Privacy & Information Security Law Blog

On July 12, 2012, the National Telecommunications and Information Administration (“NTIA”) of the U.S. Department of Commerce initiated a multistakeholder process to develop guidance for transparency in the mobile environment. The NTIA has announced that they will schedule a second meeting in August, and encouraged small group discussions in the interim. This is not the first multistakeholder process to wrestle with transparency in the mobile environment, and those previous efforts – which date back almost a decade – may prove useful to such discussions.

The 25th International Conference of Data Protection and Privacy Commissioners held in 2003 in Sydney, Australia, adopted a resolution endorsing the concept of multilayered privacy notices. The idea was that of a very simple initial notice limited to six topics that would link to a more detailed legal notice. Former Australian Privacy Commissioner Malcolm Crompton, former UK Information Commissioner and Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) Richard Thomas and Centre President Marty Abrams formed a committee to put the resolution into effect. This led to a 2004 multistakeholder workshop in Berlin that adopted the “Berlin Memorandum,” which in turn led to a white paper by the Article 29 Working Party on multilayered notices.

The multistakeholder group continued to work on implementation of layered notices as technologies evolved and personal digital assistants (“PDAs”) became ubiquitous. Considering the Blackberry and similar devices, the group began to suggest that layered notices published on PDAs should have three layers. The initial layer would be limited to three lines (identity of the controller, contact information for the controller and purposes of processing) with hyperlinks to additional information.

The results of that work were released at a 2006 meeting of OECD Working Party on Information Security and Privacy. The report from that meeting included an addendum with the project’s paper “Ten steps to develop a multilayered privacy notice.”

Although the mobile environment has changed rapidly over the past six years, the core concept of three-layered notices with the initial layer not getting in the way of the mobile experience still makes sense and may provide some key guidance for the NTIA’s current multistakeholder process.