The Association of Magazine Media

FTC Releases Highly Anticipated Privacy Report

On December 1st, the Federal Trade Commission (FTC) issued its much anticipated privacy report, titled “Protecting Consumer Privacy in an Era of Rapid Change.”  The report, reflecting the Commission’s view that many companies, both online and offline, do not adequately address privacy issues, outlines a framework for how companies should protect privacy, including a suggestion for a “do-not-track” approach to behavioral advertising.  Following a request from a large group of industry associations, including MPA, for an extension of the comment period, comments are now due on February 14th.  The FTC hopes to produce a final report later this year.

Though not a new player in the privacy arena, the FTC has been more active recently.  Over the last several years, the Commission has hosted numerous workshops and forums on privacy, with a particular focus on behavioral advertising.  In late 2007, the Commission released a set of draft self-regulatory guidelines for behavioral advertising, with a subsequent final report issued in 2009.  

The FTC says its proposed framework builds and improves upon the “notice and choice” and “harm-based” models the FTC has used in the past.  The report does not provide much in the way of specific proposals or standards for enforcement, but outlines the elements that comprise the new “framework”, including:

Privacy by Design: Scaled to each company’s business operations and data practices, FTC wants companies to promote privacy and security throughout their organization, at every stage of the development of products and services.  Specifically,
(1)    Providing reasonable security for consumer data;
(2)    Colleting only the data needed for a specific business purpose;
(3)    Retaining such data only as long as necessary to fulfill that purpose;
(4)    Safely disposing of data when no longer needed; and
(5)    Implementing reasonable procedures to promote data accuracy.

Simplified Choice: Rather than a “one size fits all” approach to providing choice, the Commission advances a bifurcated model.  If data is collected for “commonly accepted practices”, such as product fulfillment, first party marketing, or other internal operations, choice is not necessary.  However, for data practices that are not “commonly accepted,” consumers should be offered clear and conspicuous choice at the time the consumer is making a decision about providing data, and in an appropriate context.    For example, if a brick and mortar retailer plans on providing a consumers purchase information to a third party (not a “commonly accepted practice”), the FTC says that choice should be offered at the point of sale (i.e. the cashier asking the customer whether he or she would like to receive marketing offers from other companies).  The same would hold true for online data collection.  

Greater Transparency: FTC wants privacy policies, which it believes have become long and complicated, improved so that consumers can compare data practices and choices across companies.  The FTC would also like companies to provide consumers reasonable access to the data retained about them, particularly for companies that do not interact with consumers directly, (i.e. data brokers.) A final suggestion is for all stakeholders to work on educating consumers about privacy.

The FTC choice discussion was specific in one area, addressing a “Do Not Track” approach for behavioral advertising.  In the FTC’s view, industry efforts at improving consumer control over behavioral advertising have fallen short, with no effective industry wide system, and consumers unaware of existing options such as browser tools.  The FTC supports a “more uniform and comprehensive consumer choice mechanism” accomplished either by legislation or robust, enforceable self-regulation.  In the FTC’s view, the most practical method of providing uniform choice would involve placing a setting similar to a persistent cookie on a consumer’s browser.  Anticipating criticism, the FTC acknowledges that any mechanism should not undermine the benefits that behavioral advertising has to offer, such as funding online content and providing personalized advertising that many consumers value.  Notably, in accompanying questions, the FTC asks how a “Do Not Track” system would affect online publishers and advertisers.   

Shortly after the release of the FTC report, the Commerce, Trade, and Consumer Protection Subcommittee of the House Energy and Commerce Committee held a hearing, the last under Democratic control, on the feasibility of the FTC’s Do Not Track proposal.  Notable at the hearing were clear divisions between Democrats and Republicans and industry and privacy advocates about the appropriateness and feasibility of a Do Not Track system.  Despite these divisions, privacy is an issue of interest on both sides of the aisle and in both bodies of Congress (as well as many agencies).  Action is already occurring in the Senate, with Senator Kerry (D-MA) working on privacy legislation, and the Commerce Committee planning a hearing for mid February.  Likewise, in the House, Congressman Stearns (R-FL), who introduced legislation last year, could revise and reintroduce his bill, and Congresswoman Bono-Mack (R-CA) has said she is “deeply committed to the issue.”      

click me