FTC Calls for “Privacy by Design”
The U.S. Federal Trade Commission today released a set of recommendations for businesses and Congress about the collection and use of consumers’ personal data.
This framework (PDF) has been in the works for years, and in the meantime there has been considerable progress on many of its final recommendations, both proactively by businesses themselves and through privacy investigations and settlements the FTC had with companies like Google and Facebook.
The FTC calls for “privacy by design,” simplified choices and greater transparency.
The FTC passed the report 3-1, with Commissioner J. Thomas Rosch dissenting for a few reasons, one of which was concern that the FTC is effectively mandating that Internet services will become “opt in” by design, even when that’s impractical or unnecessary. Again, that’s an important one for Google, Facebook and other Internet companies that seek to evolve along with the personal data they collect.
There are five main action items in the framework:
- Do Not Track: This is probably the furthest along. Browser vendors are now offering do-not-track options for consumers to limit data collection, the Digital Advertising Alliance is committed to respecting them, and standards bodies are working to standardize.
- Mobile: The FTC wants to make mobile privacy protections “short, effective and accessible to consumers on small screens.”
- Data Brokers: This is a bigger one. The FTC wants a centralized Web site where data brokers identify themselves and disclose how they collect data. It also supports Congress’s efforts to give consumers access to data about them held by brokers.
- Comprehensive Tracking: The FTC is concerned about ISPs, operating systems, browsers and social networks comprehensively tracking users’ online activities, but it won’t address this until a public workshop in the second half of this year.
- Enforcing Self-Regulatory Codes: The FTC said it will help enforce industry-specific codes of conduct.