December 1, 2010
FTC Issues Report on Consumer Privacy
The FTC released its preliminary report on consumer privacy today. Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers identifies the need for businesses to collect information about their customers for marketing purposes in comparison to the corporate maintenance of personal electronic dossiers that spell out consumer habits, preferences, and interests. The statements and proposals contained in the report suggest the Commission would like to split the difference between data collectors and consumers.
As the report notes, self-regulation by the industry for data collection practises isn't actually protecting consumers much. The privacy notices and data collection practices offered by companies and web sites are often legalistic in wording and tend to be unread by most consumers. This is bad, one assumes. On the other hand, the value to consumers derived from data collection is real in the form of reduced or subsidized costs for products and services from the web. Data analysis can also spur innovation for newer products and services consumers will use. The assumption is that result is good.
What to do? The Commission would like to see simpler and clearer statements of data collection practices made to consumers. Consumers should be presented with clear choices about the amount of data a company collects and how it is used at points along the transaction. Transparency for privacy is the key. The report notes that collecting information some information is legitimate. If I buy a cup from Cafe Press, for example, I do have to identify myself, my contact and payment details, and a place where they can ship the item. Companies should not need to seek permissions to acquire such basic information essential to the transaction. In this same transaction, however, Cafe Press should give me options as to how it uses the information I provide after the fact.
The Commission's second recommendation would like to implement a privacy protection policy along the lines of Privacy by Design, as developed by Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada. As the press release states:
Such protections include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy. Companies also should implement and enforce procedurally sound privacy practices throughout their organizations, including assigning personnel to oversee privacy issues, training employees, and conducting privacy reviews for new products and services.
The report is listed as preliminary. A final report will appear in 2011. The Commission will accept comments through January 31, 2011. As of this writing, the link in the press release for submitting comments was not active.
Some commentators suggest that the FTC will require Congressional action to put much of the report recommendations in place. Good luck with that. Political statements made by those elected to the new Congress convening in January suggest that privacy issues are not on the radar (as in I haven't seen anyone run for office advocating consumer privacy as a campaign issue) and that more regulation on business is disfavored. The report notes that consumers are concerned about privacy, but I doubt that concern is enough to move Congress to act upon it. There also seems to be a hostility to adopting forms of foreign law to U.S. law. Even though Homer Simpson once referred to Canada as "America Junior," Canadian law and practice are still foreign. I think it would take a lot to penetrate the anti-foreign law bias, especially with the next Congress. In all, a nice effort by the Commission. I think it sounds too darn reasonable to survive partisan politics. [MG]