The Federal Trade Commission (FTC) recently issued a final report setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data. In the report, Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers, the FTC recommends Congress consider enacting legislation regarding general privacy rules, data security and breach notification, and data brokers.
The report recommends companies handling consumer data implement privacy protections. Recognizing the potential burden on small businesses, however, the report concluded the framework does not apply to companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year. For qualifying companies, the report’s privacy recommendations include:
Privacy by Design
Companies should build in consumer privacy protections at every stage in developing their products. This includes reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
Simplified Criteria for Businesses and Consumers
The report outlines when companies should provide consumers with choice about how their data is used and with whom it is shared with. This includes a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
Companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them The report stresses the importance of increased transparency of data broker practices and recommends: (1) consumers have access to information held by data brokers, and (2) data brokers who compile consumer data for marketing purposes explore creation of a centralized website where consumers can get information about their practices and their options for controlling data use.
Companies are encouraged to accelerate the adoption of the principles contained in the privacy framework, to the extent they have not already done so. Over the course of the next year, FTC staff will work to encourage consumer privacy protections by focusing on five main action items:
- Implementing a Standardized Do-Not-Track System- The FTC will work with various groups to complete implementation of an easy-to-use, persistent and effective Do Not Track system.
- Improving Mobile Privacy Disclosures – It is important to ensure mobile privacy disclosures are short, effective, and accessible to consumers on small screens.
- Increasing Transparency of Data Broker Operations - The FTC calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data.
- Large Platform Provider’s Online Tracking Activities- The FTC will evaluate privacy concerns about the extent to which platforms, such as Internet Service Providers, operating systems, browsers and social media companies, seek to comprehensively track consumers’ online activities.
- Promoting Enforceable Self-Regulatory Codes - The FTC will work with the Department of Commerce and stakeholders to develop industry-specific codes of conduct.