Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules

Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.

Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.

The FTC announced in August that it wants to take action against commercial online surveillance, in which companies collect and analyze user data in an effort to monetize it.

Companies often track every aspect of a user’s online activities, including their browsing history, the purchases they make, their physical location, and their friend and family networks. This and other data is automatically analyzed and then sold to others to help them boost advertising and sales.

The FTC is concerned that the companies collecting this data are not protecting it properly against hackers. In addition, in some cases, the consumer may be forced to share data in order to use a service, or they might simply not be aware that the service they are using is collecting much more data than they are asking for when an account is created.

The agency is also concerned about the impact of surveillance-based services on children, as well as the potential to discriminate against certain categories of consumers.

As a result, the FTC has been exploring rules to crack down on this harmful surveillance and associated lax data security practices.

In response to the FTC’s advanced notice of proposed rulemaking, a bipartisan group of attorneys general representing 33 states urged the agency to “acknowledge the heightened sensitivity around consumers’ medical data, biometric data, and location data, along with the dangers that arise from data brokers and the surveillance of consumers.”

The AGs have also asked the FTC to mitigate concerns through data minimization, limiting the amount of data collected by firms to only what is required for a specific purpose.

Advertisement. Scroll to continue reading.

The letter sent to the FTC focuses on biometric, location and medical data, and highlights the “persistent dangers” associated with data brokers, which are often prepared to sell the information they have collected to nearly anyone.

“This scale of aggregation of anonymously gathered information can identify consumers and put consumers at risk of scams, unwanted and persistent advertising, identity theft and lack of consumer trust in the websites they visit,” the AGs warn.

The FTC has been urged to review and draw inspiration from the consumer privacy laws in states such as California, Connecticut, Colorado, Utah and Virginia.

“Limiting the collection and retention of data by businesses will improve consumer data security as businesses will have less data to protect and less data potentially available to bad actors,” the AGs said.

Related: Drizly Agrees to Tighten Data Security After Alleged Breach

Related: FTC Orders Chegg to Improve Security Following Multiple Data Breaches

Related: Australia Mulls Tougher Cybersecurity Laws After Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.