And while the discussion included numerous breaks for
comment and criticism of the consensus-building process, some consensus did
During the vote, NTIA took pains to stress that it was not
ranking issues per se, or excluding any issues, but simply determining what
issues the group might want to address first or break out into separate working
Among the issues that did draw a crowd of hands indicating
it was critical to put near the top of the list were that privacy policies be
technology-neutral, that there needs to be a common, functional definition of
data use, that data being collected by mobile apps be tracked across other
platforms (say, a mobile app that led to the cloud that led to a home
computer), and that it needed to be made clear why data was being collected,
and that privacy policies be in clear understandable language.
Chinoy kept the meeting reasonably on track with occasional
reminders that if the meeting simply became an open-loop debate, it would be
tough to identify common issues that would help them try and structure the
The breakdown in the room was roughly 75% industry, 12%
advocates, and others, said NTIA, with more than 200 in the room to start the
daylong meeting, though that number fell off in the afternoon.
The first half of the meeting was focused on the key issues,
the second half to getting some consensus on a practical set of processes for
Suggestions included having NTIA more involved, the
"adult in the room" as some called it, to having it step back,
provide a room and some direction and let the stakeholders drive the bus. NTIA,
led by chief Larry Strickling, suggested they saw their role as facilitator,
rather than the only adult in the room, and that they were looking to have
stakeholders ultimately drive the process
Chester said that there needed to be an objective
fact-finding process within the next 60 days, and that consumer groups needed
parity in whatever voting structure there was. He also said that the Federal
Trade Commission needed to be involved. CFA's Grant added that there needed to
be some way beyond voting to come to consensus, since advocates would always be
outnumbered by industry at the meetings.
Ed Black of the Computer and Communications Industry
Association, suggested that they needed to get more senior-level executives
involved in the meetings -- NTIA said the next meeting will be in August -- since
senior players are the ones who will be able to resolve some of the issues.
By the end of the day, the crowd had thinned, but the
critical process issues the remaining crowd seemed most interested in putting
at the top of the list of possible process elements: identify current common
privacy practices, involve app developers, create working subgroups to deal
with some individual issues, provide advance notice of meeting material -- there
was a complaint that the agenda of this meeting was only supplied the night