Rebecca Slaughter, one of the FTC’s two Democratic commissioners and a former advisor on privacy, made an appearance at the Chief Privacy Officer Roundtable at CES 2020 in Las Vegas this week. She appeared at the event alongside four privacy chiefs, including Facebook’s Erin Egan and Apple’s Jane Horvath. The roundtable marked Apple’s first appearance at the show in 28 years.

The roundtable was intended as an opportunity to discuss what consumers want from companies’ privacy policies. Horvath argued that Apple was unusual among tech giants for incorporating privacy by principle into all design work (for instance, by processing facial recognition on-device).

Egan asserted that Facebook – which was recently fined $5bn by the FTC for privacy violations – also considers user privacy when building its products, commenting: “We have a different business model than Apple but both business models are privacy-protective.” She cited Facebook’s new privacy check-up tool as an example of the company valuing privacy as a “fundamental right”.

However, Slaughter argued that the sheer number of publicly known data breaches in recent years demonstrated that more work had to be done.

“Just the fact that when we read the newspaper every day, we see different concerning stories about privacy or security breaches means that it would be impossible to conclude that enough is being done,” she said. “It wouldn’t make a lot of sense to draw that conclusion.”

She added that it was unfair that the onus of protecting data from widespread collection across the internet fell on users.

“Even if consumers can walk through a privacy check-up, the amount of information that you have to process, to figure out what is happening with your data, is untenable for most people,” she said. She said that even she, as a privacy expert, struggles with understanding how her user is collected and used online.

“I think it’s important that we think about ways that the burden is not just placed on the consumer, but that the collectors and stewards of data have the responsibility to, for example, minimise what’s collected, minimise what’s retained and minimise how it’s shared consistent with still providing the product or service that they’re offering and that the consumer wants – but without creating this endless trove of data that can disappear into the ether.”

Horvath defended giving users responsibility for protecting their own data, commenting that: “The way we look at privacy is to put the consumers in the driving seat. They should have control over their data. They should have choices with their data and one of the things we really focus on at Apple is privacy by design.”

Later, Slaughter rebuked Egan for asserting that Facebook is successfully protecting user privacy: “I don’t want to talk about specific services or products, but as a general matter […] I don’t think privacy is generally protected. I think the amount of data that is collected about any individual in this room […] I don’t think anyone here could tell us accurately who has what data about them and how it is being used.”

She told delegates that she hoped new federal privacy legislation would be introduced by 2021.

Rebecca Slaughter, one of the FTC’s two Democratic commissioners and a former advisor on privacy, made an appearance at the Chief Privacy Officer Roundtable at CES 2020 in Las Vegas this week. She appeared at the event alongside four privacy chiefs, including Facebook’s Erin Egan and Apple’s Jane Horvath. The roundtable marked Apple’s first appearance at the show in 28 years.

The roundtable was intended as an opportunity to discuss what consumers want from companies’ privacy policies. Horvath argued that Apple was unusual among tech giants for incorporating privacy by principle into all design work (for instance, by processing facial recognition on-device).

Egan asserted that Facebook – which was recently fined $5bn by the FTC for privacy violations – also considers user privacy when building its products, commenting: “We have a different business model than Apple but both business models are privacy-protective.” She cited Facebook’s new privacy check-up tool as an example of the company valuing privacy as a “fundamental right”.

However, Slaughter argued that the sheer number of publicly known data breaches in recent years demonstrated that more work had to be done.

“Just the fact that when we read the newspaper every day, we see different concerning stories about privacy or security breaches means that it would be impossible to conclude that enough is being done,” she said. “It wouldn’t make a lot of sense to draw that conclusion.”

She added that it was unfair that the onus of protecting data from widespread collection across the internet fell on users.

“Even if consumers can walk through a privacy check-up, the amount of information that you have to process, to figure out what is happening with your data, is untenable for most people,” she said. She said that even she, as a privacy expert, struggles with understanding how her user is collected and used online.

“I think it’s important that we think about ways that the burden is not just placed on the consumer, but that the collectors and stewards of data have the responsibility to, for example, minimise what’s collected, minimise what’s retained and minimise how it’s shared consistent with still providing the product or service that they’re offering and that the consumer wants – but without creating this endless trove of data that can disappear into the ether.”

Horvath defended giving users responsibility for protecting their own data, commenting that: “The way we look at privacy is to put the consumers in the driving seat. They should have control over their data. They should have choices with their data and one of the things we really focus on at Apple is privacy by design.”

Later, Slaughter rebuked Egan for asserting that Facebook is successfully protecting user privacy: “I don’t want to talk about specific services or products, but as a general matter […] I don’t think privacy is generally protected. I think the amount of data that is collected about any individual in this room […] I don’t think anyone here could tell us accurately who has what data about them and how it is being used.”

She told delegates that she hoped new federal privacy legislation would be introduced by 2021.