The Federal Trade Commission has issued a new report on consumer privacy and online tracking and among the recommendations the commission makes is that data brokers make themselves known to consumers and be open and transparent about the data they collect on consumers. The FTC also says that companies should be building privacy protections into their products by design, including implementing the Do Not Track mechanism once it’s finalized.

The new privacy framework from the FTC is fairly broad in scope and includes principles regarding consumer choice, Do Not Track, mobile platforms and other issues. The two most important things for consumers in the framework are the emphasis on Do Not Track technology and the ways in which data brokers should behave. Data brokers are essentially an unregulated group of companies that collect, store and sell information about consumers and their behaviors and buying preferences. Privacy advocates and some lawmakers have criticized the industry’s practices and called for some regulation.

“To address the invisibility of, and consumers’ lack of control over, data brokers’ collection and use of consumer information, the Commission supports targeted legislation – similar to that contained in several of the data security bills introduced in the 112th Congress – that would provide consumers with access to information about them held by a data broker. To further increase transparency, the Commission calls on data brokers that compile data for marketing purposes to explore creating a centralized website where data brokers could (1) identify themselves to consumers and describe how they collect and use consumer data 

and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain,” the report says.

One of the major issues with the data broker industry is that the companies are essentially invisible to the consumers whose data they warehouse. Most consumers have little idea that these companies even exist, let alone what kinds of data they collect, catalog and sell to advertisers and other buyers. The only time that consumers typically become aware of these companies is when they get a letter in the mail informing them that some of their personal data had been compromised in a breach at a broker or one of their customers.

As a result, the FTC is recommending that the industry not only create a central site to inform consumers about the kinds of data they collect and sell, but also is pushing for legislation to address the industry’s problems.

“First, since 2009, the Commission has supported legislation giving access rights to consumers for information held by data brokers. During the 111th Congress, the House approved a bill that included provisions to establish a procedure for consumers to access information held by data brokers. To improve the transparency of this industry’s practices, the Commission has testified in support of the goals of this legislation and continues to support legislation in this area,” the report says.

The framework from the FTC does not comprise new regulations, but is rather a set of guidelines that the commission feels companies who handle consumer data should adopt. One of the more important components of the framework is the emphasis on Do Not Track technology. The FTC lauds the industry for moving toward the adoption of the technology, which is designed to enable consumers to tell sites whether they consent to being tracked online.

“Industry has made significant progress in implementing Do Not Track. The browser vendors have developed tools that consumers can use to signal that they do not want to be tracked; the DAA has developed its own icon-based tool and has committed to honor the browser tools; and the W3C has made substantial progress in creating an international standard for Do Not Track. However, the work is not done. The Commission will work with these groups to complete implementation of an easy-to use, persistent, and effective Do Not Track system,” the report says.

Do Not Track has been adopted by Mozilla and Microsoft in various forms and Google said recently that it would implement the technology in Chrome soon. 

Categories: Data Breaches, Government