Privacy Gains: The FTC Begins Move To Protect Consumers Online
Monday, the FTC released a report publishing principles and recommendations for consumer privacy. The report, “Protecting Consumer Privacy in an Era of Rapid Change” (summary and full report) provides what the FTC considers best business practices around privacy. These best practices are not regulations, but they are intended to serve as guidelines for legislators in drafting privacy regulations. And they can also serve as a framework for the federal government’s own privacy policies and personal data practices.
At the core of the report, and in broader privacy circles, we see discussions center around three foundational elements of privacy: knowledge, consent, and control.
Knowledge. The collection and use of information should be transparent. Consumers should know what is being collected, how it is being collected, how it is being used, and how it is being shared.
Consent. Consumers should be presented with a mechanism for agreeing to these practices. The recommendations did not mandate an “opt-in” versus “opt-out” approach: whether the default policy if the consumers don’t take any specific action would be not to collect (“opt-in”) or to collect (“opt-out”). But the report does advance the notion that it is insufficient for organizations to provide an all or nothing approach, where conditions on use of a service or product requires you to submit to full data collection.
Control. Consumers should have choices as to whether and to