FTC Commissioner talks online privacy, puts data brokers on notice
- 27 January, 2012 09:18
As the Federal Trade Commission prepares to release a new framework of privacy principles to prod the Internet industry toward tighter protections for consumers' online data, one of the agency's commissioners said that she has grown particularly alarmed at the unchecked actions of data brokers to mine, analyze and potentially sell sensitive information.
Speaking at the George Washington University law school to mark Data Privacy Day, FTC Commissioner Julie Brill warned that companies engaged in the collection and sale of consumer data can expect closer scrutiny from the agency as it moves broadly to step up its efforts in the privacy arena.
Those concerns are heightened when reports bubble up about data brokers pairing online and offline information and packaging it into a predictive model that a life insurance provider, for instance, could use to shape the terms of a policy.
"Analysts are undoubtedly working right now to identify certain Facebook or Twitter habits or activities as predictive of behaviors relevant to whether a person is a good or trustworthy employee, or is likely to pay back a loan," Brill said. "Might there not be a day very soon when these analysts offer to sell information scraped from social networks to current and potential employers to be used to determine whether you'll get a job or promotion? Or to the bank, where you've applied for a loan, to help it determine whether to give you the loan and on what terms?"
In December 2010, the FTC released a preliminary report offering basic guidance for policymakers and members of Congress on a set of principles the agency had developed after a series of meetings with industry stakeholders, businesses, industry groups and others. That report laid out a series of proposals for protecting consumer privacy, including the idea of a do-not-track mechanism that would allow users to opt out of data collection programs patterned after the national do-not-call registry for telemarketers, with the final framework expected to be released early this year.
Brill indicated that the final report, which will formally stand as a set of nonbinding recommendations, will reinforce the guiding principles that animated the preliminary proposals, namely that companies should incorporate privacy by design as they develop new products, services and policies, and that users should be given the choice not to share information and businesses should make their data collection activities transparent.
While many Web companies and advertising outfits have taken steps to give users more insight into their profiles and control over what information is collected, privacy advocates continue to call on the FTC to take a tougher stance on the issue. And in certain instances it has. The agency last year reached high-profile settlements with Google and Facebook over complaints of unfair and deceptive practices and misleading disclosures, for instance, agreements through which the companies will submit to periodic reviews by an independent auditor, among other conditions. Asked about Google's recent changes to its privacy policies, Brill declined to comment, citing the consent agreement her agency reached with the search giant. "It is something that is certainly of interest," she said.
Data Brokers a Quiet Threat
While the privacy practices of the Internet heavyweights often command the headlines, Brill sees in data brokers a much lesser-known threat to consumer privacy, given that those outfits largely operate behind the scenes.
"I am calling on data brokers to take the transparency principle and put it into practice," Brill said, urging industry players to collaborate on a set of best practices, much as online advertisers have.
"Develop a user-friendly, one-stop shop where consumers can gain access to information that data brokers have amassed about them and, in appropriate circumstances, give consumers the ability to correct that information," she added. "Data brokers need to get cracking now to put something like this into place."
In practice, the FTC's enforcement authority in the area of online consumer privacy is limited without action on the part of Congress, and most observers agree that it is highly unlikely that any of the various legislative proposals that have been floated to address the issue will gain political momentum in this election-shortened session.
However, the agency does have its own established mandates through which it can bring enforcement actions, as it did in the cases of Facebook and Google. Brill signaled that data brokers can expect similar scrutiny, though she acknowledged that the industry remains shadowy, and that many of the businesses engaged in data dealing might not even be aware that they are operating in a regulated market.
"We don't know who all of them are," she said. "Many of the data brokers ... may not realize that they are engaging in activities that may fall under the Fair Credit Reporting Act."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow everything from CIO.com on Twitter @CIOonline
Read more about government in CIO's Government Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Moving to a Private Cloud? Infrastructure Really Matters!
- Tolly Report: Performance Survey of Virtual Environment Security
- In Control at Layer 2: A Tectonic Shift in Network Security
- Governance For All - Empowering IT and Business Content Owners
- Managing the Rapid Rise in Database Growth: 2011 IOUG Survey on Database Manageability
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Advanced Malware Exposed
This handbook shines a light on the dark corners of advanced malware, both to educate as well as to spark renewed efforts against these stealthy and persistent threats. By understanding the tools being used by criminals, we can better defend our nations, our critical infrastructures and our citizens. This ebook will provide readers with a new understanding of the rapidly developing cyber threat landscape and practical insights into how they can protect their data and computing infrastructures. Download now.
Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression
Messaging and collaboration platforms have emerged as mission critical applications, consuming a large portion of IT spending for organisations. The rich features in these applications have significantly changed the messaging requirements and needs of today’s information from anywhere with any device, the result is an ever increasing demand on storage systems both in terms of capacity and bandwidth. Many organisations are rethinking their storage strategies to meet the demanding criteria and to handle the future requirements. Read more.
Advanced Targeted Attacks
The new threat landscape has changed. Cybercriminals are aggressively pursuing valuable data assets, such as financial transaction information, product design blueprints, user credentials to sensitive systems, and other intellectual property. Simply put, the cyber offense has outpaced the defensive technologies used by most companies today. Find out more on how to protect against the next generation of cyber-attacks.