We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
The FTC
received over 450 comments from businesses, privacy advocates, and
consumers and claims that the final Report retains the basic
principles outlined previously, but claiming it makes several
important refinements. There's also a brief new video explaining the FTC's positions. Here
are the key take-aways from the final report:
Privacy by Design. Companies should build
privacy protections into their everyday business practices. That
includes limiting data collection and retention, securing the
information they hold on to, safely disposing of what they no
longer need, and implementing reasonable measures to ensure
information is accurate.
Simplified Choice. Companies should give
consumers a choice at a time and in a context that matters to
people. The preliminary report noted that choice shouldn't be
necessary for certain "commonly accepted practices." The
final Report concludes that choice needn't be provided for data
practices that people would expect, given the context of the
transaction, the company's relationship with the consumer, or
as required or specifically authorized by law.
Do Not Track. The Report also reaffirms the
Commission's strong support for Do Not Track.
Improved Transparency. Companies should
increase the transparency of their data practices by developing
clearer, more standardized privacy disclosures and could give
people reasonable access to their information.
Exemption of Small Businesses. To minimize the
effect on smaller companies, the final framework doesn't apply
to them if they collect only non-sensitive data from fewer than
5,000 consumers a year, provided they don't share the data with
third parties.
Most interesting to me is the Dissenting Statement of Commissioner J. Thomas Rosch, in which he makes
several interesting points:
"First, the Report is rooted in its insistence that the
"unfair" prong, rather than the "deceptive"
prong, of the Commission's Section 5 consumer protection
statute, should govern information gathering practices (including
"tracking"). "Unfairness" is an elastic and
elusive concept. What is "unfair" is in the eye of the
beholder."
"Second, the current self-regulation and browser
mechanisms for implementing Do Not Track solutions may have
advanced since the issuance of the preliminary staff Report"
and the Report does not adequately take account of this
change.
"I am concerned that "opt-in" will necessarily
be selected as the de facto method of consumer choice for a wide
swath of entities that have a first-party relationship with
consumers but who can potentially track consumers' activities
across unrelated websites, under circumstances where it is
unlikely, because of the "context" (which is undefined)
for such tracking to be "consistent" (which is undefined)
with that first-party relationship: 1) companies with multiple
lines of business that allow data collection in different contexts
(such as Google); 2) "social networks," (such as Facebook
and Twitter), which could potentially use "cookies,"
"plug-ins," applications, or other mechanisms to track a
consumer's activities across the Internet; and 3)
"retargeters," (such as Amazon or Pacers), which include
a retailer who delivers an ad on a third-party website based on the
consumer's previous activity on the retailer's
website.
"I question the Report's apparent mandate that ISPs,
with respect to uses of deep packet inspection, be required to use
opt-in choice."
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Identity theft is a serious threat. In 2012, more than 12.6 million adults became victims of identity theft in the U.S.1 And the costs have been astronomical.
On April 22 Verizon released its 2013 Data Breach Investigations Report (DBIR), which has since 2008 become a leading annual survey of data breaches, with participants across the globe.
Increasingly, privacy is a big concern in app development. California and other jurisdictions are ramping up enforcement efforts around existing privacy laws.
Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.
FTC On The Prowl, And Businesses Looking For Guidance On New COPPA Changes
