The Federal Trade Commission (FTC) has issued a final report – ‘Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers’ – outlining best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data, according to an FTC press release. The FTC also recommends that Congress consider enacting general privacy legislation, data security and breach notification legislation, and data broker legislation. The report, which expands on a preliminary report the FTC issued in December 2010, is available at: http://www.ftc.gov/os/2012/03/120326privacyreport.pdf. The final FTC Privacy Report calls on businesses handling consumer data to implement recommendations for protecting privacy that include:
- Privacy by Design – Businesses should build in privacy protections for consumers at every stage in developing their products, including reasonable security for consumer data, limited collection and retention of consumer data, and reasonable procedures to promote data accuracy;
- Simplified Choice for Businesses and Consumers – Businesses should give consumers the option to decide what information is shared about them, and with whom, and should include a ‘Do-Not-Track’ mechanism to provide a simple and easy way for consumers to control the tracking of their online activities.
- Greater Transparency – Businesses should disclose details about their collection and use of personal information of consumers and provide consumers access to the data collected about them.
- Do-Not-Track – The FTC commends the progress made by browser vendors that have developed tools to allow consumers to limit data collection about them, and will work with these groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system.
- Mobile – The FTC urges companies offering mobile services to work toward improved privacy protections, including disclosures, and will host a workshop on May 30, 2012 to address how mobile privacy disclosures can be short, effective, and accessible to consumers on small screens.
- Data Brokers – The FTC calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, to disclose how they collect and use consumer data, and to detail the choices that data brokers provide consumers about their own information.
- Large Platform Providers – The FTC cited heightened privacy concerns about the extent to which platforms, such as Internet Service Providers, operating systems, browsers and social media companies, seek to comprehensively track the online activity of consumers. The FTC will host a public workshop in the second half of 2012 to explore issues related to comprehensive tracking.
- Promoting Enforceable Self-Regulatory Codes – The FTC will work with the Department of Commerce to develop industry-specific codes of privacy conduct, and when companies adhere to these codes, the FTC will take that into account in its law enforcement efforts. If companies do not honor the codes they sign up for, they could be subject to FTC enforcement actions.