The US’ Federal Trade Commission is putting pressure on both Congress and tech companies to take actions to protect user privacy and give them more information on how their personal data is collected and used.
In its final report, released 26 March, the FTC takes aim at vendors whose mobile devices, apps and services collect the personal information of users in the name of giving those users more of what they want. However, the federal agency said it shouldn’t come at a greater cost to those users.
“In today’s world of smartphones, smart grids, and smart cars, companies are collecting, storing, and sharing more information about consumers than ever before,” the FTC said in its report. “Although companies use this information to innovate and deliver better products and services to consumers, they should not do so at the expense of consumer privacy.”
The FTC’s report comes at a time of heightened debate around the issue of user privacy. Large Internet companies like Google and Facebook are coming under fire from users and legislators alike for the amount of personal data they collect, and which is then used to help advertisers more personalise the ads they send to users.
Apple and Google also have both been criticised for allowing iPhones and Android smartphones to share personal information – including photos and contacts – with mobile apps that are downloaded onto the devices.
Some in the US government already have been pushing for greater privacy rights for users. Senator Charles Schumer has been a vocal critic over the past few years, and earlier this month asked the FTC to look into the most recent issues surrounding Apple and Google and the data-stealing apps. “These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app’s functionality,” Schumer said in a letter to the FTC.
In late February, the Obama Administration released a proposed “bill of rights” designed to protect consumer privacy online, including enabling users to easily tell Internet companies with a single click whether they want their online activity tracked. It also called for limits on the amount of personal data online companies can collect and retain, and for consumers to be able to access and verify the data.
Erring on the side of caution
In its report, “Protecting Consumer Privacy in the Era of Rapid Change: A Proposed Framework for Businesses and Policymakers”, the FTC wants the industry to develop policies and practices that err on the side of caution when dealing with consumer privacy. However, the commissioners are not relying solely on the good intentions of vendors, calling on Congress to enact general privacy legislation as well as laws around data security and breach notification.
They also urged lawmakers to pass laws concerning data brokers, who buy and consolidate consumer information.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” FTC Chairman Jon Leibowitz said in a statement. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
The commissioners laid out several recommendations for companies to follow, including building consumer privacy into every step they take as they developing products and services. This “privacy by design” approach would include putting in “reasonable” security for consumer data, limiting the data that could be collected and retained and developing policies to ensure data accuracy.
They also want businesses to offer both consumer and businesses the ability to decide what personal information is shred and with whom. This would include a do-not-track mechanism, the FTC said. In addition, companies need to be clearer about how they collect and use consumer data, and enable users to access that data.
Regarding data brokers, the FTC is following through with a recommendation it made in December 2010 to give consumers access to the information that is being collected. The commission also wants data brokers to create a website where the data is centralised, and consumers could find out what options they have regarding controlling the use of that data.
Do Not Track
For the agency itself, the commissioners laid out several areas that they will focus on over the next year, including Do Not Track efforts. Companies already have made good efforts in this area, they said, as have such bodies as the Digital Advertising Alliance and the World Wide Web Consortium.
In the mobile space, the FTC wants any companies offering mobile services to improve privacy protections, including making privacy disclosures shorter and more effective for consumers who now have to deal with lengthy, small-type disclosures on their small screens.
The commissioners plan to push data brokers on the idea of the centralised website for personal information that’s been collected, and will work with large platform providers – such as Internet service providers, social media companies, operating system creators and browser developers – to develop policies around comprehensive tracking.
The FTC also will work with the Department of Commerce and players in the tech industry to develop industry-specific codes of conduct. As a sort of carrot-and-stick approach, the FTC suggested that a company’s adherence to the codes could help it if it gets in trouble with the FTC. Those companies that sign onto the codes but violate them could face FTC legal action.
The Consumer Watchdog consumer advocacy organisation applauded the FTC’s efforts behind Do Not Track, as well as the commission’s efforts to rein in data brokers.
“Data brokers buy, compile and sell a wealth of highly personal information about you, but there’s no way to find out what they have or if it’s correct,” John Simpson, director of Consumer Watchdog’s Privacy Project, said in a statement. “That’s why the FTC’s call for legislation in this area is so important.”