FTC and Big Data

March 2012

FTC Privacy Report

To address the invisibility of, and consumers’ lack of control over, data brokers’ collection and use of consumer information, the Commission supports targeted legislation – similar to that contained in several of the data security bills introduced in the 112th Congress – that would provide consumers with access to information about them held by a data broker. To further increase transparency, the Commission calls on data brokers that compile data for marketing purposes to explore creating a centralized website where data brokers could (1) identify themselves to consumers and describe how they collect and use consumer data and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain.


Commissioner Brill – ANA Keynote

But there is more to this than the “creepiness” factor, as some describe it, of having all sorts of market analysts and data brokers pouring over the records of purchasing and online browsing habits, as well as our geolocation information and other information gleaned from our
computers and smartphones.
I believe that consumers are worried – and should be – about the masses of data that are collected about them, and then packaged, parsed, sold, and resold by largely faceless data brokers. This practice runs afoul of the FTC’s recommendation that companies practice data  minimization – a key tenet of privacy by design, which is in turn a key principle we believe companies should adopt to protect their customer’s privacy.
On the most basic level, collecting and retaining vast amounts of consumer information vastly increases the damage a data breach can cause. But the ways in which that data can be used are just as disturbing, maybe even more so.

December 2012
FTC Workshop on Comprehensive Online Data Collection


  • What methods are used to collect data about consumers’ activities across the Internet?
  • What are the benefits of comprehensive data collection and what are the possible privacy challenges?
  • Which entities are capable of comprehensive data collection, and which of them are doing so?
  • How aware are consumers of comprehensive data collection, and what are their attitudes toward it?
  • If companies implement comprehensive data collection, how can they effectively inform consumers about the collection and provide meaningful choice to consumers?
  • What privacy risks are created by serving as a host for third-party applications?
  • Are there sufficient choices among online products and services to give consumers meaningful options should they wish to avoid products or services that use comprehensive data collection?
  • What legal protections currently exist in this area?
  • What legal protections should be provided?