While the FTC has been looking at privacy issues related to the Web for more than a decade, it was expected that the high visibility of privacy issues recently created, in part, by Facebook, that the FTC would be taking a Facebook hard look at privacy issues in 2008.
In sum, the FTC suggests that companies involved in tracking and targeting consumers always inform consumers of the data they collect, how it is to be used, that they have a choice to opt-in, and that any changes to this agreement are stated, which would require their expressed consent.
Here are five principles for behavioral advertising (paraphrased):
Transparency and consumer control. Every Web site where data is collected for behavioral advertising should provide a clear, concise, consumer-friendly, and prominent statement that (1) data about consumers’ activities online is being collected at the site for use in providing advertising about products and services tailored to individual consumers’ interests, and (2) consumers can
choose whether or not to have their information collected for such purpose.
Reasonable security, and limited data retention, for consumer data. Companies should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need. (The FTC staff is also seeking comment on how long companies should retain such data.)
Affirmative express consent for material changes to existing privacy promises. Companies must keep any promises that it makes with respect to how it will handle or protect consumer data, even if it decides to change its policies at a later date. Any changes in how collected data is used requires obtain affirmative express consent from affected consumers.
Affirmative express consent to (or prohibition against) using sensitive data for behavioral advertising. Companies should only collect sensitive data for behavioral advertising if they obtain affirmative express consent from the consumer to receive such advertising. (The FTC staff is also seeking input defining sensitive data and whether some data should never be collected.)
Call for additional information: Using tracking data for purposes other than behavioral advertising. FTC staff also seeks comment on what constitutes “sensitive data” and whether the use of sensitive data should be prohibited, rather than subject to consumer choice. (Comments will be received through Feb. 22.)
The latter suggests carrot dangling (perceived benefits) for sensitive information (like social security card numbers) might not be an option.
Overall, the FTC has been very balanced in its approach to online advertising, recognizing there is a fine between protecting consumers and allowing companies to develop advertising programs that fund content and benefits for consumers.
But what is most important is to consider that self-regulation is generally maintained by the willing participation of companies to adhere to these principles. Every abuse, especially by visible companies, will move these principles toward permanent federal regulation. You can find the complete FTC guidelines here.
