The Federal Trade Commission released its much anticipated staff report on privacy following its 2009-2010 privacy round-tables with all attention going to its call for a Do Not Track (“DNT”) System.  Unlike earlier DNT proposals which called for a registry system, the FTC is instead calling on browsers to implement a DNT mechanism. No such browser currently has that capability and some have questioned its feasibility.  Mozilla, however, already is exploring such an option for its Firefox browsers.

The FTC currently does not have the authority to mandate a DNT regime, but FTC Chairman Leibowitz indicated that legislation will be required if “industry doesn’t step up to the plate.”  One inherent problem in legislating technology over conduct is that technology is quickly outdated and the browser will soon be replaced by other mobile platforms.

House Consumer Affairs Subcommittee Chairman Bobby Rush (D-IL) held a hearing Thursday on the FTC proposal and while the idea was well received by Democrats, with Congressional Privacy Caucus Co-Chair Ed Markey (D-MA) indicating he plans to introduce legislation blocking tracking of children, On the Senate side, Senate Commerce Committee Chairman Jay Rockefeller (D-WV) and Senate Internet Subcommittee Chairman John Kerry (D-MA) both praised the report, with Rockefeller stressing “self-regulation has largely failed, online companies must be more accountable, and our national privacy policy must better serve consumers.” Kerry is also reported to be working on privacy legislation.

Republicans (who will control the House next year) were skeptical.  Rep. Steve Scalise (R-LA) stressed that “our first step should not be finding ways the government can regulate the Internet.”  Republican FTC Commissioner William E. Kovacic argued the DNT proposal was premature and that the FTC “needed to present “greater support for the proposition that consumer expectations of privacy are largely going unmet.”  Even Commerce Department official Daniel J. Weitzner urged caution.

Aside from the DNT proposal, the report set forth three key privacy principles that should form the basis for a privacy framework moving forward:

  • PRIVACY BY DESIGN: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. Companies should incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention practices, and data accuracy.
  • SIMPLIFIED CHOICE: Companies should simplify consumer choice. Companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment. For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data.
  • GREATER TRANSPARENCY: Companies should increase the transparency of their data practices. Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices. Companies should provide reasonable access to the consumer data they maintain; the extent of access should be proportionate to the sensitivity of the data and the nature of its use. Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected.

The Commerce Department’s (“DOC) Privacy Task Force will soon be issuing its own report, which is expected to recommend baseline privacy legislation along the lines of Rep. Boucher’s (D-VA) proposal earlier this year (who was defeated in November after 14 terms in the House).  Privacy hawks are critical of DOC’s role in running the EU Data Safe Harbor Program and believe the FTC should take the lead on privacy.

The Republican takeover of the House, has led to an intense ideological battle over who will be chair of the House Energy & Commerce Committee in the new Congress.   The outcome is not expected to have much of an impact on privacy legislation which is generally perceived as bi-partisan (although Republicans may take a particular interest in the topic as a means to punish pro-Democratic Google and Facebook).  Privacy will be an issue on both sides of the Atlantic in 2011, as the new EU Justice Commission Viviane Reding has indicated that she will introduce an overhaul of the EU’s privacy laws that will address behavioral targeting, call for a ”right to be forgotten” once a user quits a web service and revisit international data transfers.

More Info: FTC Report and Press Release; Rush Subcommittee Hearing Briefing Memorandum; Rockefeller Press Release; GOP Could Make Trouble for Google, Hillicon Valley; Commerce Dept. Criticized For ‘Lack Of Rigor’ On Privacy, Media Daily News; Hiding Online Footprints, Wall Street Journal; Proposed Law Would Prohibit Data Collection on Kids, Wall Street Journal; Internet: EU plans overhaul of data protection law, The Chief Officer’s Network; Legislators Support Internet Privacy, but Question How to Do It, New York Times; Feasibility of FTC ‘Do-Not-Track’ Option In Doubt , ClickZ;


  1. Pingback: TOP STORY FTC CALLS FOR DO NOT TRACK OPTION « ILC Cyber Report | E-Commerce Center

  2. Pingback: NEW CYBER REPORT – Top Story FTC Do Not Track Proposal « BGK Blog

Comments are closed.