Future of Privacy Forum Letter to the White Office of Science and Technology Policy

Future of Privacy Forum Letter to the White Office of Science and Technology Policy

 

 

 

 

Following is the test of the letter we sent to the White House in response to the call for feedback on the President’s memo on Openness and Transparency

April 3, 2009

Dear Ms. Noveck:

The Future of Privacy Forum is providing the below suggestions to offer a roadmap for enabling use of analysis, site optimization and tracking technologies by government agencies.  Personalizing site content for users, enabling log term shopping carts and improving site usage are key to providing the public the best possible web experience and these functions are reliant on cookies and other technologies currently limited by various approval requirements.  As a result, agencies may end up either forgoing the use, or they seek approval but may not seek to establish additional necessary controls to ensure these technologies are used in the most privacy friendly manner.

We provide below practical guidelines that could enable the use of cookies to better serve the public as desired by many government web managers.  Some of these concepts are already in place at some of the most progressive private sector companies, and government leadership in this area would spur wider adoption of these practices that both optimize the user experience and ensure privacy and transparency in data use.

We propose that the current restrictions on cookies and similar technologies be abolished.  In their place should be requirements that establish leading practices for such technology practices.


Ensuring that Interactive Tools used by Government Provide Users with Enhanced Transparency and Controls for Data Collection and Retention


Analytics, Research or Others Using Cookies, Tracking Pixels or Other Tools


1. Delete log-files after a defined period of time.

a. Data retention periods for “non-personal” log-files vary widely across vendors, are not publicly disclosed and are rarely committed to contractually.

2. Cookies should have limited expiration periods and should not be used to store information unprotected.

3. IP addresses logged by vendors should be obscured or deleted as soon as possible.

a. Some vendors can use and then immediately scramble IP addresses as they log them.

4. The use of the tools and user options should be transparent and prominently explained.

5. Consider implications of use of “first party” White House domain for analytics, rather than “third party” domain, to avoid potential for unwanted correlation.

6. Contractual representations barring use of data for purposes other than services contracted, other than aggregate reporting.

We will be pleased to provide further detail about the above upon request.

Sincerely

Jules Polonetsky

Future Of Privacy Forum

www.futureofprivacy.org

Leave a Reply


Privacy Calendar

Nov
7
Fri
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
Nov
11
Tue
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
Nov
12
Wed
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]
Nov
20
Thu
all-day W3C Workshop on Privacy and User... @ Berlin, Germany
W3C Workshop on Privacy and User... @ Berlin, Germany
Nov 20 – Nov 21 all-day
The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection[...]
Dec
2
Tue
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
Dec
11
Thu
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]

View Calendar