Posted: April 19, 2012
At the end of March 2012, the Federal Trade Commission issued a final report setting forth proposed “best practices” to protect consumer privacy and to give consumers more control over the collection and use of their personal data. The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” came one month after the White House unveiled its “Consumer Privacy Bill of Rights.” The FTC Report attempts to flesh out some of the seven broad “privacy principles” contained in the White House release, and further builds on a preliminary FTC staff report issued in 2010.
The “privacy principles” include: (1) individual control; (2) transparency; (3) respect for context; (4) security; (5) access and accuracy; (6) focused collection; and (7) accountability. The FTC Report notes that its staff will focus on five main action items in the coming year.
1. Do-Not-Track – Both the White House and the FTC support use of so-called “Do Not Track” technology. The FTC Report notes that since it first called on industry to create a mechanism to allow consumers to control the collection and use of their online browsing data in 2010, various industries have self-regulated and developed tools to allow consumers to control online tracking. But the FTC’s report expressly notes that, other than this Do Not Track self-regulation development, industries have not engaged in enough self-regulation regarding data privacy.
2. Mobile – The White House’s “Privacy Bill of Rights” does not address mobile services in depth, but the FTC Report urges companies to work toward self-regulation and improved privacy protections, including disclosures. The FTC will hold a workshop on May 30, 2012 on how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.
3. Data Brokers – Both the White House and the FTC addressed the regulation of data brokers in their respective reports. The White House calls for data brokers to make explicit, publicly available explanations of how they acquire, use, and disclose personal data. But the FTC takes it a step further, calling on data brokers to make a centralized website to identify themselves and disclose how they collect and use consumer data.
4. Large Platform Providers – The FTC cites certain heightened privacy concerns about platforms such as social media companies, Internet Service Providers, operating systems, and browsers and the increased tracking of consumers’ online activities. The FTC will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking. The FTC focuses on companies that target teens, noting that they should consider additional protections, including shorter retention periods for teens’ data and the creation of an “eraser button,” through which people could permanently delete content that they post online.
5. Promoting Enforceable Self-Regulatory Codes – An overarching theme of both the White House and FTC Reports is self-regulation and individual control. In its report, the FTC promises to work with the Department of Commerce and stakeholders to develop industry-specific codes of conduct. The FTC notes that if companies do not honor the codes they adopt, they could be subject to FTC enforcement actions under Section 5 of the FTC Act, which prohibits “unfair and deceptive” trade practices.
The collaboration and consistency between the White House and the FTC show that both are intent on aggressively promoting the voluntary adoption of the privacy principles by industry. But it is perhaps an acknowledgment of the political and legislative impeditments to full-scale adoption of the principles as part of a broad-based, government-enforced, U.S. privacy framework. Nonetheless, businesses should make themselves aware of the principles and action items set forth in the White House and the FTC Reports and remain watchful and active as the self-regulation debate moves forward.
For more information, please contact Puja Patel.