I am continuing my practice of sharing recent internet safety research pieces:
Remarks by the FTC:
Privacy has been central to the Commission’s consumer protection mission for more than a decade. Over the years, the Commission has employed a variety of strategies to protect consumer privacy, including law enforcement, regulation, outreach to consumers and businesses, and policy initiatives.2 In 2006, recognizing the increasing importance of privacy to consumers and a healthy marketplace, the FTC established the Division of Privacy and Identity Protection, which is devoted exclusively to privacy-related issues.3
Although the FTC’s commitment to consumer privacy has remained constant, its policy approaches have evolved over time. This testimony describes the Commission’s efforts to protect consumer privacy over the past two decades, including its two main policy approaches: (1) promoting the fair information practices of notice, choice, access, and security (the “FTC Fair Information Practices approach”); and (2) protecting consumers from specific and tangible privacy harms (the “harm-based approach”). It then discusses recent developments, including the FTC staff’s Privacy Roundtables project – a major initiative to re-examine traditional approaches to privacy protection in light of new technologies and business models. It concludes by offering general comments on both Chairman Rush’s and Chairman Boucher’s proposed privacy legislation.
I. The FTC’s Efforts to Protect Consumer Privacy
The FTC has a long track record of protecting consumer privacy. The Commission’s early work on privacy issues dates back to its initial implementation in 1970 of the Fair Credit Reporting Act (“FCRA”),4 which includes provisions to promote the accuracy of credit reporting information and protect the privacy of that information. With the emergence of the Internet and the growth of electronic commerce beginning in the mid-1990s, the FTC expanded its focus to include online privacy issues. Since then, both online and offline privacy issues have been at the forefront of the Commission’s agenda, as discussed in greater detail below.
A. The FTC’s Fair Information Practices Approach
Beginning in the mid-1990s, the FTC began addressing consumer concerns about the privacy of personal information provided in connection with online transactions. The Commission developed an approach by building on earlier initiatives outlining the “Fair Information Practice Principles,” which embodied the important underlying concepts of transparency, consumer autonomy, and accountability. In developing its approach, the FTC reviewed a series of reports, guidelines, and model codes regarding privacy practices issued since the mid-1970s by government agencies in the United States, Canada, and Europe.
From this work, the FTC identified four widely accepted principles as the basis of its own Fair Information Practices approach: (1) businesses should provide notice of what information they collect from consumers and how they use it; (2) consumers should be given choices about how information collected from them may be used; (3) consumers should be able to access data collected about them; and (4) businesses should take reasonable steps to ensure the security of the information they collect from consumers. The Commission also identified enforcement – the use of a reliable mechanism to impose sanctions for noncompliance with the fair information principles – as a critical component of any self-regulatory program to ensure privacy online.
To evaluate industry’s compliance with these principles, the Commission examined website information practices and disclosures; conducted surveys of online privacy policies, commented on self-regulatory efforts, and issued reports to Congress. In 2000, the Commission reported to Congress that, although there had been improvement in industry self-regulatory efforts to develop and post privacy policies online, approximately one-quarter of the privacy policies surveyed addressed the four fair information practice principles of notice, choice, access, and security.7 A majority of the Commission concluded that legislation requiring online businesses to comply with these principles, in conjunction with self-regulation, would allow the electronic marketplace to reach its full potential and give consumers the confidence they need to participate fully in that marketplace.
Click here to learn more: Prepared Statement of the Federal Trade Commission on Consumer Privacy