Friday, July 08, 2011

Confidence in Internet Depends on Privacy Protections: FTC

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Consumers must be confident that their privacy will be protected if they are to take advantage of all the benefits offered by the Internet marketplace, the FTC told the Senate Committee on Commerce, Science and Transportation on June 29.

Commissioner Julie Brill delivered testimony on behalf of the FTC at a hearing examining how entities collect, maintain, secure, and use personal information in today’s economy and whether consumers are adequately protected under current law.

“Privacy has been an important component of the Commission’s consumer protection mission for 40 years,” Brill said. “During this time, the Commission’s goal in the privacy arena has remained constant: to protect consumers’ personal information and ensure that they have the confidence to take advantage of the many benefits offered by the dynamic and ever-changing marketplace.”

FTC Approach

According to the testimony, the FTC has taken a three-pronged approach to preserving consumers’ privacy: law enforcement actions, consumer and business education efforts, and policy initiatives.

In the last 15 years, the FTC has brought more than 300 privacy-related actions, including 34 data security cases; 84 Fair Credit Reporting Act cases; 97 spam cases; 15 spyware cases; and 16 cases enforcing the Children’s Online Privacy Protection Act.

The FTC noted that, while the Commission has not taken positions advocating any particular legislative proposals, it favors data security legislation “that would (1) impose data security standards on companies, and (2) require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach.”

Based on roundtable discussions that involved privacy experts, business representatives, and academics, the FTC staff issued a preliminary report on December 1, 2010, proposing a privacy framework with three main concepts, the testimony stated. First, companies should adopt a “privacy by design” approach by building privacy protections into their everyday business practices, FTC staff recommended.

Second, companies should provide an easy way for consumers to control the collection and use of their personal information—for example, by offering a mechanism to opt out of online behavioral tracking, often referred to as “Do Not Track.” A Do Not Track system should have five key attributes, the FTC said:

(1) It should be universal;

(2) It should be easy to find, understand, and use;

(3) Choices offered should be persistent;

(4) It should be comprehensive, effective, and enforceable; and

(5) It would not only opt consumers out of receiving targeted ads, but it also would opt them out of collection of behavioral data for all purposes other than certain commonly accepted practices.
Third, the staff report called on companies to improve their privacy notices so that consumers, advocacy groups, regulators, and others can compare data practices and choices across companies, thus promoting competition.

The Commission vote to issue the testimony was 5-0, with Commissioner J. Thomas Rosch dissenting in part and issuing a separate statement recommending that the Commission and Congress learn more about Do Not Track before proceeding.

Commissioner Rosch’s Statement

“The root problem with the concept of ‘Do Not Track’ is that we, and with respect, the Congress, do not know enough about most tracking to determine how to achieve the five attributes identified in today’s Commission testimony, or even whether those attributes can be achieved,” Rosch said.

“This is not to say that a Do Not Track mechanism is not feasible. It is to say that we must gather competent and reliable evidence about what kind of tracking is occurring before we embrace any particular mechanism. We must also gather reliable evidence about the practices most consumers are concerned about.”

No comments: