Sensible Regulations Versus No Regulations

I remember back in the early 2000s, the direct marketing industry and the tech sector worked with Congress to craft sensible regulations for email marketing. The result was called CAN-SPAM and it was passed into law in 2003. The law has been modified to clarify certain terms and rules. While it certainly was not perfect (what is perfect?), it paved the way for a lot of progress in making email a workable medium for consumers and businesses.

There are no such rules in the location data business. Any mobile app can collect data on where you are and do what they want with it. That is not good for anyone, including the companies who are collecting that data.

Today, the CEO of our portfolio company Foursquare, which is in the location data business, wrote an op-ed asking Congress to regulate the location data industry.

In the op-ed, Jeff (Foursquare’s CEO) outlines what he thinks would be reasonable regulation. Here are the highlights:

  • apps should not collect location data unless they are using it to provide value to the user
  • there should be transparency to the user around what they are signing up for and how the data will be used
  • there should be a “do no harm” requirement
  • location data should be protected with the appropriate security

The entire op-ed is a good read and Jeff goes into a lot more detail than I did on each of these points.

I hope this leads to action in Congress and we get the right legislation as a result.


Comments (Archived):

  1. kenberger

    This is indeed well-written and sensible from Jeff.The issue I immediately see is that sometimes you can’t really know how uses will unfold in the future– certainly the case in the example of foursquare where their success morphed over time. Point for point examples for the first three listed:1. You might not know how particular data will add particular value now, but have a well-meaning hunch about it in the future. Maybe even for a flashlight app.2. Sure, companies can do better, but again there could be needs and use cases that come up in future that wouldn’t have occurred to anyone at early user signup time.3. “do no harm”– partly subjective. People vary re definition of “harm”, apart from obvious definitions, especially amongst a global audience (eg: ask most Brazilians what bugs them with an app and they’ll shrug).(Disclaimer: I’ve been involved at least informally with foursquare since early times, and one of its first few users)

    1. scottythebody

      Do no harm is so much BS indeed. But I like the spirit

  2. Alex Dunsdon

    Interesting. You know the founder. Does it come from a genuine ‘good for the world’ place or a ‘it benefits me commercially place’?

    1. kenberger

      dens (my nyc neighbor) is def a “good for the world” dude 🙂

  3. jason wright

    The user should own the data. It’s their data. Entrepreneurs should work out their model around that new reality.Defining an agreed meaning for ‘sensible’ in this context is more than difficult.

    1. Matt A. Myers

      This is POTUS candidate Andrew Yang’s position – and framing it as “where’s our data check?” to highlight the value that data has.

  4. awaldstein

    well articulated.makes me think of the grand ideas coming from andrew yang.rather than deal with breaking up the big nets, simply make data each persons irrevocable own currency and that will change the landscape by itself.i like the way he thinks. impractical or not, he is changing the conversation.

    1. sigmaalgebra

      Of course just now Ann Coulter is calling for lots more Democrat debates!!!! She may also want to hear a lot more from Yang!!!!

  5. jason wright

    “Opinion I THE PRIVACY PROJECT”It’s behind a paywall. So funny. I’m getting dumber by the day.

  6. William Mougayar

    This is a good initiative, but I wonder if it’s being followed on the ground with lobbying, face to face educational sessions, etc..And is there a lead Congress Rep(s) that is going to take this fight forward?Interesting that in the cryptocurrency industry, there has been no shortage of Congressional calls for more sensible regulation, and it has been moving at a snail’s pace.It is surprising how Tech-illiterate most US Congress reps appear to be.

    1. kenberger

      Great point re crypto comparison.

    2. JLM

      .Congressional literacy can be detected by looking at the donor list of Congress persons. Our elected reps know what they need to know to fatten up that list.JLMwww.themusingsofthebigredca…

  7. vaughn tan

    the ethics surrounding data collected opportunistically and retrospectively from users are murky—location data being only one of these types of data. before writing regulation, it would be very sensible (i’d say essential) to have some discussion about the values and assumptions that will be implicitly baked into the regulation.i have more thoughts that are somewhat related here:

  8. DJL

    Theoretically this should already be covered under existing privacy laws. GEO location data and your phone number together are clearly “Personal Information.” However, the mobile industry has been largely ignored by regulators and breach lawyers. What is even worse is that most mobile apps will not even FUNCTION unless you agree to all of their vague privacy policies. Laws like GLBA (financial services) have a requirement that privacy choices need to be “clearly understood” – but we all know this never happens. And as far as I am aware not a single bank or financial org has ever been dinged for this.There is clearly work to be done. However, I would propose that the most effective route would be to push existing laws to specifically include this data. CCPA and GDPR are already incredibly onerous privacy laws. Now is the time to attach mobile to them rather than starting from scratch.

  9. scottythebody

    Users should have the right to remove their data at any point and set retention rules around their own data

      1. Michael Elling

        But how much of the value (property) that an individual creates is a function of the individual them-self vs the underlying network supporting/creating the value.Figuring out how to rebalance network effects is critical for the future of humanity. It’s not just about wealth redistribution, it’s about lowering systemic risk through properly functioning networked ecosystems.

  10. pointsnfigures

    When industries self regulate it is generally better for everyone than if Congress passes it off to an agency to regulate. In the futures industry, there was always big problems with fraud until my friend Leo Melamed created the FIA and other industry oversight. They all helped to create the CFTC which gave the Senate/House Agricultural Committees oversight over the regulator. The resulting effect is the CFTC works very closely with industry and has a collegial relationship where the SEC is more dictatorial.

  11. JLM

    .Invoking the government to regulate anything is suspect in so many ways.The answer could be to create an industry group to codify best practices and to self-regulate.Inviting the government to pass a law sends a shiver up my spine — on a pragmatic basis, I have never known them to get anything right.It is also the tactic of an industry leader to put a regulatory moat around their business which serves to destroy industry cooperation, stifle competition, and kill small companies.Don’t worry about the US Congress doing anything any time soon, they’re up to their eyeballs in the Mueller Report and impeachment.We do not have a functioning House of Representatives. Luckily, we have an election coming up. Maybe the Dems will embrace the outcome of the 2016 election in 2020 when “you know who” is re-elected.JLMwww.themusingsofthebigredca…

    1. Tom Labus

      I don’t think you can run for office from the slammer.

      1. JLM

        .Pretty sure you can. Some Dem in S Texas got re-elected from jail.I think the biggest downside would be the rallies. You can’t get much of a rally going in a jail cell.Speaking of rallies — can you believe those rallies? 20,000 people inside plus 25,000 outside.The Dems better hold that vote, issue their articles of impeachment before the Inspector General Report and the Durham Report see the light of day. It may already be too late.The Dems will want to get back to fundraising and getting re-elected soon.If I had to bet I think the Dems could probably pinch out an article of impeachment, but the Senate will drop kick it in a couple of weeks.If you poke the bear, bear is going to be very pissed off. If you come to kill the king, make damn sure you kill the king.A vindicated, victimized Donald J Trump would be a Force of Nature the like of which we have never seen in American politics.Be well, amigo.JLMwww.themusingsofthebigredca…

        1. Tom Labus

          Eugene Debs got a million votes for president while in the slammer, 1920? You’re right on that one but wishing thinking on the rest,

          1. JLM

            .Much of history starts as wishful thinking. It got us to the moon. Wishful thinking gets a bum rap.Strangely, I give not a whit what happens as it relates to impeachment. Nothing discussed even remotely rises to the level of High Crimes or [High] Misdemeanors.If the Dems over play their hand — impossible not to with such idiots as Schiff, Nadler, Pelosi running the show — then there will be an enormous day of reckoning.They have about 30 days to figure it out and then the the radioactive half life of impeachment begins to diminish.Right now, it is pretty hard to see how Trump doesn’t get re-elected. It is willful blindness to suggest otherwise.JLMwww.themusingsofthebigredca…

        2. sigmaalgebra

          But, but, but, Trump is SO impeachable: Let me count just some of the very most important of the thousands of ways, most serious first:(1) Nancy looked into his eyes and saw that he is thinking unconstitutional thoughts. Definitely impeachable.(2) Many, many people going back decades who knew Trump then also saw the same thing in his eyes — more of the same.(3) Russia, Russia, Russia: In addition to the collusion, conspiracy, obstruction all over the Mueller report, too many to reference, there was the condoning!!!! Hundreds of impeachable offenses!!!!!!!(4) Ukraine, Ukraine, Ukraine!!!! For the transcript, all we have to do is just read easily and clearly what is right there between the lines. The intentions are crystal clear. Any blind man could explain the crimes to you. All very impeachable!!!!!

    2. William Mougayar

      “ The answer could be to create an industry group to codify best practices and to self-regulate.”Are there examples where this has worked before?I think the trick is that although the reputable companies could self-regulate, if it’s not law, it leaves a lot of room for the renegades to skirt around it without any repercussions, no?

      1. JLM

        .The two that jump to mind are NASD and FINRA.The National Association of Securities Dealers was created by the Maloney Act of 1938 that amended the Securities Exchange Act of 1934. It was tasked with overseing the NASDAQ market, of which it was a founder in 1971.NASD also oversaw licensing and discipline of securities professionals.NASD was in existence from 1939 until 2007 when it provided the seed corn for another example, FINRA.FINRA — Financial Industry Regulatory Authority — was formed by a combination of NASD and the NYSE’s regulatory, enforcement, and arbitration shops. They also took over all licensing as well as the oversight of brokers, branch offices, and individual securities licensed reps.As part of their licensing, they hold the only repository of licensed individuals and firms in the Central Registration Depository.In both of these examples, they were authorized by an act of Congress, but run by the industry.FINRA is also the place where all securities and licensing disputes are resolved subject to arbitration.The intellectual model for both of these organizations was derived from the voluntary and self-regulating formation of the exchanges themselves.Many professional industries have a similar structure — lawyers have state run licensing and their local state bar association for discipline.Another example is the NCAA which derives its power — too much in my view — from its member schools.JLMwww.themusingsofthebigredca…

      2. jason wright

        Where i am it’s euphemistically known as ‘light touch regulation’. The vested private interest writes it, their lobbyists sell it, gov publishes it, and the public swallow it.For example, UK rail network franchises. What a scam.

    3. Richard

      The 12 year incumbent screaming for regulation – not worse than Hollywood screaming for IP protection – but close. Fred does throw some softballs !

    4. Matt A. Myers

      Government regulation should only be as much as it needs to be, laws such as “murder is a crime and here’s the punishment.”When Yang’s elected!

    5. Michael Elling

      This is a great example of regulatory capture. Get a lead, then ask for “well-intended” protection for the good of everyone; and better for the leader.

  12. Mike

    Seems reasonable to protect the public interest while allowing the many benefits of location based services to continue. You really just want to dissuade the probably very small percentage of “bad actors”.

  13. Adam H

    Without correct data you can’t make asimple dession about busines

  14. gmalov

    Every phone, search engine and practically every app compiles user location data. I believe Apple has established a simple and effective approach, simply ask the user to opt-in/opt-out and whether they want the feature on all the time or only when using the app; to me it doesn’t get any simpler.However, the problem is not Apple (or those alike), it’s with everyone else who leverage on this data and run their platform free to users; they need location data for monetization. Tech continues to find ways to work around Apple’s parameters, and it’s simple to understand why, its business model survival for them.I don’t think the tech industry can solve this problem, too many divergent views on what they perceive is right (profitable) and what is in the best interest of users (privacy). When we discuss/debate this topic – I believe we should place more weight on what users want (their choice) and simply enforce their decision instead of relying on tech to self-govern and Congress to possibly overregulate.If User Opt-in/Out Decisions are universally accepted and enforced, I think that creates, at least initially, some good framework.

  15. JLM

    .The article you reference from Dec 2018 should send a shiver up the spine of every American. In a nutshell, if you own a phone and travel with it, some third party can locate you every second of the day. Period.And, there are a lot of companies already doing this and mixing it with other ID info to create actionable data.At first blush this doesn’t seem like much, perhaps? But they can find your home — it’s where every trip starts and ends — and using geosynchronous tech can ID your address and then who you are with very simple DB connections (such as property tax records).In less than a month, they can ID all of your physical friends and their friends.Much of this tech was highly classified and used by the CIA, NSA, DEA and other alphabet soup gov’t departments to track bad persons and to expose their network of connections.I promise you that the leakers in the WH, the DOJ, the CIA are all being tracked to and from meetings with the press. The problem is it probably isn’t legal.All of this data is preserved for years and can be used at some future date. Want to find out if CC and JLM are pals? Run a quick pass through the NSA’s 1MM SF of Cray computers in Utah and you will be able to come up with a time when their cell phones were 3′ apart at a Dunkin Donuts in Newark.Want to find out if Freddie was really in Auschwitz yesterday? Exactomento, run that data through the same NSA Crays and there he is. Who is he with? Ahhh, Gotham Gal.Check the speed of the movement and you can determine whether he was in a car, on a bike, walking. If he was in a car and passed though a certain intersection that has traffic cameras, you can ID the vehicle because you have the exact time.But, know that the people doing this are our friends, right?JLMwww.themusingsofthebigredca…

  16. sigmaalgebra

    One reason I don’t have a cell phone! And one reason I hold off on WiFi.NSA? Of course we all saw the movie The Big Short unless we were one of the characters in that movie! Well, for the NSA, there was…Notice the summary remark,You think they’re not using it?

  17. jason wright

    Got any actionable countermeasure suggestions? I’m being serious.

  18. Richard

    Paranoia will destroy ya – the kinks

  19. sigmaalgebra

    It’s not paranoia if they really are secretly in cahoots in dark basements 24 x 7 plotting, scheming, planning to do me in!!!!!

  20. Richard

    Who are these people “jerry seinfeld”

  21. sigmaalgebra

    I never paid any attention to Jerry Seinfeld. So, I never learned from him. Maybe he learned from me?

  22. JLM

    .Not really. The real problem is that phones are often signalling while you are not using them.JLMwww.themusingsofthebigredca…