The U.S. Federal Trade Commission called on Congress to enact laws to protect individuals’ online privacy and pressed companies to speed self-regulation, stepping up its drive to give Internet users more control over their personal data.
The FTC said in a report today that privacy legislation should include providing consumers access to the information amassed on them by so-called data brokers. The report also said companies should build privacy practices into every stage of product development, give consumers simple choices about privacy and make data practices transparent, including for mobile use.
“Americans have enthusiastically migrated more and more of their lives online,” FTC Chairman Jon Leibowitz said in a news conference today in Washington after the report was released. “As a result we have had to ask how can consumers continue to enjoy the riches of a thriving online and mobile marketplace without surrendering their privacy as the price of admission.”
The privacy framework envisioned by the agency would for the first time impose limits on the collection and use of consumer data to deliver targeted ads by companies including Google Inc. and Facebook Inc. Those constraints might curb the surging online advertising market.
Online Ad Revenue
Online ad revenue swelled to $32 billion last year, up 23 percent from 2010, according to eMarketer, a New York-based research firm. EMarketer estimated sales from online advertising will rise to about $53 billion by 2014.
The FTC has stepped up enforcement of privacy breaches and settled complaints in the past year against companies including Google, Facebook and Twitter Inc. Google’s placement of so-called tracking cookies on Apple Inc.’s Safari Internet browser is under investigation by the agency, a person familiar with the matter said March 16. Apple last month tightened its rules over software that accesses address-book information, following a controversy over social-networking applications such as Path, uploading users’ contacts data without permission.
The FTC recommendations, which build on an initial report issued in December 2010, coincides with efforts by President Barack Obama’s administration to advance online privacy protections. Last month, the White House released a so-called consumer-privacy bill of rights, saying it would work with companies and consumer groups to develop voluntary industry codes of conduct around those principles. The administration also called for privacy legislation, echoing proposals from Commerce Department last year.
Codes of Conduct
Leibowitz said the FTC will participate in the efforts of the Commerce Department, industry and consumer groups to hammer out privacy codes of conduct. The codes, which would constitute promises to consumers, would be enforceable by the FTC under its powers to prevent unfair and deceptive trade practices and could be put to use without waiting for Congress to act.
Unlike Europe, the U.S. lacks a broad, national privacy law. Lawmakers including Senator Jay Rockefeller, a West Virginia Democrat who chairs the Senate Commerce Committee, introduced legislation last year that would create a do-not-track system for consumers. Those bills and other privacy measures have so far failed to advance in Congress. The FTC hasn’t endorsed any single piece of legislation.
The FTC strengthened its call on industry, made in the initial report, to develop a do-not-track mechanism that would allow consumers to opt-out of targeted advertising. Leibowitz clarified that the mechanism needs to allow users to limit collection of personal data, not just provide the means to refuse targeted advertising.
The Digital Advertising Alliance, an association of online advertising groups, said last month it will develop a way to allow consumers to limit collection of personal data through Web-browser settings. The association already lets people stop targeted advertising by its members through icons placed on or near ads. DAA said it expects the browser initiative to be ready within nine months.
Leibowitz welcomed the group’s initiatives, which also received backing from the White House last month, but said more work needs to be done.
“Do-not-track needs to mean do-not-collect,” Leibowitz said. “Consumers should have the ability to opt out of third-party tracking.”
The U.S. move to develop voluntary privacy standards comes as Europe moves to tighten privacy regulations for companies.
The European Union unveiled a proposed overhaul of the region’s privacy rules in January that would give data protection agencies in the EU’s 27 member countries authority to sanction companies that violate proposed requirements for handling personal information.