A Lobby Group Representing Apple & Other Tech Companies Establish a Privacy Framework that Protects their Interests
Yesterday a leading tech lobbying group in Washington known as "The Information Technology Industry Council (ITI) that represents Apple, Adobe, Amazon, Dell, Intel, Google, Microsoft and others published their "Framework to Advance Interoperable Rules on Privacy" using the acronym as "Fair." The reason for publishing their paper now is because key lawmakers have indicated that they're interested in exploring privacy legislation during the next congressional session, with some urgency driven by California's privacy law, which goes into effect in 2020. This lobby group wishes Congress to be swayed by their framework that defines and controls the definition of what private data should be. Meaning, Silicon Valley wants to shape the argument in their image to avoid regulatory annoyances and/or to ensure that the U.S. has it's own policy to protect them from lawsuits arising from collecting data they deem necessary to collect anywhere in the world.
The timing of the "FAIR" Privacy Framework set by the ITI lobbying group was also strategically timed ahead of tomorrow's keynote by Apple's CEO at the European conference on protecting data and privacy. Some of what Cook may touch on will be from this new framework by ITI.
The Purpose of the 'FAIR' Framework
According to ITI, the framework presented in full below, "is a robust, technology and business model-neutral approach for the protection of privacy and personal data that advances the interests of all stakeholders, including consumers, businesses, individuals, and governments.
The purpose of this framework is to inform the development of legislation or the promulgation of rules that enhance personal data protection, further the trust relationship between companies and their customers, and enable innovation while also avoiding regulatory fragmentation that undermines all three goals.
Inspired by the Fair Information Practice Principles (FIPPs), Europe's General Data Protection Regulation (GDPR), and the Asia-Pacific Economic Cooperation's (APEC) Principles and Cross Border Privacy Rules (CBPR), this framework provides recommendations to both protect individuals' privacy and allow society to harness the potential of the digital age."
Overall, the framework Covers 9 Distinct Points
2. Defining Personal Data and Sensitive Personal Data
4. Individual Control Rights and Context
5. Responsible Uses
6. Risk Assessment and Mitigation
7. Security and Minimization
8. Disclosure of Personal Data to Service Providers
9. Accountability and Oversight
For complete details, read the full ITI framework below.
FINAL Framework to Advance Interoperable Rules on Privacy by Jack Purcher on Scribd
While protecting personal data, the ITI framework seeks to ensure that companies can still access personal data to better enable valuable research and innovation in areas such as machine learning and artificial intelligence that rely on the use of personal and non-personal data.
In another area of the document they note that "Any data on individuals that is publicly available is considered by this framework is not considered personal data. Publicly available data means information that is lawfully made available in federal, state, or local government records, or that is lawfully made available to the general public."
Howevr, the framework wants data on sexual orientation, biometric, ethnic origin, and political affiliation, for example, to be exempt. So even though the framework says that they can, for instance, find in your public school records that you are gay, that's going to get special treatement and protection. A complete contradiction.
Under transparency, it's nice that Silicon Valley wants companies or individuals to be up front as to what they will do with your data, what's missing is that companies shouldn't hold consumers hostage by withholding a service unless they fully consent to giving up their personal data. It's a massive loophole to get around collecting data legally.
Under "Individual Control Rights and Context" they note that "Individuals should have the right to exercise control over the use of their personal data where reasonable to the context surrounding the use of personal data."
However, they don't define "reasonable" which could be the scapegoat for grabbing information, even if you object, because a company may decide you're being "unreasonable." So they want a clause to fall back on protecting them for taking your personal data that they define as "reasonable."
If you have the time, you should dig into the framework this weekend or whenever you have time just so that you can see that the framework they seek sounds nice on the surface but that there are loopholes a cargo ship could drive through allowing companies to work around privacy if they deem it necessary to obtain.
Let's hope that legislators will close the loopholes found in this framework and nail them shut to make sure that privacy data remains private according to what consumers decide is private and not companies who never have our best interests at heart.
While Silicon Valleys want loopholes so as to allow tech companies to collect personal data that they define is necessary, the government should be able do the same to Silicon Valley by demanding certain private data and information necessary to protect citizens against suspected terrorists, criminal organizations and all illegal activities.