The plaintiff brought a motion to compel in order to reveal the identity of an anonymous commenter, who was not a party to the litigation, for comments posted on a News-Leader article. First, the Plaintiff argued that the anonymous commenter’s speech was not given absolute protection. While the court agreed, it stated that political speech was given high level of protection especially in circumstances where the commenter was not a party to the litigation and dismissed the argument.
The District Court rejected this argument as well because “a contractual waiver of constitutional rights ‘must, at the very least, be clear.’” Therefore, the District Court declined to reveal the identity of the anonymous poster.
Leaving aside the free speech issues, the case also highlights some of the issues with the current state of privacy regulation on the web in the US. First, FTC’s aspirational Fair Information Practice Principles seek to stop such overreaching privacy policies. The Notice principle, which is “the most fundamental” of the principles, states that the entity collecting the data should “properly inform” consumers “of the uses to which the data will be put” and the “identification any potential recipients of the data.” Therefore, stating that the data transferred to any third party for any purpose does not properly inform a consumer. Nevertheless, this inconsistency does not create any liability because the FIPPs are only guidelines and they are not enforceable. FTC expects the industry participants to regulate themselves and only appears to bring enforcement actions against the most egregious of violators.
However, this difference in approaches to privacy regulation may be changing. Commentators and regulators in the EU and the US recognize the shortcomings of the Notice-Choice paradigm and are moving away from it. Recently, in the Madrid International Conference of Data Protection and Privacy Commissioners highlighted some of the issues with Notice-Choice and the need to move towards an Accountability standard. In fact, the regulators signed a document to that effect during the conference. Two weeks later, the Department of Commerce Conference on Cross Border Data Flows, Data Protection and Privacy reiterated the same message—primarily because the attendees were the same people. Finally, just last Monday, several attendees to the FTC Privacy Roundtable highlighted the issues with self-regulation in the US and the need to move to an Accountability standard. In fact, the FTC hinted at the need to refine the current Notice-Choice paradigm with the Sears enforcement action. Given the regulatory momentum, we will likely see the FTC providing more guidance for websites on privacy issues soon after the Privacy Roundtables, at the very least in the behavioral advertising realm.
The case is Sedersten v. Taylor, No. 09-3031-CV-S-GAF, 2009 U.S. Dist LEXIS 114525 (W.D. Mo. Dec. 9, 2009).
See also Venkat Balasubramani’s comments via Eric Goldman’s Blog.