Defending the Digital Consumer

This story appears in the July-August issue of Government Executive magazine.

Julie Brill has a pretty good idea what the Internet will look like in five years: It won’t exist.

The Federal Trade Commission executive believes everyone will have so many devices deeply woven into the Internet, that the line between online and offline will simply cease to exist, Brill says. That will present many challenges for the FTC. Continuing to provide consumers with notice and choice about how and why their data will be used is likely to become exponentially more complex.

Working as an attorney in consumer protection and antitrust for more than 20 years, Brill has become a key player in the country’s digital privacy debate. Nextgov editorial fellow Hallie Golden recently spoke with Brill about her efforts to protect consumers online amid an evolving digital landscape. The interview has been edited for length and clarity.

How did you become interested in consumer protection?

The first case that I ever did hooked me. It happened as I walked into the attorney general’s office to take over a slot that was available in consumer protection. I was handed a stack of phone messages from all over the state of Vermont, about people who were having a credit reporting problem. As I dug into it, I and a number of other people within the state discovered that the major credit reporting agencies had made a mistake in terms of how to interpret tax records in Vermont. [They] had listed hundreds of people as being tax deadbeats, when in fact they merely had a tax bill.

You’ve been working in this field for more than two decades. How has it changed over that time?

Technology has changed. So the tools that consumers are using to interact with each other, to interact with businesses, to gain information, have become much more sophisticated. [They] allow consumers to engage with anyone that they want to engage with much more easily. Consumers leave a trail of information about their interaction, much of which can be and is captured by a variety of players within the ecosystem.

People often talk about the volume, variety and velocity of data and its collection and use, and how much that has changed over the past, say, five years. I think the three V’s is probably one of the biggest changes that we have seen over the past 20 years that has a direct and important impact on consumers.

Is there both a positive and negative side to big data?

Consumers benefit a great deal and industry benefits a great deal from what we now colloquially call big data, as well as the tools that generate big data. For example, big data is being used to help diagnose diseases and to try to understand who are the types of patients that might be more vulnerable to certain types of diseases or might have better outcomes with certain interventions, versus other patients. That kind of analysis will be tremendously important in the health care field going forward.

But there are other aspects of big data. Sometimes, when this information is in the hands of, for instance, data brokers or other entities that use it to profile consumers, that can be harmful.

Can you tell me about the role online and mobile technologies play in protecting consumer privacy?

The level of engagement through laptops and tablets and whatnot has exploded. One of the concerns from a consumer protection perspective is whether consumers can manage their digital permissions, which they should be understanding and engaging with now. One of the things we as an agency have been recommending is for companies to become much more simple and intuitive and immersive in terms of when and how they give consumers information about their data use and practices.

Another issue that we’ve been focused on is privacy by design. That is, let’s not place so much of a burden on consumers. Let’s have companies really think through the data practices that they have. Do they really need to collect all of that data? And if they do, how can they protect it or ensure that a consumer’s privacy is appropriately handled?

Is there one particular thing that really stands out to you in terms of what is most needed to protect consumers’ online information and data?

A portal that consumers can visit to see the information that these third-party collectors, data brokers and others have and how they’re being profiled. I think that would probably be the single most important tool that we could create right now, to help consumers navigate a system that is completely invisible

to them.

Have you started working toward this?

I have been calling for industry to do this for years, and one data broker has taken the first steps to create such a portal. That data broker is Acxiom and the portal is called AboutTheData.com. It has some of the information that Acxiom has about millions of United States consumers. It’s a good first step, but it’s just a first step.

What are the biggest misconceptions or mistakes consumers make when it comes to digital privacy?

I resist the word mistake. The reason is because it’s a very difficult ecosystem for consumers to navigate, and I think many consumers are kind of doing the best they can. But consumers aren’t really going online to figure out how their information is being used. They’re using all of these tools to get something substantive done.

I think consumers do need to interface more with the privacy tools that they do have. For instance, with respect to social networks, most of them offer pretty good privacy tools to consumers, but many consumers don’t look at them or interface with them or make choices about who they really want to be sharing their information with.

How do you foresee this changing in the next few years?

One of the things I believe is that pretty soon, maybe within five years, the Internet will disappear. And what I mean by that is the same thing that [Google Chairman] Eric Schmidt meant when he said this back in January. Pretty soon, we’re not going to fire up our laptops in order to get on the Internet; instead, we will have many, many connected devices that are online and connecting us in a variety of ways. I think the concept of providing consumers with notice and choice and giving them some kind of understanding about how their data is going to be collected and used will become much more complex.

If you had the chance to change one thing with respect to technology and privacy in the U.S., what would that be? 

I would like to see more significant protections for health information and other sensitive information that is flowing outside of the protected silos of sector-specific privacy laws, such as the Health Insurance Portability and Accountability Act. Fitness bands, wearables and other health-oriented devices, apps and online services provide consumers with enormous benefits, from monitoring their health to answering questions about health conditions and diseases. Yet the information about consumers that flows from these devices, as well as health information that marketers and data brokers infer from other information, can be deeply personal and can cause severe harm to consumers if it is inappropriately used or disclosed.