Privacy advocates are largely giving the thumbs up to a report from the Federal Trade Commission (FTC) calling for Congress to enact privacy, data security and breach notification laws.
The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” also lays out best practices for businesses for protecting the privacy of American consumers. Building upon a report from December 2010, the updated report calls on corporations to enact the following recommendations:
• Privacy by Design – build in privacy protections at every stage in developing their products, including providing security for consumer data and placing limits on the collection and retention of such data. In addition, provide reasonable procedures to ensure data accuracy.
• Simplified Choice for Businesses and Consumers – companies should offer consumers the option to decide what data is shared about them and with whom, including the use of a Do-Not-Track mechanism to provide a simple way for consumers to control the tracking of their online activities.
• Greater Transparency – companies should be open about the collection and use of consumers’ information, and provide consumers access to the data collected about them.
“In general, we’re pleased by the new privacy framework set forth by the Commission,” blogged Rainey Reitman, activism director at the Electronic Frontier Foundation (EFF). “We hope Congress, the Commerce Department, and industry figures will turn to it as they continue crafting policy around user data in coming years.”
In particular, Reitman expressed the EFF’s support on the FTC’s stance regarding a Do-Not-Track mechanism as well as the agency’s support of the HTTPS Everywhere Firefox Add-on and its articulation of the problems with data brokers.
“We think this is a strong first step, but the FTC could easily have urged data brokers to provide a single website through which users can opt-out of having their data listed by any online data brokers,” Reitman blogged. “Right now, not all data brokers provide users with a method to opt-out of having their data personally display personal data listed. A user who wants her information removed from these sites has little legal weight to force companies to respect her choice.”
The Center for Democracy & Technology (CDT) also largely praised the FTC report for providing a baseline for best practices for protecting consumer privacy.
“The FTC has delivered an important reminder that Do Not Track standards must address the collection of behavioral data as well as its use,” said CDT Director of Consumer Privacy Justin Brookman in a statement. “Moreover, the FTC rightfully refocuses attention on the heightened privacy concerns presented when ISPs, operating systems, and browsers have broad access to consumers’ online activities.”
Not all privacy advocates were pleased however. The Electronic Privacy Information Center (EPIC) contended that the FTC framework was not as extensive as the White House Consumer Privacy Bill of Rights and depends on industry self-regulation.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said FTC Chairman Jon Leibowitz, in a statement. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”
The full report from the FTC can be read here.