Positivism

'Toward a Positive Theory of Privacy Law' by Lior Strahilevitz in (2013) 126 Harvard Law Review 2010 was noted here.

In response 'Privacy Law: Positive Theory and Normative Practice' by Anita L Allen in (2013) 126 Harvard Law Review Forum 241 comments

 Professor Lior Strahilevitz’s article Toward a Positive Theory of Privacy Law urges novel positive approaches to privacy law scholarship. Positive theories of law employ empirical and analytical me- thods to describe what the law is, how it came to be, and what its consequences may be. Grounded in median voter models and public choice theory generally, Strahilevitz’s article illustrates positive analysis, illuminating distributive implications of privacy statutes and common law privacy doctrines for a range of groups, including political elites, racial minorities, criminal offenders, naïve and sophisticated consumers, data miners, and marketers. The overall goals of this insightful article are to clarify the distributive “winners and losers” of privacy law and to shed light on the predictability of who prevails in the institutions that formulate privacy rules in the United States and in Europe. 

By contrast to Strahilevitz’s positive project, my recent work on privacy law has been normative in thrust. Specifically, I have explored the normative ethical value of privacy, evaluated the normative ethics of privacy laws, and pondered the extent of normative ethical obligations to protect one’s own and others’ privacy. Though a normativist, I welcome greater attention to positive theory. Positive theory and normative theory go hand-in-hand, in my view. Normative theories of law evaluate and commend laws by reference to values that the laws embody or promote. Information management policies reflected in law are subject to evaluation by economists as efficient or inefficient, but by ethicists as right or wrong, good or bad, virtuous or vicious, and just or unjust. 

We cannot know if we are doing the right thing, if we do not know what we are doing and whom we are doing it to. My work often attends to the winners of losers of privacy rules and practices — whether corporations, women, the LGBT community, criminals locked in prisons, African Americans, or children. Whether privacy is a good thing for the people who have it is a question with a large empirical dimension. For the sake of rigor and completeness, normative ethical theorizing must attend to subtle concrete distributional effects of the sort Strahilevitz examined. Attending with special care to distributive im- plications serves the needs of ethics, as it serves the needs of other normative enterprises of perhaps more immediate concern to Strahilevitz — welfare-enhancing cost-benefit policy analysis and commercial advantage-seeking. Understanding those that Strahilevitz terms the “winners and losers” of privacy law bears on the choices that persons of conscience, character, and goodwill make respecting the frequency, content, and context of data acquisition, data disclosure, and data retension. 

Yet the truth about distributional effects may be subtle, unobserved, and disbelieved. Presumed winners may be losers, and the presumed losers may be winners. Presumptions about winners and losers may be so fixed in prejudice that no one bothers to challenge philosophical assumptions with fresh analytics or factual pieties with rigorously derived empirical data. I applaud Professor Strahilevitz’s illustrations of new ways to think empirically about privacy laws’ distributive effects. 

Here, I briefly comment on his major arguments and examples. First, in Part I, I comment on his claims concerning the law of celebrity privacy, and I offer a challenge to his conception of winners and losers in that domain. Second, in Part II, I consider his argument that granular criminal-history disclosures may be the direction for the near future and may benefit African Americans more than criminal-history privacy. I suggest that privacy-reducing surveillance of African Americans may already be so extensive that African Americans would not view themselves as “winners” under a regime that placed detailed criminal-history data in the hands of employers. Third, in Part III, I address privacy concerns raised by Big Data, noting grounds for a concerned response to the data mining and consumer-profiling practices artfully described by Strahilevitz. Finally, in Part IV I respond to Strahilevitz’s celebratory response to the federal Do Not Call registry’s privacy implications with the observation that a benignly more paternalistic Do Not Call law could have made telephone customers even bigger winners. In sum, I embrace Strahilevitz’s call for nuanced positive theories of privacy law’s “winners and losers” but for a reason he does not highlight: better positive theory is critical also for better normative ethical theory. I reject his specific characterizations of “winners and losers” of the law of celebrity publicity and criminal-history disclosure, and I suggest policy directions for bigger wins for American shoppers and consumers.

Callers

The national Government has responded to the report by the Senate Standing Committee on Environment and Communications regarding The feasibility of a prohibition on charging fees for an unlisted number service.

The Government accepts the recommendation that the Telecommunications Act 1997 (Cth) not be amended to prohibit charging for silent numbers. The rationale is that "developments within the telecommunications industry have largely negated the need for regulatory intervention".

ACMA is to "develop and publish guidance and educational material" on how privacy is regulated within the telecommunications industry, how an individual can make a complaint regarding their privacy and how 'consent' is used in the context of privacy-related regulation.

The response presumably foreshadows the outcome of the separate Communications Department inquiry into the Do Not Call regime noted here.

Freedom from doorknockers

Privacy has sometimes be conceptualised as a freedom from interference, a freedom that encompasses bodily integrity and from unwanted interruption at home.

It might be protected through

• a discrete privacy statute, 
• trade practices law or 
• communications law such as the Do Not Call Act 2006 (Cth) noted earlier this month.

The significance of trade practices law in enshrining a 'do not knock' regime is illustrated by the decision in Australian Competition and Consumer Commission v AGL Sales Pty Ltd (No 2) [2013] FCA 1360.

The ACCC has indicated that penalties in that case and in a related matter (combined penalties of $1.5 million  for unlawful selling practices by AGL Sales and AGL SA, $200,000 for conduct by marketing company CPM Australia) were a clear warning that businesses needed to comply with laws about making unsolicited approaches to consumers.

In ACC v AGL (No 2) the court stated that in late 2011 a sales representative ignored a "Do not knock, unsolicited door to door selling is not welcome here" sign on the consumer's front door, and persisted in offering the resident an energy supply deal, thereby contravening paragraph 75(1)(a) of the Australian Consumer Law (ACL), ie Schedule 2 to the Competition and Consumer Act 2010 (Cth).

The contravention had been identified in Australian Competition and Consumer Commission v AGL Sales Pty Ltd & Ors [2013] FCA 1030.

Middleton J found "the contravention subverted both the consumer's desire not to be disturbed or interrupted by sales representatives and the very protections provided to the consumer by the legislation".

The refusal to leave enabled that contravening conduct: had the sales representative left on request, no opportunity for that contravening conduct would have arisen.

The failure to leave when requested was serious in nature because of the location and context in which it occurred, being a private residence to which AGL SA and CPM were not invited.

The contravention subverted both the consumer’s desire not to be disturbed or interrupted by sales representatives and the very protections provided to the consumer by the legislation. ...

 A contravention of s 75 will rarely, if ever, directly result in financial loss or damage.

Section 75 of the ACL protects consumers in their homes by imposing a mandatory standard of conduct for persons engaged in door-to-door selling. The standard is intended to limit consumers’ exposure to inconvenience, invasion of privacy and unwanted sales calls.

The consumer did not suffer direct financial loss because she did not enter into an agreement with AGL SA. However, the consumer was subjected to unwanted interactions with a salesperson and suffered the inconvenience and invasion of privacy.

Do Not Call consultation

The Department of Communications has released a consultation paper [PDF] regarding the Do Not Call regime under the Do Not Call Register Act 2006 (Cth).

The 25 page 'Optimal period of Registration on the Do Not Call Register' discussion paper indicates that

The Do Not Call Register (the Register) allows registrants to opt out of receiving certain unsolicited telemarketing calls and marketing faxes by listing their telephone or fax numbers on the Register. When the Register was first established in 2007, registrations were valid for three years from registration. Since then, the registration period has been extended on three occasions, and is now set at eight years.

This discussion paper is seeking community views on the optimal period of registration for numbers on the Register. Public comment is sought on four options:

Option 1) Reduce the period of registration to three years

Option 2) Retain the current eight year registration period

Option 3) Extend the registration period to indefinite

Option 4) Remove the need to register

The Department of Communications is seeking comment on which of these four options maximises the value of the Register to Australian consumers and ensures that their privacy is adequately protected, while minimising the compliance cost on businesses engaging in telemarketing and fax marketing activities as far as possible. In addition, for options one, two and three, the Department is also considering the introduction of a cleansing mechanism, to improve the accuracy of the Register. ...

The Do Not Call Register Act 2006 (the Act), requires the Australian Communications and Media Authority (ACMA) to establish and maintain the Register. The Register became operational in May 2007, and since then 9 million numbers have been registered. The key objectives of the Register are to:

• reduce the inconvenience and intrusiveness of unsolicited telemarketing calls and marketing faxes by enabling consumers to list their fixed line and mobile phone numbers on the Register 

• provide a consistent and efficient operating environment for businesses engaging in telemarketing and fax marketing activities 

• establish an effective complaints handling mechanism for consumers to report complaints about unsolicited telemarketing calls and marketing faxes.

The Register allows consumers to register their numbers, to opt-out of receiving certain telemarketing calls and marketing faxes. There are a number of ways that consumers can register, including via the internet (www.donotcall.gov.au), telephone (1300 792 958), fax and post. Registrations can take up to 30 days to become fully effective. Registrants can also remove their telephone or fax numbers from the Register through an online process. The Act prohibits the making of an unsolicited telemarketing call or the sending of an unsolicited marketing fax to a number on the Register, subject to certain exceptions.

Telemarketers and fax marketers can submit their calling lists to the Register operator, which then ‘washes’ the list against the Register to identify which numbers are registered. To access the washing service, telemarketers and fax marketers pay an annual subscription fee. The fees operate on a sliding scale, depending on the maximum number of Australian numbers to be washed in a 12 month period.

Since 1 July 2008, the full direct costs of operating the Register have been recovered from businesses engaging in telemarketing and fax marketing activities through these subscription fees. The ACMA undertakes regular cost-recovery reviews to determine the subscription fees, in line with the Australian Government’s Cost Recovery Guidelines. The fees currently range from subscription type A, that is free for 500 numbers, through to subscription type H, that is $90 000 for 100 000 000 numbers.

The Department notes that The registration period for numbers on the Register was originally set at three years. This meant that numbers registered in 2007, would have needed to be re-registered before 2010 so as not to fall off the Register.

Since the commencement of the Register in 2007, the registration period has been extended three times. The most recent extension occurred on 9 April 2013, and registrations are now valid for eight years from the date the number was first registered. Numbers registered soon after the Register commenced in 2007 will now begin to expire from 31 May 2015.

The limited period of registration was originally intended to address concerns that an indefinite (or very long) period of registration may introduce inaccuracies into the Register.

Account-holders do not generally request the removal of their number from the Register when they give up their number. When a number is given-up, it will eventually be reissued to a new account holder after being in quarantine for a period. As a result it is possible that there are inaccuracies on the Register. ...

There are also a number of other factors which act to prevent inaccuracy or reduce the need for intervention:

- Local Number portability allows consumers to keep their geographic number (i.e. 02 6271 XXXX) when they switch providers. For example, a person changing telephone providers can keep their number when they move to a new provider. In 2011-12, there were 627,16010 geographic numbers ported. There are 5 million landline numbers on the Register. Since the commencement of the Register, a total of 3.7 million geographic numbers have been ported. Access to Local Number Portability may mean that consumers are less likely to need to seek a new number when they swap providers, and this may therefore reduce the amount of numbers entering quarantine.

- Mobile Number Portability allows customers to retain their mobile telephone number when they change providers. For example, a person changing mobile telephone service providers can keep their number when they move to a new provider. In 2011-12, there were 2.6 million mobile numbers ported. There are currently 3.85 million mobile numbers on the Register. Since the commencement of the Register, a total of 8.9 million mobile numbers have been ported. Mobile Number Portability, like Local Number Portability, may mean that customers are less likely to need to seek a new number when they swap providers, and this may therefore reduce the quantity of numbers entering quarantine. However, it is worth noting that pre-paid number have a high turnover (that is, a customer may simply discard their number). Likewise, prepaid mobile services may also be passed on from person to person without anyone contacting the supplier. Hence, pre-paid mobile phone numbers on the Register have an increased likelihood of inaccuracy.

- Location portability allows individuals (and organisations) to retain their fixed line/landline number when they move. This is possible when an individual is moving house within the same general geographic area (for example within Canberra or Gosford). Some providers do not allow location portability, which may limit the ability of consumers to access this service when they move. The ACMA has relaxed these rules for Voice over Internet Protocol (VoIP) services – in certain circumstances, individuals can acquire a VoIP number that does not relate to the geographic area that they live in (for example, in certain circumstances a person living in Canberra can be issued a Melbourne number – e.g. 03 9963 XXXX). - Changing a place of residence does not normally require any change in the existing mobile numbers, so the accuracy of the mobile numbers on the register is not usually affected by moving. As of 15 July 2013, there were 3.85 million mobile phone numbers registered 

One rationale for the DNC regime is privacy as 'the right to be left alone'. The paper notes that

Consumers have consistently reported that telemarketing, and unsolicited marketing in general, can cause them inconvenience and annoyance. A recent 2013 study by the Office of the Australian Information Commissioner (OAIC) has found that:

56% of respondents felt annoyed from contact by unsolicited marketers.

39% of respondents concerned about how their details were obtained by the organisation contacting them.

Community attitudes also appear to be shifting. In 2013, 45% were annoyed by unsolicited marketing versus just 27% from a similar survey done by the OAIC in 2007. In the 2013 survey respondents were less likely to feel that unsolicited marketing was "a bit annoying, but mostly harmless" (11% in 2013 versus 23% in 2007). The 2013 survey also found that only 3% of respondents indicated that unsolicited marketing information either doesn’t bother them and only 2% indicated that they enjoy reading it.

It goes on to quote a researcher's comment that

the Australian Do Not Call Register compares poorly with other jurisdictions. In the US the renewal requirement was dropped in 2007 and registration is now permanent. Registration is also permanent in India, Spain and the UK. A major problem with the renewal requirement is that it adds regulatory burden, complexity and expense to a system that is supposed to be simple and inexpensive… (the renewal) process will be very ineffective and inefficient, as it is unlikely any registered consumers will suddenly wish to receive telemarketing calls. (In any case, a consumer can remove their number from the Register at any time if they have a change of heart about telemarketing)… There is no evidence that any of the Do Not Call Registers in jurisdictions without renewals have become ‘clogged’ with obsolete information.

Silent Numbers

The Australian Senate Standing Committees on Environment and Communications References Committee has released its underwhelming report [PDF] regarding the inquiry into The feasibility of a prohibition on charging fees for an unlisted number service.

The Coalition majority on the Committee has two recommendations, essentially disregarding submissions from other than Telstra -

1 that the Telecommunications Act 1997 not be amended to prohibit the charging of a fee for an unlisted (silent) number on a public number directory. 

2 that the Australian Communications & Media Authority produce relevant material for telecommunications users that explains where their personal information is published and how it may be made private.

The Coalition senators comment that -

As the Australian Law Reform Commission stated in its report, For Your Information: Australian Privacy Law and Practice, privacy is a recognised human right and generally should take precedence over a range of other countervailing interests, such as cost and convenience. The ALRC also recognised however that privacy rights will clash with a range of other individual rights and collective interests.

The committee acknowledges the concerns raised by submitters that the charging of a fee for an unlisted number in the national public number directory may interfere with elements of their right to privacy. Furthermore, the committee appreciates that in addition to privacy being an individual right, people who have experienced domestic violence or who would be placed in a vulnerable position should their personal information become public are compelled to maintain their privacy. For these people even a modest charge to have an unlisted number could prove a barrier to their protection.

The committee also agrees with comments made by Telstra that for now there remains public interest in maintaining a nationally available public telephone directory to assist people maintaining communication. The White Pages has been published for a considerable period of time and is relied upon by many people for its information. Indeed the committee particularly notes the statistics provided by the Australian Communications & Media Authority that 88% of all Australians have used; either the electronic or hardcopy White Pages or Directory Assistance services in the past 12 months. The inclusion of the production of a public telephone directory in Telstra's Carrier License Conditions is indicative of its importance to the Australian public.

The committee is pleased that Telstra has agreed to formally implement a policy to waive the Silent Line fee for telecommunication users who face a demonstrated security threat. The empowerment of customer service agents to respond to an applicant's individual circumstances and apply the fee exemption where appropriate is also welcomed. The committee considers that these measures will help to ensure the privacy of those people who would be placed at risk if their personal information were to become public. The victims of domestic violence have a right to ensure their personal safety and this should not come at a cost to them. The committee acknowledges that through Telstra's announcement, the ability of victims to maintain their privacy free of charge is now available.

The committee agrees with comments made by Telstra that if it is compelled by its Carrier License Conditions to produce a national telephone directory, that it would be inconsistent for it to then also be compelled to support a government policy that could encourage users to remove themselves from that directory. Eventually this position would undermine the purpose and usefulness of the directory. The committee therefore considers that a nominal charge which has the effect of ensuring that most people do not unlist their number is beneficial to the directory and ultimately to the community.

The dissenting senators (Cameron, Bilyk and Ludlam) were more positive. They comment -

The genesis for this References inquiry was recommendation no. 72-17 of report no. 108 of the Australian Law Reform Commission on Australian privacy law and practice which recommended that: The Telecommunications Act 1997 should be amended to prohibit the charging of a fee for an unlisted (silent) number.

The Coalition Senators’ report found that the ALRC’s recommendation has widespread support from consumer and privacy advocacy groups as well as sections of the telecommunications industry. The Coalition Senators have chosen to ignore the evidence received and seek to protect the corporate interest of Telstra.

Of the 19 submissions [including one by myself], the only submission that advocated the continuation of unlisted (silent) line fees was made by Telstra. Their submission was focused on ensuring the continued profitability of Telstra, through the charging of unlisted (silent) line fees, and of Sensis, the subsidiary that is responsible for the production of the White Pages directory.

This was opposed by groups like the St Vincent de Paul Society, the Australian Communications Consumer Action Network, the Privacy Commissioner and Legal Centres from around Australia - all built on the work of the Australian Law Reform Commission. Their submissions were focused on concerns about privacy and safety. They also focused on ensuring that all telecommunications users are able to enjoy those two rights, regardless of their ability to pay, or meet complex eligibility requirements.

The claim by Coalition Senators that the prohibition of charging a fee for an unlisted number would undermine the purpose and usefulness of the national telephone directory does not withstand even basic scrutiny.

As it stands, 16% of fixed line users are currently paying a monthly fee to have their details removed from telephone directories. This has not had a deleterious effect on the use of telecommunications directories, which is still used by 88% of Australians in the past year.

Dissenting Senators have taken the view that citizens' right to privacy and personal safety are more important than a theoretical decrease in the usefulness of Telstra’s White Pages directory.

.

Positive Privacy

'Toward a Positive Theory of Privacy Law' by Lior Strahilevitz in (2013)113(1) Harvard Law Review argues that

Privacy law creates winners and losers. The distributive implications of privacy rules are often very significant, but they are also subtle. Policy and academic debates over privacy rules tend to de-emphasize their distributive dimensions, and one result is an impoverished descriptive account of why privacy laws look the way they do. The article posits that understanding the identities of the real winners and losers in privacy battles can improve predictions about which interests will prevail in the agencies and legislatures that formulate privacy rules. Along the way, the article shows how citizens whose psychological profiles indicate a strong concern for their own privacy are less likely to be politically efficacious than citizens who do not value privacy, producing a substantive skew against privacy protections. The article employs public choice theory to explain why California’s protections for public figure privacy are noticeably stronger than the protections that exist in other American jurisdictions, and what factors might explain the trans-Atlantic divide over privacy regulation with regard to Big Data, the popularity of Megan’s Laws in the United States, and the enactment of Do Not Call protections. The article concludes by noting that structural features of privacy regulation can affect the public choice dynamics that emerge in political controversies. Individuals seeking to expand privacy protections in the United States might therefore focus initially on altering the structure of American privacy laws instead of trying to change the law’s content.

Strahilevitz comments that

Privacy protections create winners and losers. So do the absence of privacy protections. The distributive implications of governmental decisions regarding privacy are often very significant, but they can be subtle too. Policy and academic debates over privacy rules tend not to emphasize the distributive dimensions of those rules,1 and many privacy advocates mistakenly believe that “all consumers and voters win” when privacy is enhanced. At the same time, privacy skeptics who do discuss privacy in distributive terms sometimes score cheap rhetorical points by suggesting that only those with shameful secrets to hide benefit from privacy protections. Neither approach is appealing, and privacy scholars ought to be able to do better.

This Article reveals some of the subtleties of privacy regulation, with a particular focus on the distributive consequences of privacy rules. The Article suggests that understanding the identities of privacy law’s real winners and losers is indispensable both to clarifying existing debates in the scholarship and to helping us predict which interests will prevail in the institutions that formulate privacy rules. Drawing on public choice theory and median voter models, I will begin to construct a positive account of why U.S. privacy law looks the way it does. I will also suggest that a key structural aspect of U.S. privacy law - its absence of a catch-all privacy provision nimble enough to confront new threats - affects the attitudes of American voters and the balance of power among interest groups. Along the way, I will also make several other subsidiary contributions: I will show why criminal history registries are quite likely to become increasingly granular over time, examine the relationship between data mining and personality-based discrimination, and explain how the U.S. political system might be biased in favor of citizens who do not value privacy to the same degree that it is biased in favor of highly educated and high-income citizens. Part I assesses the distributive implications of two privacy controversies: the extent to which public figures should be protected from the nonconsensual disclosure of information concerning their everyday activities, and the extent to which the law should suppress criminal history information. In both instances the United States is far less protective of privacy interests than Europe, and, as a result, the U.S. government has been subjected to criticism both here and abroad.

The Article shows that defensible distributive judgments undergird the American position. The European approach to celebrity privacy is highly regressive, and causes elites and nonelites to have differential access to information that is valuable to both groups. The U.S. attitude toward criminal history information may be defended on pragmatic grounds: in the absence of transparent criminal history information, individuals may try to use pernicious proxies for criminal history, like race and gender. The Article then shows how these distributive implications affect the politics of privacy; California’s interest groups are pushing that state toward European-style regulation, and there is an apparent emerging trend toward ever-increasing granularity in criminal history disclosures.

Part II analyzes the emerging issue of Big Data and consumer privacy. The Article posits that firms rely on Big Data (data mining and analytics) to tease out the individual personality characteristics that will affect the firms’ strategies about how to price products and deliver services to particular consumers. We cannot anticipate how the law will respond to the challenges posed by Big Data without assessing who gains and who loses by the shift toward new forms of personality discrimination, so the Article analyzes the likely winners and losers among voters and industry groups. The analysis focuses on population segments characterized by high levels of extraversion and sophistication, whose preferences and propensities to influence political decisions may deviate from those of introverts and unsophisticated individuals in important ways.

Part III glances across the Atlantic, using Europe’s quite different legal regime governing Big Data as a way to test some of the hypotheses articulated in Part II. Although U.S. and European laws differ significantly, the attitudes of Americans and Europeans toward privacy seem rather similar. The Article therefore posits that different public choice dynamics, especially the strength of business interests committed to data mining in the United States, are a more likely cause of the observed legal differences. But this conclusion raises the question of why European business interests committed to data mining do not have similar sway. The Article hypothesizes that structural aspects of U.S. and European privacy laws substantially affect the contents of those laws. In Europe, open ended, omnibus privacy laws permit regulators to intervene immediately to address new privacy challenges. The sectoral U.S. approach, which lacks an effective “catch-all” provision, renders American law both reactive and slow to react. As a result, by the time U.S. regulators seek to challenge an envelope-pushing practice, interest groups supporting the practice have developed, social norms have adjusted to the practice, and a great deal of the sensitive information at issue will have already been disclosed by consumers.

Part IV examines a rare case in which U.S. regulators were able to combat a substantial privacy harm despite these structural and interest group dynamics. The fact that the National Do Not Call Registry took more than a decade to be implemented, despite its enormous popularity with voters, shows just how difficult regulating privacy can be, especially since many other privacy regulations will create a substantial number of losing consumers who are likely to buttress the interests of prospective loser firms in opposing the new regulation.

Junkmail

'Privacy and Advertising Mail' (Berkeley Center for Law & Technology Research Paper, 2012) by Chris Hoofnagle, Jennifer Urban & Su Li considers

why Americans may frame the generation and receipt of unsolicited advertising mail as a privacy violation. We then present data from our nationwide survey showing that a very large majority of Americans, across all ideologies, educational attainment levels, age, and income levels, support the creation of a do-not-mail mechanism similar to the popular Telemarketing Do Not Call Registry. We discuss our results in light of the fact that direct advertising mail now makes up more than half of all mailpieces sent by the United States Postal Service (USPS).

The authors conclude -

In considering why Americans may think of advertising mail as a “privacy” issue, we suggest that this may be both because of the extensive collection and use of personal information targeting and sending it entails, and a reaction to a sense of intrusion created by receiving unwanted mailpieces. There is a little more information in the literature and court cases on the concept of “intrusion” than the concept of “privacy-control,” but the literature is lean overall, and the concepts have never been compared to one another, so we cannot say if one is more salient than the other. Our data contribute to the overall trend by showing that most Americans would like to have some ability to block advertising mail. This result is robust across political ideology, educational attainment, age, and income level. Both men and women strongly support the idea of DNM, though women support it more. 

Survey research showing annoyance with advertising mail and support for a do-not-mail mechanism does not in itself justify regulatory action. Nor does it specify how DNM should be implemented if it were adopted. Similarly, regulation of saturation and “Every Door Direct” mail may speak to Americans' interest in reducing intrusions into their home, but it would do little to address the interests in controlling the underlying collection and use of personal data. 

Nonetheless, it would be reasonable to consider interventions in this space to respond to Americans’ privacy concerns. Indeed, we think it would be reasonable to consider interventions, if not for privacy, then for the sake of the integrity of the USPS as one of America's great institutions. Especially in light of its fiscal constraints and lack of more broad-based support from Congress, the USPS sees advertising mailers as an important constituent and aggressively pitches new ways to get advertising mail intomailboxes. Over the years, it has failed to modernize the outdated and unwieldy Prohibitory Order process or create other innovations to help another main constituent—mail recipients—avoid unwanted mail. 

The USPS' fiscal challenges have created incentives for the agency that directly contravene recipients’ desire to manage advertising mail. Though only a limited number of studies exist, the strong thread among them is dislike for unwanted advertising mail; our results show a strong desire for opt-out control. The USPS' current course of increasing its reliance on advertising mail, while fiscally understandable, could cause all mail to simply become “junk” in the eyes of Americans. Americans who can abandon the USPS are more and more likely to in light of increasing advertising mail volumes. 

Given the importance of advertising mail as an industry, and of the USPS to United States economic, security, and social interests, our findings could serve as a wake-up call to markets, the USPS, and regulators to more fully explore citizens’ rejection of direct advertising mail and find ways to address their concerns while preserving the fundamental service provided by the USPS.

NZ Privacy

The New Zealand Government has formally responded to the NZ Law Commission's Review of the Privacy Act 1993 report.

The Review of the 1993 Act involved four stages, each with discrete publications -

Stage 1: ... a high-level analysis (completed in 2008 with publication of a study paper) to assess privacy values, changes in technology, international trends, and their implications for NZ law. 

Stage 2: ... a consideration of the law relating to Public Registers and whether it requires systematic alteration as a result of privacy considerations and emerging technology. The Commission recommended a review of all public registers against a template set out in its 2008 report, with the resulting legislative changes to be introduced by way of a single omnibus Bill. 

Stage 3: ... a consideration of the adequacy of New Zealand's civil and criminal law to deal with invasions of privacy. The Commission's final report recommended a new Surveillance Devices Act to fill gaps in "the regulation of the most objectionable forms of surveillance". In contrast to reports by three Australian law reform commissions the report recommended that "development of the common law privacy tort (publication of private facts)" be left to the courts to develop over time, ie NZ should not establish a statutory cause of action. 

Stage 4:  ... a general review of the Privacy Act 1993.

The response concurs with the Law Commission's assessment that the Privacy Act needs to be replaced with a new statute that addresses community expectations about the protection of personal information, new technology and new business practices.

The response is in the traditional format, with the Government noting progress, accepting particular recommendations and quibbling or rejecting others. The response notes that the Government

• has already made progress on 33 recommendations (including the introduction of the Privacy (Information Sharing) Bill
• agrees to do further work on 39 recommendations
• needs to do further work on 55 recommendations before coming to a view
• will consider 17 recommendations later as part of other work
• will not consider doing further work on two recommendations.

The Law Commission made ten recommendations about the NZ information matching framework, with the Government responding that seven are best considered after the Privacy (Information Sharing) Bill has been passed and has had time to ‘bed in' -

• removing the requirement to seek authorisation for online transfers
• removing the blanket exemption for Inland Revenue to information destruction rules
• increasing the notice of adverse action period to 10 days, but allowing the Privacy Commissioner to reduce the period in appropriate cases. Two of the 10 recommendations were considered sensible but needed further analysis. They are:
• making the requirement for the Commissioner to perform a five yearly review of operating programmes a discretionary decision
• allowing the Commissioner to report separately on information matching activity rather than in the Commissioner's annual report.

The Government noted that the final recommendation (ie all information matching should operate under the information matching framework) is no longer relevant as the Government responded positively to an alternative recommendation with the introduction of the Privacy (Information Sharing) Bill. Pending introduction of that law the information matching framework will remain in effect.

The report suggests that "a high degree of uptake on information sharing agreements may make the information matching provisions redundant", requiring consideration of work to amend or repeal the information matching provisions.

The report proposed introduction of mandatory data breach notification. It cautioned against an absolute breach notification requirement (ie irrespective of the severity of the breach), instead recommending that notification be required only in certain circumstances. It suggested two criteria -

• where the breach is serious, with seriousness assessed in relation to matters such as the scale of the breach, the information's importance or sensitivity,  or the reasonable foreseeability that significant harm might result
• where notification may allow the individual to mitigate a significant risk of real harm to the individual.

The report called for 'Better protection against offensive online publication', commenting that

The internet has been enormously empowering, but its power can also be abused through the offensive or harmful publication online of private information about other people. The Privacy Act covers online information, but there are currently some broad exceptions in the Act that the Law Commission thinks should not apply when the publication is particularly offensive. The report’s recommendations to narrow the scope of these exceptions will not apply only to the internet, but they are particularly relevant to online information because it can be viewed and copied so widely. 

For example, there have been cases of people posting naked photographs of their ex-partners online without consent. At the moment, the person posting such photographs can claim the protection of a section of the Privacy Act that exempts information collected or held in connection with a person’s personal or domestic affairs. The report recommends that this exemption should not apply if the collection, use or disclosure of information would be “highly offensive”. The report also recommends an amendment that would prevent others from further using or disclosing such information, even though it is accessible from a “publicly available publication”.

 In an indication that NZ is belatedly catching up with the Australian Do Not Call (DNC) regime the report also commented that

 The Law Commission considered whether a Do Not Call register should be set up by law in New Zealand, as has happened in other countries. A Do Not Call register would allow New Zealanders to register their wish not to receive telephone marketing calls, and to have that wish respected by marketing companies. At present, the Marketing Association operates a Do Not Call register, but participation in the scheme by marketing companies is voluntary. The report recommends that the Marketing Association’s existing register should be put on a statutory footing, making it mandatory for marketers to respect people’s stated preferences. The Law Commission thinks that this change should be implemented through consumer legislation rather than the Privacy Act, however. 

The report does not recommend any changes to the Privacy Act to deal with direct marketing generally, but the Law Commission thinks that it may be necessary in future to consider whether the Do Not Call register should be supplemented by a right in the Privacy Act to opt out of direct marketing. The Commission thinks that privacy issues in relation to online marketing (including tracking of people’s online activity for marketing purposes), and responses to these issues overseas, should be monitored to see if further action is needed in this area in future. The report also recommends that industry bodies should review the adequacy of privacy protection in existing codes for marketing to children.

Robocalls

The US Federal Communications Commission, counterpart of ACMA, has promulgated new rules under the national Telephone Consumer Protection Act of 1991 to substantially restrict robocalling, ie automated telephone calls with pre-recorded messages ... used by commercial marketers, politicians, advocacy groups and charities. Robocalling has been a feature of debate about strengthening of Australia's Do Not Call (DNC) regime

The FCC's 48 page Report and Order [PDF] requires that prior to initiating a 'robo call' the telemarketer must obtain the consumer's express written consent. That requirement supersedes previous federal robocall regulation, where an "existing business relationship" (equivalent to the very broad prior relationship identified in the Australian regime) with the consumer was sufficient to create an exemption from the national restriction on robocalling.

The calls must offer the consumer an 'opt-out' mechanism that both enables the consumer to quickly end the call (ie not have to wait till the end of the spiel) and facilitates entry on the telemarketer's 'do not call' database.

As with Australia, the rules feature substantial exceptions. Political groups, emergency service bodies, charities, educational entities and other groups initiating "informational calls" (eg notification of an emergency) are still able to legally initiate robocalls to a consumer's landline without express permission. The shift from a landline to mobile phones is reflected in restriction on robocalling to mobiles.

The new US regime is being phased in over the coming year.

Messaging

The Australian Communications & Media Authority (ACMA) has announced acceptance of an enforceable undertaking [PDF] from Vodafone Hutchison Australia (VHA) to "rein in wayward dealers telemarketing the products of Vodafone and 3 Mobile after receiving complaints about unsolicited calls from consumers on the Do Not Call Register". Those calls were in contravention of the Do Not Call Register Act 2006 (Cth).

The undertaking is a reminder that Vodafone, along with its peers, is still having trouble with the behaviour of its dealer network - evident in the data breach highlighted in past posts on this blog. ACMA Chair Chris Chapman stated that -

The cornerstone of the undertaking is that VHA will be auditing and reporting back to the ACMA on all its dealers’ telemarketing activities. If it finds any of its dealers potentially breaching the Do Not Call Register Act, it must report the dealer to the ACMA immediately

Given ACMA's past permissiveness Vodafone is presumably quivering in its Doc Martens.

Under the enforceable undertaking Vodafone has also committed to -

- require all its subsidiaries and dealers to keep comprehensive records of the telemarketing calls made
- implement robust procedures around recording VHA’s customers’ consent to be called by, or requests to opt out of receiving, telemarketing calls from VHA, its subsidiaries or any dealer.

ACMA has meanwhile announced acceptance of an enforceable undertaking, including correctional measures, from Nokia.

ACMA commenced an investigation into the Finnish company’s SMS marketing activity after complaints that customers could not work out how to unsubscribe from ‘tips’ sent by Nokia. In particular, the messages did not include details of how Nokia could be contacted, as required by the Spam Act 2003.

The investigation found that while a number of the ‘tips’ provided customers with factual information about their mobile phone handsets, some of them amounted to promotion of Nokia’s products and services, including mobile phone accessories, and that the messages therefore needed to include an unsubscribe facility.

‘SMS allows businesses to reach their customers no matter where they are or what they are doing,’ said ACMA Acting Chairman, Richard Bean. ‘But with that opportunity come responsibilities under the Spam Act, including the obligation to include an unsubscribe facility in marketing messages.’

Nokia has undertaken to -

- appoint an independent consultant to audit its systems and processes
- develop a plan to carry out the independent consultant’s recommendations
- train its employees engaged in SMS marketing about complying with the requirements of the Spam Act
- make a payment of $55,000.

Bad Calls

The Australian Communications & Media Authority (ACMA) has publicised a decision under the Do Not Call Register Act 2006 (Cth), with Queensland-based telemarketer FHT Travel being fined $120,000 for making 12,507 calls to numbers on the Do Not Call Register.

That is the first court-imposed penalty under the national DNC statute. In January ACMA gained an enforceable undertaking (including payment of $110,000) over misbehaviour by Virgin Blue, with the airline committing to "a thorough overhaul and independent assessment of its email marketing practices".

The Federal Court in Queensland has also issued an injunction preventing Yvonne Earnshaw, FHT's owner, from making unsolicited phone calls related to travel or hospitality without first notifying ACMA.

Ms Earnshaw faces payment of ACMA's costs. All in all it's bad news for a business with what appears to have a bad profile, indicated in adverse comments by the ACCC and the Qld Office of Fair Trading over several years and penalties after prosecutions under the Travel Agents Act 1988 (Qld) and Fair Trading Act 1989 (Qld).

FHT Travel is reportedly being struck off the Register of Companies by the Australian Securities &Investments Commission

Spam and Fax DNC

The Australian Communications and Media Authority (ACMA) has accepted an 11 page enforceable undertaking [PDF] from Virgin Blue Airlines under the Spam Act 2003 (Cth).

The undertaking follows an ACMA investigation into complaints alleging that the airline continued to send commercial email despite multiple attempts by recipients to unsubscribe from its mailing list. The Act, as noted in past posts on this blogs, requires commercial email to include a functional unsubscribe facility. Undertakings have been received in the past by enterprises such as Virgin Mobile (Australia) Pty Ltd, Commonwealth Securities Ltd and Vodafone Hutchison Australia Pty Ltd. They are a gentler regulatory mechanism than the penalties imposed by the Federal Court under the Spam Act, eg the $22 million penalties noted in December and August last year over egregious misbehaviour.

The enforceable undertaking - which includes payment of $110,000 - commits Virgin Blue to "a thorough overhaul and independent assessment of its email marketing practices". Virgin Blue acknowledged that it had "experienced problems" with its email marketing systems, leading to receipt by some previously unsubscribed consumers of new (and undesired) email.

ACMA Chair Chris Chapman commented that -

Businesses which market by email need to regularly test that the unsubscribe function in their messages is working properly. The Spam Act requires that a request from a consumer to be unsubscribed from commercial emails must be addressed. No further commercial electronic messages are allowed to be sent to the consumer five working days after an unsubscribe request is made.

Announcement - sound the trumpets, beat the drums - aside, the undertaking does not provide much to write home about (ACMA's guide to undertakings is online [PDF]). It was more than a year in the making. It features standard wording in 'sorry but no admission' mode and promises to try harder in future. Virgin Blue will engage an independent third party to "thoroughly assess its email marketing processes" and to implement any recommended changes. It will also provide training to relevant employees, establish a complaints handling policy, and audit 10 per cent of its email marketing campaigns monthly for a year.

Readers are reminded that closing date for submissions in response to ACMA's call for comment on the draft national standard for the fax marketing industry is 4 February 2011.

ACMA is seeking views on the proposal to require a destination sending number (a 'header line') on all marketing faxes as part of the fax marketing industry standard. Submissions in previous consultations proposed inclusion of the additional information to assist in reducing the number of complaints arising from faxes that were originally sent to numbers not on the Do Not Call Register being redirected automatically to numbers that are on the register.

Responses to DNC and Speam

Direct marketing industry advocates and some pessimists argued several years ago that establishment of an Australian Do Not Call (DNC) regime was unviable because there would be no community support ... variously because consumers wouldn't bother to list their numbers on the national DNC register or that most people welcomed unsolicited contact from telemarketers.

That claim was belied by the growth of the register (over one million people signed up within a short time) and community endorsement of DNC litigation. It is also belied by comments in a 77 page report commissioned by ACMA, the national telecommunications regulator.

Community attitudes to unsolicited communications [PDF] "explores community attitudes to unsolicited telemarketing calls and electronic communications, and the awareness and effectiveness of the regimes that regulate these communications".

The report notes that around one in three Australian adults (32%) have registered a number on the DNC Register. Although all of those people have their home number on the Register, only six per cent of all adults have registered their mobile phone numbers. Arguably that is because most people are not yet aware that mobile numbers can be listed and have not become sensitised to inappropriate telemarketing (including speam) involving mobile numbers. "Awareness and knowledge of aspects of the Do Not Call Register Act and the registration process itself are generally low."

The report comments that the Register "appears to have been very effective, particularly for those who have their home phone number registered".

It also suggests that awareness and understanding of spam is "generally high, as is use of spam filters", although email users are typically receiving 23 spam emails per week despite such filtering. SMS or MMS spam is less prevalent, with personal mobile phone users receiving an average of two spam messages per month. Awareness of Australia's anti-spam regime is low, according to ACMA.

The report indicates that

People are generally unsure who they would complain to about unsolicited telemarketing calls. Complaining about unsolicited spam messages, however, is a little clearer, with many opting to contact the telephone or internet service provider. Supporting this, nearly one in four have considered making a complaint, but have not gone through with it (mainly because they didn't know how to).

Justice Logan of the Federal Court this week imposed an aggregate $15.75 million in fines under the anti-spam regime on operators of the 'Mobilegate' speam scam noted here in August.

Mobilegate Ltd, Winning Bid Pty Ltd and three individuals were penalised for a scheme involving premium-priced SMS 'adult chat services' that leveraged numbers garnered through fake personal profiles on dating web sites. In August ACMA gained injunctions and declarations against the two companies and Simon Owen, Tarek Salcedo and Glenn Maughan for breaches of the Spam Act 2003 (Cth) and the Trade Practices Act 1974 (Cth).

Mobilegate and Winning Bid were fined $5m and $3.5m respectively, with fines of $3m imposed on Owen, $3m on Salcedo and $1.25m on Maughan. ACMA has announced that it will continue to pursue a further three respondents.

Federal Court speam decision and DNC

National telecommunications regulator the Australian Communications & Media Authority (ACMA) has obtained injunctions and declarations against several parties involved in its first SMS spam ('speam') case before the Federal Court. The matter relates to the sending of unsolicited commercial SMS messages, with the Court noting that the alleged conduct disclosed "sustained and systemic violation of statutory prohibitions rather than a mere isolated aberration".

The default judgment by Logan J on 14 August in Australian Communications and Media Authority v Mobilegate Ltd A Company Incorporated in Hong Kong (No 2) [2009] FCA 887 concerned breaches of the Spam Act 2003 (Cth) [here], the centrepiece of Australia's anti-spam regime. The Court ruled against Hong Kong-based Mobilegate Ltd, Winning Bid Pty Ltd, Simon Owen, Tarek Salcedo and Glenn Maughan in litigation launched by ACMA during December 2008 over alleged contravention of the Spam Act 2003 and the Trade Practices Act 1974 (Cth) in relation to premium SMS chat services..

ACMA chair Chris Chapman said that "This is the first SMS spam case that the ACMA has brought before the courts. The significant resources that the ACMA has put into this matter, again demonstrates our commitment to protecting Australians against illegal conduct."

ACMA had alleged that the five respondents were engaged in a scheme to obtain mobile phone numbers from members of dating websites, using fake member profiles, in order to send commercial SMS. Recipients of the messages were invited to chat via SMS using what were promoted as 'Maybemeet' or 'Safe Divert' services, with that chat involving Mobilegate and Winning Bid employees rather than by "genuine members of dating websites" and consumers being charged up to $5 per message.

ACMA has meanwhile announced that Telstra, the dominant Australian telco, has been fined $101,200 over breaches of the Do Not Call regime, centred on the Do Not Call Register Act 2006 (Cth) [here] and enshrining a register of 3.5 million phone numbers for people who have requested not to receive marketing calls.

People on that register continued to receive telemarketing calls from Telstra's agent despite Telstra being alerted that there was a problem and warned by ACMA. The regulator concluded that Telstra had inadequate compliance systems, procedures and supervision.

Readers might question whether public shaming is effective and question the deterent value of the penalty. Telstra has revenue of over $25.5 billion, EBITDA of $10.9 billion, profits of over $4 billion in the latest FY and probably spends more than the $101K fine in advertising each weekend. ACMA's Chris Chapman complained that Telstra had failed to show leadership - an underwhelming discovery given the corporation's bloodymindedness in recent years - and stated that ACMA "expects large businesses like Telstra to be leading the way and setting an example when it comes to compliance with the Do Not Call register - not falling behind".

A Telstra spokesperson said the company was sorry for the repeated breaches: "It shouldn't have happened, we're sorry it happened, and we have worked co-operatively with ACMA to put in place a range of measures to stop it happening again". Contrition, it seems is the new black.