What does the FTC chairman say about online personal data?
snippets via [pdf]
Online and Overexposed:
Consumer Privacy, the FTC, and the Rise of the Cyberazzi
First, companies in the business of collecting, storing, and manipulating consumer data need to build privacy protections into their everyday business practices – we call this “privacy by design.” Companies that collect consumer data should do so only for a specific business purpose, store it securely, keep it only as long as necessary to fulfill its legitimate business need, then dispose of it safely.
The more sensitive the data, the stronger the protections should be. To its credit, much of industry is embracing this approach – even before we issued the draft report.
Second, transparency. Any companies gathering information online need to tell consumers what’s going on. And by this, I do not mean another three-point font, ten-page document written by corporate lawyers and buried deep within the site. I asked our staff to look at data disclosures on mobile devices; one form took 109 clicks to get through, and the staffer who discovered that is probably the only one who ever made it to click number 109.
Transparency is not an unreasonable request. My daughters can go to any of a number of retail clothing websites, and, with one click, see a clear description of a pair of pants – color, sizes, fit, customer reviews, shipping options. One more click – that’s a total of 2, not 109 – and they can choose exactly the pants they want, in their sizes and favorite colors, shipped where they want them. Put the guy who designed that page on the job of presenting a meaningful disclosure and consent form.
Third, choice. Consumers should have streamlined and effective choices about the collection and use of their data. That includes choices about when, why, and how cyberazzi follow them into cyberspace.
To that end, we proposed a “Do Not Track” mechanism that will allow consumers to decide whether to share information about their browsing behavior. We envision a system consumers can find and use easily and one that all companies employing cyberazzi must respect.
A vision of Do Not Track bears some similarities to the successful Do Not Call program. Now with more than 200 million registered phone numbers, Do Not Call has brought some peace and quiet to Americans’ dinner hour; no wonder Dave Barry called it the “most popular federal concept since the Elvis stamp.”
But unlike Do Not Call, the FTC does not think Do Not Track should be administered by the government.
We hope different sectors of industry will work collaboratively to give consumers choices about how and when they are tracked online.
HA!