The Federal Trade Commission introduced a framework today that aims to address privacy issues raised by consumers that directly affects how our activity is tracked online. The agency went on to advocate the creation of a “Do Not Track” mechanism that could help shape the future of browser security.
“We deserve far better from the corporations we trust our data with,” FTC Chairman Jon Leibowitz said in a teleconference Tuesday.
The preliminary report (PDF), titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” proposes a three-pronged solution.
First, enterprises should approach privacy by design, “baking-in” protection and retaining data only if they have a legitimate business reason to do so.
Second, the FTC advised that consumers have their privacy choices presented to them in a more clear and concise manner. By simplifying data collection measures, consumers can be saved from sharing their data only after reading dodgy and complex privacy documents. According to the report, “companies should not have to seek consent for certain commonly accepted practices,” which would help alleviate some burden on businesses.
Citing this growing burden and the constantly changing information marketplace, the report goes on to recommend the implementation of a “Do Not Track” mechanism. Instead of going on a company-by-company basis, the FTC conceded this could be done on a browser-to-browser basis.
For example, a browser add-on could be used to implement a comprehensive opt-out feature, according to the FTC which referenced Microsoft, Google and Mozilla’s ongoing experiments in the field.
Google’s Chrome browser offers an “incognito” feature that allow users to browse anonymously and delete both browsing history and tracking cookies after a Web session ends. But browsers need to further allow users to establish a Web session that still gives them granular control over tracking, according to Edward Felten, incoming Chief Technologist for the FTC, on a teleconference with reporters on Wednesday.
Felten referenced Adobe’s recent struggles with their flash software, pointing out that privacy controls on browsers don’t directly affect the storage of flash cookies.
Leibowitz stressed the new mechanism would not be a list or registry that users would have to sign up for, rejecting comparisons to the U.S.’s Do Not Call Registry, started in 2004.
Lastly, the FTC report recommends additional measures to help improve the transparency surrounding user’s data, suggesting companies supply consumers with “reasonable access” to certain information. The report also encourages privacy education, ensuring that stakeholders and policymakers are committed to see this through.
Internet privacy has become a contentious issue as companies like Microsoft, Google and Facebook have begun to recognize the huge marketing and business advantages that flow from aggregated data on users online activities, preferences and social connections.
In September, Google announced changes to its privacy policy to make it easier for users to understand what kinds of data it would collect and retain from users. That same month, Samy Kamkar, a security researcher famous for developing the first social network worm in 2005, released “Evercookie,” a proof of concept Web tracking cookie that he claimed couldn’t be deleted. Kamkar said Evercookie was designed to raise awareness about the ease with which Web site operators can evade privacy tools designed to shield Web users’ privacy.
In October, Chris Soghoian, a former FTC technologist and privacy activist, filed a complaint with the FTC asking the Commission to force Google to changes its privacy policy to change its policies to avoid leaking sensitive user information in the so-called “referrer header data” it passes along to third party sites.
Finally, social networking behemoth Facebook found itself on the wrong end of a Wall Street Journal expose in October that showed that some of the leading applications running on the social networking platform were sharing user data with third parties in violation of Facebook policies.
In many ways the report echoes thoughts expressed at September’s Gov 2.0 Summit, where the FTC’s Loretta Garrett spoke on how consumers should be entitled to have more information when it comes to privacy to make better decisions.