FTC Commissioner talks online privacy, puts data brokers on notice
- 27 January, 2012 09:18
As the Federal Trade Commission prepares to release a new framework of privacy principles to prod the Internet industry toward tighter protections for consumers' online data, one of the agency's commissioners said that she has grown particularly alarmed at the unchecked actions of data brokers to mine, analyze and potentially sell sensitive information.
Speaking at the George Washington University law school to mark Data Privacy Day, FTC Commissioner Julie Brill warned that companies engaged in the collection and sale of consumer data can expect closer scrutiny from the agency as it moves broadly to step up its efforts in the privacy arena.
Those concerns are heightened when reports bubble up about data brokers pairing online and offline information and packaging it into a predictive model that a life insurance provider, for instance, could use to shape the terms of a policy.
"Analysts are undoubtedly working right now to identify certain Facebook or Twitter habits or activities as predictive of behaviors relevant to whether a person is a good or trustworthy employee, or is likely to pay back a loan," Brill said. "Might there not be a day very soon when these analysts offer to sell information scraped from social networks to current and potential employers to be used to determine whether you'll get a job or promotion? Or to the bank, where you've applied for a loan, to help it determine whether to give you the loan and on what terms?"
In December 2010, the FTC released a preliminary report offering basic guidance for policymakers and members of Congress on a set of principles the agency had developed after a series of meetings with industry stakeholders, businesses, industry groups and others. That report laid out a series of proposals for protecting consumer privacy, including the idea of a do-not-track mechanism that would allow users to opt out of data collection programs patterned after the national do-not-call registry for telemarketers, with the final framework expected to be released early this year.
Brill indicated that the final report, which will formally stand as a set of nonbinding recommendations, will reinforce the guiding principles that animated the preliminary proposals, namely that companies should incorporate privacy by design as they develop new products, services and policies, and that users should be given the choice not to share information and businesses should make their data collection activities transparent.
While many Web companies and advertising outfits have taken steps to give users more insight into their profiles and control over what information is collected, privacy advocates continue to call on the FTC to take a tougher stance on the issue. And in certain instances it has. The agency last year reached high-profile settlements with Google and Facebook over complaints of unfair and deceptive practices and misleading disclosures, for instance, agreements through which the companies will submit to periodic reviews by an independent auditor, among other conditions. Asked about Google's recent changes to its privacy policies, Brill declined to comment, citing the consent agreement her agency reached with the search giant. "It is something that is certainly of interest," she said.
Data Brokers a Quiet Threat
While the privacy practices of the Internet heavyweights often command the headlines, Brill sees in data brokers a much lesser-known threat to consumer privacy, given that those outfits largely operate behind the scenes.
"I am calling on data brokers to take the transparency principle and put it into practice," Brill said, urging industry players to collaborate on a set of best practices, much as online advertisers have.
"Develop a user-friendly, one-stop shop where consumers can gain access to information that data brokers have amassed about them and, in appropriate circumstances, give consumers the ability to correct that information," she added. "Data brokers need to get cracking now to put something like this into place."
In practice, the FTC's enforcement authority in the area of online consumer privacy is limited without action on the part of Congress, and most observers agree that it is highly unlikely that any of the various legislative proposals that have been floated to address the issue will gain political momentum in this election-shortened session.
However, the agency does have its own established mandates through which it can bring enforcement actions, as it did in the cases of Facebook and Google. Brill signaled that data brokers can expect similar scrutiny, though she acknowledged that the industry remains shadowy, and that many of the businesses engaged in data dealing might not even be aware that they are operating in a regulated market.
"We don't know who all of them are," she said. "Many of the data brokers ... may not realize that they are engaging in activities that may fall under the Fair Credit Reporting Act."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow everything from CIO.com on Twitter @CIOonline
Read more about government in CIO's Government Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Bouncing Back From CIO Unemployment
Union slams latest fibre-to-premise trial in Tasmania
ERP Selection: Finding the Right Fit
Finding a needle in a hay stack is hard, but the task pales in comparison to finding a specific needle in a pile of needles. Selecting the ideal Enterprise Resource Planning (ERP) solution can feel just as daunting. ERP represents a serious investment for any organisation and is vital to future success. This report explores the strategies organisations are employing to find the right ERP fit that will give them the tools they need to thrive.
Reducing Telephony Costs in Healthcare
Learn how a not-for-profit national New Zealand health service employed a Unified Communication (UC) solution to achieve the more responsive, flexible telephony that’s critical for patients and nursing, along with greater visibility, and at least 30% annual savings.
Leading insurance provider’s desktop virtualization deployment
QBE insurance group met the challenge of swiftly deploying a desktop virtualization solution, after practically outsourcing its entire IT department overnight. Read their story to learn how to allow users a comfortable desktop while ensuring that IT can maintain control.