In a white paper released Monday, the Software and Information Industry Association offered its recommendations for how companies can balance the two issues while also cautioning that too much regulation in this space could stop companies from developing future applications of what the group calls “data-driven innovation.”
In the paper, the SIIA says that companies should take it upon themselves to design privacy protections into their policies and that lawmakers should avoid taking a one-size-fits-all approach to regulating data collection because the field is far from developed and the government is often not nimble enough to deal with those changes.
“Technology is really evolving rapidly,” said David LeDuc, SIIA’s senior director of public policy. “Every discussion I’m involved in, everything that I’m dealing with now runs the risk of being focused squarely on today’s — or yesterday’s — technology.”
One example, LeDuc said, is the support for a default “opt-in” model for the collection location data — a model supported by a mobile privacy bill introduced last year by Sens. Al Franken (D-Minn.) and Richard Blumenthal (D-Conn.) that wouldn’t let companies pull location information from mobile phones unless users specifically okay that collection.
A senate panel approved that bill in December; Franken said in April that he plans to reintroduce the bill.
But LeDuc said that before demanding default actions, lawmakers need to consider which entities would be collecting location data and how they’re handling that information.
“If you’re using a weather app, you are probably expecting location data collection,” he said. But if your solitaire app is collecting location information, he said, users will probably want to know why.
LeDuc did, however, say that when it comes to children’s data privacy, that companies should be held to a higher bar, saying that it’s a “different landscape” when dealing with young users’ information.
There are ways, LeDuc said, for companies to collect location information and protect user privacy, adding that the industry should try and make as much of the data that it collects anonymous as quickly as it can.
Industry players such as the SIIA would instead like to see policies developed by a group of stakeholders that includes policymakers, consumer advocates and others to work out best practices for how to protect privacy even as companies continue to ramp up how they collect and analyze consumer information. Companies, he said, need to take it upon themselves to be good data stewards and build trust with consumers in order to address privacy concerns without having to deal with additional regulation.