FTC Commissioner talks online privacy, puts data brokers on notice
- 27 January, 2012 09:18
As the Federal Trade Commission prepares to release a new framework of privacy principles to prod the Internet industry toward tighter protections for consumers' online data, one of the agency's commissioners said that she has grown particularly alarmed at the unchecked actions of data brokers to mine, analyze and potentially sell sensitive information.
Speaking at the George Washington University law school to mark Data Privacy Day, FTC Commissioner Julie Brill warned that companies engaged in the collection and sale of consumer data can expect closer scrutiny from the agency as it moves broadly to step up its efforts in the privacy arena.
Those concerns are heightened when reports bubble up about data brokers pairing online and offline information and packaging it into a predictive model that a life insurance provider, for instance, could use to shape the terms of a policy.
"Analysts are undoubtedly working right now to identify certain Facebook or Twitter habits or activities as predictive of behaviors relevant to whether a person is a good or trustworthy employee, or is likely to pay back a loan," Brill said. "Might there not be a day very soon when these analysts offer to sell information scraped from social networks to current and potential employers to be used to determine whether you'll get a job or promotion? Or to the bank, where you've applied for a loan, to help it determine whether to give you the loan and on what terms?"
In December 2010, the FTC released a preliminary report offering basic guidance for policymakers and members of Congress on a set of principles the agency had developed after a series of meetings with industry stakeholders, businesses, industry groups and others. That report laid out a series of proposals for protecting consumer privacy, including the idea of a do-not-track mechanism that would allow users to opt out of data collection programs patterned after the national do-not-call registry for telemarketers, with the final framework expected to be released early this year.
Brill indicated that the final report, which will formally stand as a set of nonbinding recommendations, will reinforce the guiding principles that animated the preliminary proposals, namely that companies should incorporate privacy by design as they develop new products, services and policies, and that users should be given the choice not to share information and businesses should make their data collection activities transparent.
While many Web companies and advertising outfits have taken steps to give users more insight into their profiles and control over what information is collected, privacy advocates continue to call on the FTC to take a tougher stance on the issue. And in certain instances it has. The agency last year reached high-profile settlements with Google and Facebook over complaints of unfair and deceptive practices and misleading disclosures, for instance, agreements through which the companies will submit to periodic reviews by an independent auditor, among other conditions. Asked about Google's recent changes to its privacy policies, Brill declined to comment, citing the consent agreement her agency reached with the search giant. "It is something that is certainly of interest," she said.
Data Brokers a Quiet Threat
While the privacy practices of the Internet heavyweights often command the headlines, Brill sees in data brokers a much lesser-known threat to consumer privacy, given that those outfits largely operate behind the scenes.
"I am calling on data brokers to take the transparency principle and put it into practice," Brill said, urging industry players to collaborate on a set of best practices, much as online advertisers have.
"Develop a user-friendly, one-stop shop where consumers can gain access to information that data brokers have amassed about them and, in appropriate circumstances, give consumers the ability to correct that information," she added. "Data brokers need to get cracking now to put something like this into place."
In practice, the FTC's enforcement authority in the area of online consumer privacy is limited without action on the part of Congress, and most observers agree that it is highly unlikely that any of the various legislative proposals that have been floated to address the issue will gain political momentum in this election-shortened session.
However, the agency does have its own established mandates through which it can bring enforcement actions, as it did in the cases of Facebook and Google. Brill signaled that data brokers can expect similar scrutiny, though she acknowledged that the industry remains shadowy, and that many of the businesses engaged in data dealing might not even be aware that they are operating in a regulated market.
"We don't know who all of them are," she said. "Many of the data brokers ... may not realize that they are engaging in activities that may fall under the Fair Credit Reporting Act."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow everything from CIO.com on Twitter @CIOonline
Read more about government in CIO's Government Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
CIOs say cost, complexity impede true mobile gains in enterprise
The enlightened CIO’s guide to running projects
The enlightened CIO’s guide to running projects
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Casestudy: Managing an Antivirus Service and Improve the Customer Experience
Anittel Group has provided managed technology and connectivity services to organisations for more than 15 years, expanding to become one of the world’s largest full-service, IT and telecommunications companies. Previously, Anittel deployed an in-built antivirus solution as part of its managed service offering, which addressed a number of its customers’ needs, except for individual malware infections, which occurred as often as a several times a week. In this case study, find out what they did to solve this problem.
Virtualisation and Cloud Computing: Optimised Power, Cooling and Management Maximises Benefits
IT virtualisation, the engine behind cloud computing, can have significant consequences on the data centre physical infrastructure. The particular effects of virtualisation are discussed and possible solutions or methods for dealing with them are offered. Download to learn more.
Is your data centre growing too complex for your backup?
Backing up data today is growing more complex - and in an era of virtualisation, big data and cloud deployments, it can be difficult to maintain control over your data, resulting in loss and downtime. This hour-long webcast features expert commentary on navigating the complexity of backing up a heavily virtualised infrastructure; simplifying your backup software and hardware ecosystem; reducing the cost of backing up your organisation’s data, and modernising your backup infrastructure with integration. The presentations will conclude with an interactive Q&A session.