Privacy groups have never been happy with the Obama Administration’s “multi-stakeholder” approach for establishing voluntary guidelines to protect consumer privacy.
But this time, they’ve really had it. Fed up with a drawn-out 16-month process of meetings between industry and public interest groups to establish a voluntary code of conduct for the commercial use of facial recognition, a group of 9 privacy and consumer groups have backed out of further negotiations.
The groups, including the Center for Democracy and Technology, the Center for Digital Democracy, and the American Civil Liberties Union, don’t believe the process is going to yield any serious protections for the use of the technology.
With so many industry stakeholders in the same room protecting business interests, the groups felt out-gunned.
“Industry stakeholders were unable to agree on any concrete scenario where companies should employ facial recognition only with a consumer’s permission,” the groups said in a statement.
As far as the groups are concerned, the industry has shown its true colors. “Even companies like Microsoft, which uses opt-in for its own products, refused opt-in for the code,” said Jeff Chester, executive director of the Center for Digital Democracy.
The Administration has counted on the “multi-stakeholder” process to tackle consumer privacy issues, putting the process in the hands of the National Telecommunications and Information Administration (a division of the Commerce Department).
The first issue tackled under the multi-stakeholder approach was mobile app privacy, but it never resulted in any consensus, just a proposal for a privacy dashboard that companies could use or reject.
Privacy groups blasted the process then, but still tried it a second time with facial recognition, a technology that is becoming more popular in both digital and physical platforms and environments.
“We have participated in this process in good faith for 16 months,” the groups said. “We have joined working groups and offered constructive suggestions to build towards consensus. People deserve more protection than they are likely to get in this forum.
What this means for the future of the multi-stakeholder process is unclear. The NTIA said in a statement that it was “disappointed” and defended the process, hinting that the process will go on – but without all the privacy groups.
“Up to this point, the process has made good progress as many stakeholders, including privacy advocates, have made substantial, constructive contributions to the group’s work. A substantial number of stakeholders want to continue the process and are establishing a working group that will tackle some of the thorniest privacy topics concerning facial recognition technology. The process is the strongest when all interested parties participate and are willing to engage on all issues. NTIA will continue to facilitate meetings on this topic for those stakeholders who want to participate,” said an NTIA spokesperson.
If the process goes on, what voluntary guidelines are developed, will be by industry stakeholders such as the International Biometrics Industry Association, the Retail Industry Leaders Association, Microsoft, Facebook, and NetChoice, among others.
“The real threat is that there would have been a code of conduct that would undermine state laws,” said Alvaro Bedoya of the Center on Privacy and Technology at Georgetown Law. Both Illinois and Texas have biometric privacy laws. “We’re walking away and these [state] laws are staying put,” Bedoya said.
Other groups that walked out of the NTIA privacy talks are: Consumer Federation of America, Common Sense Media, Electronic Frontier Foundation, Consumer Action and Consumer Watchdog.