The FederalTrade Commission released a final privacy report on Monday, outlining a framework for companies that collect online and offline consumer data.
As The Washington Post reported, the document supports a “Do Not Track” mechanism that would attempt to give users more control over their own data. Here are some highlights from the report.
On do not track: The FTC has said that it will work with industry groups that have already implemented their own do-not track programs.
The report says: “Industry has made significant progress in implementing Do Not Track. The browser vendors have developed tools that consumers can use to signal that they do not want to be tracked; the DAA has developed its own icon-based tool and has committed to honor the browser tools; and the W3C has made substantial progress in creating an international standard for Do Not Track. However, the work is not done. The Commission will work with these groups to complete implementation of an easy-to use, persistent, and effective Do Not Track system.”
Privacy advocate Jeff Chester, the executive director of the Center for Digital Democracy, applauded the FTC’s call for greater consumer control over data and clarification over what is considered personally identifiable information, but said the agency needed to have a stronger voice on tracking.
“The commission’s overall support for industry self-regulation (such as the largely invisible “icon” placed on ads) is disappointing, and reveals a FTC still too often constrained from effectively protecting the public,” Chester said in a written statement.
On privacy legislation: The report encourages Congress to consider privacy legislation.
According to the report, “[The] Commission recommends that Congress consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers. The proposed framework recommended that companies provide consumers with reasonable access to the data the companies maintain about them, proportionate to the sensitivity of the data and the nature of its use.
Privacy advocates supported the call for legislation. Industry groups such as the Software & Information Industry Association, which has opposed privacy legislation in the past, released a statement Monday saying that while they appreciate the FTC’s input, they could not support its call for legislation.
“SIIA has long supported a collaborative, public-private approach as the best way to ensure consumer privacy, and we cannot endorse the report’s call for new legislation,” SIIA president Ken Wasch said. “In light of the FTC’s substantial authority in this area, we do not believe there is a need for new privacy legislation.”
On the White House “privacy bill of rights”: The FTC said that it will work with the Commerce Department on the “privacy bill of rights” released a little over a month ago. Both seem to support the idea of “co-regulation” between businesses and government.
“Staff from the FTC and Commerce worked closely to ensure that the agencies’ privacy initiatives are complementary. Personnel from each agency actively participated in both the DOC and FTC initiatives, and have also communicated regularly on how best to develop a meaningful, effective, and consistent approach to privacy protection. Going forward, the agencies will continue to work collaboratively to guide implementation of these complementary privacy initiatives.”
Both reports prize consumer control over data,
On mobile: The agency also specifically mentioned mobile as a key area for future conversations about privacy, again putting the onus on industry groups to regulate themselves.
In the report, the commission “calls on companies providing mobile services to work toward improved privacy protections, including the development of short, meaningful disclosures. To this end, FTC staff has initiated a project to update its business guidance about online advertising disclosures. . . and will address, among other issues, mobile privacy disclosures and how these disclosures can be short, effective, and accessible to consumers on small screens. The Commission hopes that the workshop will spur further industry self-regulation in this area.”
Dissent: The report was not passed unanimously, with commissioner Thomas Rosch saying that he believes the report takes the wrong approach to privacy and is too broad.
He said he believes the commission should focus on deceptive companies rather than those whose practices are “unfair” to consumers. He he also said that the commission is not specific enough in its recommendations.
“There does not appear to be any such limiting principle applicable to many of the recommendations of the Report,” Rosch wrote. “If implemented as written, many of the Report’s recommendations would instead apply to almost all firms and to most information collection practices.”