The Federal Trade Commission issued their final report on how businesses can best protect the privacy of consumers as well as provide consumers greater control over the collection and use of personal data.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said Jon Leibowitz, Chairman of the FTC.
“We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
The “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers” report calls on companies handling consumer data to implement recommendations for protecting privacy, including:
Privacy by Design – companies should build in consumers’ privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
Simplified Choice for Businesses and Consumers – companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
Greater Transparency – companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
The Commission changed the guidance scope of the report. It originally stated that “the proposed framework apply to all commercial entities that collect or use consumer data that can be linked to a specific consumer, computer, or other device.” The revised report now states that companies “that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year” will be exempted.
Five focal points
The Commission aims to encourage businesses to protect consumer privacy by focusing on five key actions:
Do-Not-Track – The Commission commends the progress made in this area: browser vendors have developed tools to allow consumers to limit data collection about them, the Digital Advertising Alliance has developed its own icon-based system and also committed to honor the browser tools, and the World Wide Web Consortium standards-setting body is developing standards. “The Commission will work with these groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system,” the report says.
Mobile – The FTC urges companies offering mobile services to work toward improved privacy protections, including disclosures. To that end, it will host a workshop on May 30th to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.
Data Brokers – The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information.
Large Platform Providers – The report cited heightened privacy concerns about the extent to which platforms, such as Internet Service Providers, operating systems, browsers and social media companies, seek to comprehensively track consumers’ online activities. The FTC will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.
Promoting Enforceable Self-Regulatory Codes – The FTC will work with the Department of Commerce and stakeholders to develop industry-specific codes of conduct. To the extent that strong privacy codes are developed, when companies adhere to these codes, the FTC will take that into account in its law enforcement efforts. If companies do not honor the codes they sign up for, they could be subject to FTC enforcement actions.
All but one
The report was approved with a 3-1 vote, with Commissioner J. Thomas Rosch the only one dissenting the issuance of the Final Privacy Report. Though Rosch agrees that consumers should be given a broader range of choices and applauds the Report’s call for targeted legislation regarding data brokers and data security, he voiced out his concerns regarding the privacy framework because he believes:
1) in contravention of our promises to Congress, it is based on “unfairness” rather than deception; 2) the current state of “Do Not Track” still leaves unanswered many important questions; 3) “opt-in” will necessarily be selected as the de facto method of consumer choice for a wide swath of entities; and 4) although characterized as only “best practices,” the Report’s recommendations may be construed as federal requirements.
And so it begins
On Monday, aside from the FTC’s announcement of their final report, security software company AVG announced that they will be adding a “Do not track” feature to their application today, and they kept their word. AVG launched its active “Do Not Track” feature to the mainstream Internet security marketplace. The company’s decision to add the new feature is independent of the FTC’s announcement.
“This new feature is all about putting control of online privacy in the consumer’s hands. At AVG, we help provide Internet users with peace of mind — and today, making users aware of issues with online privacy is a logical extension of our community centric platform,” said JR Smith, CEO of AVG Technologies. We believe all Internet users are entitled to know how their online data is collected and used — and they should have possible solutions available. At AVG, we are proud to continue to work on innovative technologies focused at supporting Internet users to protect and stay in control of their own online privacy.