On December 1, 2010, the FTC issued its long-awaited report, titled “Protecting Consumer Privacy in an Era of Rapid Change:  A Proposed Framework for Businesses and Policymakers” (the “Report”).  The Report was developed after a series of roundtable discussions among stakeholders designed to explore privacy issues in the 21st century.  Those discussions focused on the challenges associated with advancing technology and business practices that allow for the collection and sharing of consumer data that often go unstated as well as unnoticed by consumers, and the resulting threats perceived by some to consumer privacy. 

The Report is meant to build upon the notice-and-choice and harm-based models, the limitations of which have been recognized by the FTC.  The Report provides a framework, applicable to all “commercial entities that collect data that can be reasonably linked to a specific consumer, computer, or other device,” that attempts to balance the privacy interests of consumers against the interests of businesses to utilize consumer information to sell products and services.  There are three main tenets of the framework:

  • “Privacy By Design” – Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services
  • Consumer Choice – Companies should simplify consumer choice
  • Transparency – Companies should increase the transparency of their data practices

Privacy By Design
With respect to the first tenet, the Report proposes that companies address privacy issues from the start of their development of new products, services and business models, and build privacy protections into a company’s everyday business practices.  This should include issues relating to  data security, reasonable collection limits, sound retention practices, and data accuracy.  According to the FTC, baking privacy into an organization’s everyday reality involves careful consideration and accountability.  For this reason, the Commission recommends (a) assigning personnel to oversee privacy issues from the earliest stages of research and development, (b) training employees on privacy issues and (c) conducting privacy reviews of new products and services to determine the privacy implications of such innovations.  In the FTC’s own words, “such concepts are not new, but the time has come for industry to implement them systematically.” 

Consumer Choice
As to the second tenet, the Report suggests that companies provide simple, stream-lined choices to consumers about their data practices.  For “commonly accepted” data practices – such as collecting a consumer’s name and address to deliver a product – consumer choice would not be necessary.  But for data practices that are not “commonly accepted,” consumers would be provided meaningful choices about how their data will be used.  The Report also suggests the establishment of a uniform “Do not track” option, by which consumers would be able to opt-out of having their online activities tracked for advertising purposes.  The feasibility and merit of a “Do Not Track” system is a hotly debated issue.  While some stakeholders argue that allowing consumers to affirmatively choose not to allow companies to learn about them by monitoring their online behaviors is an important part of respecting consumer privacy, others fear that “Do Not Track” mechanisms may have serious unintended consequences for consumers because Internet businesses use the money they make targeting ads to subsidize the cost of free content and services on the Internet.

Transparency
With respect to the third tenet, the Report proposes that companies make their data practices more transparent.  This part of the Report focuses on providing consumers with clear, concise, easy-to-read policies, access to the data that companies maintain about them, as well as notice and consent for significant retroactive changes to data policies.  As the myriad of ways in which businesses collect, use, store and disclose information has continued to grow, so too has the length of online privacy policies.  Moreover, as mobile technologies increase in popularity and their screen size continues to shrink, it is more important to provide clear and concise descriptions of privacy practices.  In that regard, the Report points to the [recently-introduced model financial privacy notices under the Gramm-Leach-Bliley Act] [link to our blog post on this] as an example of the direction in which online privacy policies should head.  The FTC hopes that such standardization will “allow consumers to make choices based on privacy and will potentially drive competition on privacy issues.” 

The Commission is soliciting comments from interested parties concerning the proposals discussed in the Report.  Comments are due by January 31, 2011.  Based upon the comments, the Commission intends to issue a final report sometime in 2011.  We will continue to report on developments concerning the Report.

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Margaret A. Dale Margaret A. Dale

Margaret Dale is a trial lawyer and first-chair litigator handling complex business disputes across a wide variety of industries, including: consumer products, media and entertainment, financial services, telecommunications and technology, and higher education. She is a former vice-chair of the Litigation Department, and…

Margaret Dale is a trial lawyer and first-chair litigator handling complex business disputes across a wide variety of industries, including: consumer products, media and entertainment, financial services, telecommunications and technology, and higher education. She is a former vice-chair of the Litigation Department, and heads the Department’s Data Privacy and Cybersecurity Practice Group. Margaret has been recognized since 2017 in Benchmark Litigation’s Top 250 Women in Litigation.

Margaret’s practice covers the spectrum of complex commercial disputes, including privacy and data security matters, as well as disputes involving M&A, intellectual property, bankruptcy and insolvency, securities, corporate governance, and asset management.

Margaret regularly counsels clients before litigation commences to assess risk, adopt strategies to minimize or deflect disputes, and resolve matters without going to court.

Margaret is a frequent writer, including authoring a regular column on corporate and securities law in the New York Law Journal. She also serves as the lead editor of Proskauer’s blog on commercial litigation, Minding Your BusinessShe also authored the chapter titled “Privileges” in the treatise Commercial Litigation in New York State Courts (Haig, 5th ed.), as well as the chapter titled “Data Breach Litigation” in PLI’s Proskauer on Privacy.

Margaret maintains an active pro bono practice advocating on issues relating to women, children and veterans. She serves on the Board of Directors of CFR (Center for Family Representation), VLA (Volunteer Lawyers for the Arts), JALBC (Judges and Lawyers Breast Cancer Alert), and the City Bar Fund.