received over 450 comments from businesses, privacy advocates, and
consumers and claims that the final Report retains the basic
principles outlined previously, but claiming it makes several
important refinements. There's also a brief new video explaining the FTC's positions. Here
are the key take-aways from the final report:
Privacy by Design. Companies should build
privacy protections into their everyday business practices. That
includes limiting data collection and retention, securing the
information they hold on to, safely disposing of what they no
longer need, and implementing reasonable measures to ensure
information is accurate.
Simplified Choice. Companies should give
consumers a choice at a time and in a context that matters to
people. The preliminary report noted that choice shouldn't be
necessary for certain "commonly accepted practices." The
final Report concludes that choice needn't be provided for data
practices that people would expect, given the context of the
transaction, the company's relationship with the consumer, or
as required or specifically authorized by law.
Do Not Track. The Report also reaffirms the
Commission's strong support for Do Not Track.
Improved Transparency. Companies should
increase the transparency of their data practices by developing
clearer, more standardized privacy disclosures and could give
people reasonable access to their information.
Exemption of Small Businesses. To minimize the
effect on smaller companies, the final framework doesn't apply
to them if they collect only non-sensitive data from fewer than
5,000 consumers a year, provided they don't share the data with
"First, the Report is rooted in its insistence that the
"unfair" prong, rather than the "deceptive"
prong, of the Commission's Section 5 consumer protection
statute, should govern information gathering practices (including
"tracking"). "Unfairness" is an elastic and
elusive concept. What is "unfair" is in the eye of the
"Second, the current self-regulation and browser
mechanisms for implementing Do Not Track solutions may have
advanced since the issuance of the preliminary staff Report"
and the Report does not adequately take account of this
"I am concerned that "opt-in" will necessarily
be selected as the de facto method of consumer choice for a wide
swath of entities that have a first-party relationship with
consumers but who can potentially track consumers' activities
across unrelated websites, under circumstances where it is
unlikely, because of the "context" (which is undefined)
for such tracking to be "consistent" (which is undefined)
with that first-party relationship: 1) companies with multiple
lines of business that allow data collection in different contexts
(such as Google); 2) "social networks," (such as Facebook
and Twitter), which could potentially use "cookies,"
"plug-ins," applications, or other mechanisms to track a
consumer's activities across the Internet; and 3)
"retargeters," (such as Amazon or Pacers), which include
a retailer who delivers an ad on a third-party website based on the
consumer's previous activity on the retailer's
"I question the Report's apparent mandate that ISPs,
with respect to uses of deep packet inspection, be required to use
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Join NECEC— the premier voice of businesses building a world-class clean energy hub in the Northeast—and Foley Hoag’s Energy and Cleantech practice for a not-to-be-missed discussion with offshore wind developers, leading public officials, investors and experts at the cutting edge of the Northeast’s emerging offshore wind market.
After decades of speculation about offshore wind’s future in the United States, the industry that has long powered grids in Europe has finally arrived in the Northeast. In the last year America’s first offshore wind project--off the coast of Rhode Island--started spinning and delivering power to the grid, Massachusetts Governor Charlie Baker signed into law a bill authorizing the procurement of 1,600 megawatts of offshore wind, and New York Governor Andrew Cuomo committed to 2,400 megawatts of offshore wind off the coast of New York by 2030. Meanwhile, major utilities have announced agreements with developers to purchase energy generated from the projects planned for the eastern seaboard.
The questions that BYOD policies seek to answer are these: (1) Who owns your device? (2) Who owns the information on your device? (3) What happens if that information (or the device itself) gets lost or stolen?
Orrick Cybersecurity & Data Privacy lawyers Emily Tabatabai and Shea Leitch co-authored an article for the International Association of Privacy Professionals' Privacy Tracker on the continued expansion...
He advises on handling internal data breach investigations; supervising forensic examinations and coordinating with law enforcement in investigations of criminal attacks; and regulatory investigations and enforcement actions by the FTC and HHS/OCR.
Privacy advocates in both the United States and Europe are urging regulators to take a hard look at the privacy ramifications of internet-connected toys, which are often conventional toys augmented by companion mobile applications.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).