Wednesday, December 01, 2010

FTC Privacy Report Proposes “Do Not Track” Mechanism for Web Users

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

The Federal Trade Commission has proposed, as part of a framework to balance the privacy interests of consumers with innovation that relies on consumer information, the implementation of a “Do Not Track” mechanism for Internet users.

Described in a preliminary staff report, the mechanism would likely be a persistent setting on consumers’ web browsers, the FTC said, and would enable consumers to choose whether to allow the collection of data regarding their online searching and browsing activities.

“Technological and business ingenuity have spawned a whole new online culture and vocabulary—email, IMs, apps and blogs—that consumers have come to expect and enjoy,” said FTC Chairman Jon Leibowitz. “The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation, and consumer choice.”

Failure of Self Regulation

The report—titled “Protecting Consumer Privacy in an Era of Rapid Change”—states that industry efforts to address privacy through self-regulation “have been too slow, and up to now have failed to provide adequate and meaningful protection.” The framework outlined in the report is designed to reduce the burdens on consumers and businesses.

The proposed framework also is intended to inform policymakers, including Congress, as they develop solutions, policies, and potential laws governing privacy, and to guide and motivate industry as it develops more robust and effective best practices and self-regulatory guidelines.

Leibowitz added that the FTC, in addition to making policy recommendations, “will take action against companies that cross the line with consumer data and violate consumers’ privacy—especially when children and teens are involved.”

“Privacy by Design”

To reduce the burden on consumers and to ensure basic privacy protections, the report recommends that companies adopt a “privacy by design” approach by building privacy protections into their everyday business practices. Such protections would include security measures for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.

Companies also should implement and enforce procedurally sound privacy practices throughout their organizations, including assigning personnel to oversee privacy issues, training employees, and conducting privacy reviews for new products and services.

Consumer Choice

Consumers should have the opportunity to make choices about the collection and sharing of their data at the time and in the context in which they are making decisions—not after having to read long, complicated privacy policies that they often cannot find.

The report adds that, to simplify choice for both consumers and businesses, companies should not have to seek consent for certain commonly accepted practices, such as product fulfillment, fraud prevention, and legal compliance.

A “Do Not Track” mechanism would constitute a simplified means of consumer choice, the report said, allowing consumers to opt out of the collection of information about their Internet behavior for targeted ads.


The report also recommended other measures to improve the transparency of information practices, including consideration of standardized notices that allow the public to compare information practices of competing companies. Consumers should have “reasonable access” to the data that companies maintain about them, particularly for non-consumer facing entities such as data brokers. In addition, the report proposed that stakeholders undertake a broad effort to educate consumers about commercial data practices and the choices available to them.

Text of the report is available here on the FTC website.

“Safe Harbor” Proposed

In response to the report, Senator John Kerry (D-Mass.) stated, “The Federal Trade Commission’s report should be a wakeup call for every Internet user in this country. The report confirms that many companies—both online and offline—don’t do enough to protect consumer privacy.”

Kerry continued, “The report also makes clear that properly protected information and respect for consumer trust can be good for both business and consumers.”

The senator called for the creation of FTC-approved safe harbor programs through which organizations can establish procedures to ensure compliance with standards on data protection, disclosures on information collected and the uses of such information, and the right of consumers to opt out.

“Those actors participating in safe harbor programs would be subject to FTC oversight and penalties,” Kerry said, “but because of their voluntary participation and commitment to high standards, they would be free from a private right of action and the complaint and adjudication process.”

No comments: