FTC on Privacy and Identity Protection


On December 7, 2009, the Federal Trade Commission (FTC) began the first of three public “Exploring Privacy” roundtables. To an extent, the FTC is at a similar stage as it was in 1989 when it held its conference on online profiling (now referred to as “behavioral targeting”) that led to a recommendation to Congress for “legislation that would set forth a basic level of privacy protection for all visitors to consumer-oriented commercial Web sites with respect to profiling.”[i] The recommendation was withdrawn under the Bush Administration to determine whether the newly established Network Advertising Initiative’s (NAI) self-regulatory standards would prove sufficient.

In 2007, the FTC revisited this issue with its “behavioral targeting” workshop that led to the FTC proposing self-regulatory principles on behavioral targeting for the online advertising industry to adopt.[ii] The FTC’s “suggested” principles were not warmly received by the industry. By 2009, however, the NAI and a coalition of major trade groups including the Interactive Advertising Bureau (IAB) each released proposed principles addressing behavioral advertising.[iii]

Congress is also focusing on this issue, and has held several hearings over the past two years. House Internet Sub-committee Chairman Boucher (D-VA) is expected to introduce a comprehensive privacy bill in early 2010 that will address behavioral targeting. Most think it is unlikely that such a bill will pass this Congress, but it could set the framework for debate in the next Congress which begins in 2011.

The December 7 privacy roundtable launched with Commissioner Pamela Jones-Harbour dismissing as “insufficient” industry efforts to provide notice and choice to consumers and expressing her belief that the nation “needs comprehensive privacy legislation”. Newly appointed FTC Chairman Jon Leibowitz opened the conference by stressing that he was approaching this issue with an open mind while restating his belief that an opt-in standard was appropriate for behavioral targeting (i.e., advertiser or marketer must obtain consumer consent prior to creating an online profile based on past activity).

While the issues may be similar to what was discussed in 1989, its complexity had changed dramatically.

Chris Olsen, the Assistant Director of the FTC’s Division on Privacy and Identity Protection, explained that the FTC would be “taking a look at a number of technologies and business practices,—including social networks, cloud computing, mobile, data broker relationships, and behavioral advertising,—and will assess both the benefits and risks of those practices.” Olsen articulated a shift in the FTC’s emphasis from how data is collected to how it is ultimately used and by whom. The FTC released a chart of the ecosphere for consumer data which illustrated the number of actors involved which has been accelerated by the advent of social media.

The panels of industry and consumer and privacy advocates elicited similar comments as with prior conferences, although industry representatives now conceded that some improvements were required but expressed hope that newly issued self-regulatory principles would avoid the need for regulatory action.

The next round table will be on January 28th at the University of California, Berkeley School of Law.

For more information go to http://www.ftc.gov/bcp/workshops/privacyroundtables.

Author: Bennet Kelley