Who’s to blame when data breaches, hackers, or developer mistakes cause harm in the real world? This is a topic we should all be thinking about, before courts and regulators start making up new rules or allocating the costs. This week the Federal Trade Commission (FTC) hosted an all day workshop to examine consumer injury when it comes to data privacy and security. The four panels featured speakers from academia, policy, and public interest groups with diverse backgrounds – from data engineering and privacy to law and policy.
Netflix caused a stir over the weekend with a tweet meant to be humorous (while promoting a new Netflix-produced flick):
To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?— Netflix US (@netflix) December 11, 2017
The tweet wasn’t exactly ratio’d (eight thousand replies to nearly half-a-million likes), but it did prompt many, from everyday users to tech and legal experts, to weigh in on Netflix’s use of anonymized consumer data. Everybody knows Netflix collects data like this – how else do they populate their “Trending” categories – but the casual flaunting of it rubbed some the wrong way, even beyond its mocking tone.
Tech outlet ZDNet formally asked Netflix to answer “how many employees have access to customers' viewing habits and if there are any controls on who can access and what can be done with the data,” and received a pro forma response back. The Washington Post contacted lawyer Bradley Shear, who says Netflix’s tweet doesn’t violate their privacy policies, but most users are likely unaware of what exactly they agreed to when they signed up.
One of the toughest responses came from Trevor Timm, the Executive Director of the Freedom of the Press Initiative (from his personal account):
Some questions for reporters to ask Netflix:— Trevor Timm (@trevortimm) December 11, 2017
—How many employees have access to people's viewing habits?
—Are there any controls on how they can access this data/what it can be used for?
—What's the punishment for creeping on people?
—Why are they publicly shaming customers? https://t.co/bnouaaGnZC
Later in the thread, Timm also indicates he’d like to ask more than Netflix these questions.
These are questions that all companies, not just Netflix, need to be prepared to deal with, ideally with more than a boilerplate response. Any company, of any size, that collects user data requires a thought-out PR response plan to answer questions about their data collection.
As most commenters on this issue have pointed out, consumers innately know that companies like Netflix are tracking how people use their service and probably a lot more. But the product of that data collection is typically subtle enough for people to not think twice – until a company does something that calls attention to it, like a viral tweet.
Ultimately, what Netflix’s tweet exposes is not how little users know about what’s being tracked, but rather how broad of a category the term “data” actually is, and how any conversation about “data” can quickly open up entire cases of cans of worms. At the Developers Alliance, we recognize the need for a proactive approach to define and classify the various data being collected. This approach will help both companies and users move forward together into the data-driven future.
Stay tuned for more.
On Thursday 7 December, the Developers Alliance hosted a Tech Policy Dialogue entitled "ePrivacy: Regulatory implications and impact on digital SMEs.". The event brought together industry representatives and policy-makers to discuss the ePrivacy Regulation and its potential consequences on small, innovative European businesses.
Tech knows the future of business is digital, and that digital means global. Entrepreneurs and developers make concepts a reality, refine software, and launch new products all within the digital space. But what about when your customer base expands beyond your home country's market, or your data enters the cloud? ill you even notice? How does your existing and new consumer data cross borders, and what regulations guide this expansion? What happens if you just do nothing? (For more on this, see our news item on the EU GDPR from a US perspective)
Today the Developers Alliance and NDP Analytics released a new report, "Quantifying Risks to Interoperability in the Software Industry," that found the negative economic impact of threats to interoperability in the home and auto IoT space alone could exceed $77 billion in economic productivity over the next eight years. Building barriers and allowing companies to license and restrict access to programming languages will fracture the market, increase security risks, harm developers, and jeopardize those economic gains.