FTC Wants Online Privacy Hub for Data Brokers
Agency publishes final privacy framework, reaffirming support for legislation.
The Federal Trade Commission wants data brokers to create a web site for information about data collection, sales, and disclosure. More than a year after introducing a privacy framework draft, the agency published the final version of the document today. The FTC also eased proposed data-related restrictions on small businesses, reaffirmed its calls for data security legislation, and asked Congress to pass “baseline privacy legislation.”
Today’s final report also stressed the need for a do-not-track mechanism, noting the FTC will work with the Digital Advertising Alliance and the World Wide Web Consortium in developing a standard DNT browser tool that can be used globally.
After expressing his support for DNT legislation, FTC chairman Jon Leibowitz added, “I’m very hopeful do-not-track can be done without legislation, but if it can’t be, I suspect it will be done with legislation.”
Leibowitz suggested that a standard browser-based DNT mechanism should be ready by the end of the year. The ad industry’s self-regulatory privacy coalition, the DAA, joined with the U.S. Commerce Department and FTC last month to plan for a browser-based do-not-track standard.
The commission also suggested the data broker industry “explore the idea of creating a centralized website where data brokers that compile and sell data for marketing could identify themselves to consumers and describe how they collect consumer data and disclose the types of companies to which they sell the information.” The site could link to company sites where users could control data collection and sharing.
Businesses dealing with relatively small amounts of non-sensitive data will also have a reprieve. “The preliminary report recommended that the proposed framework apply to all commercial entities that collect or use consumer data that can be linked to a specific consumer, computer, or other device. Recognizing the potential burden on small businesses, the report concludes that the framework should not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year,” stated today’s report.
In addition, the FTC wants mobile services companies to develop “improved privacy protections, including the development of short, meaningful disclosures.” The commission will hold a workshop May 30 to discuss mobile privacy disclosures.
