The Federal Trade Commission (“Commission” or “FTC”) released the much-anticipated final version of its report entitled “Protecting Consumer Privacy in an Era of Rapid Change” (“Final Report”), which sets forth legislative recommendations for policymakers concerning privacy and data security and best practices for business for addressing online and offline privacy concerns.  While not intended to serve as a template for law enforcement actions or a proxy for agency regulation, the FTC’s framework will impact the privacy debate and business practices in the coming years.  The Final Report follows the Commission’s 2010 initial privacy report (“Initial Report”) of the same title.

The Final Report incorporates feedback from industry, academics, privacy advocates, consumers, law enforcement, and government agencies received in more than 450 public comments made in response to the Initial Report. The Final Report is largely consistent with the Initial Report but does not modify several key principles.

In the Final Report, the Commission renews it call for companies to:

  • incorporate “privacy by design” in its data practices,
  • offer consumers choice regarding how data is collected and used, and
  • provide greater transparency with respect to their data practices.

However, the Commission has revised three key recommendations made in the Initial Report.  The Final Report makes changes to:

  • The framework’s scope: The Final Report excludes from the framework companies that collect only non-sensitive consumer data from under 5,000 consumers provided they do not share the data with third parties.  The Final Report also clarifies that data that meets certain de-identification process requirements would be excluded from the framework.
  •  Guidance for when companies should provide consumers with choice about how data will be used.  In the Final Report, the Commission states that whether a company should provide consumers with choice with respect to the collection and use of data turns on the context (i.e., the transaction, relationship between parties, etc.) of the consumer’s interaction with a company.  The Commission explains choice may not be necessary in all contexts.
  • Recommendations for data brokers. The Final Report recommends the enactment of federal legislation that would give individuals access rights to information held about them by data brokers.  The Commission also calls for data brokers that compile marketing information to explore creating a centralized website at which consumers can learn about their practices and access available choice mechanisms.   

What to expect in the coming year

The Final Report sets forth areas of focus for the Commission over the next year.  The Commission states it will focus on:

  1. Do-Not-Track. The Commission will work with industry to complete implementation of an easy-to-use, persistent, and effective uniform choice mechanism.
  2. Mobile. The Commission will focus on mobile app disclosures and will host a workshop on May 30, 2012 to explore advertising disclosures in online and mobile environments.
  3. Large platform providers.  In the report, the Commission states that large platforms such as leading Internet service providers, social media companies, and other entities raise heightened privacy sensitivities, and announces that it plans to hold a workshop in 2012 on privacy issues that arise from such large platforms.
  4. Promoting enforceable self-regulatory codes. The FTC has announced it will work with the Department of Commerce and industry stakeholders to develop industry-specific codes of conduct.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Michael A. Signorelli

Michael Signorelli, co-chair of the Technology and Innovation Group, focuses his practice on advising and representing clients on issues related to data privacy and security. Mike regularly advises companies on compliance with relevant Internet, cybersecurity, advertising, and marketing regulations, as well as responding…

Michael Signorelli, co-chair of the Technology and Innovation Group, focuses his practice on advising and representing clients on issues related to data privacy and security. Mike regularly advises companies on compliance with relevant Internet, cybersecurity, advertising, and marketing regulations, as well as responding to data breaches. He represents clients in federal and state data-related legislative issues, rulemaking proceedings, and other matters before the Federal Trade Commission (FTC), Federal Communications Commission (FCC), Federal Election Commission (FEC), the U.S. Department of Commerce, and other U.S. federal and state agencies.

Read more about Michael A. Signorelli
Show more Show less
Stuart P. Ingis

Stu Ingis is chairman of Venable. Stu is a nationally recognized attorney who has earned a reputation among peers and the industry as a thought leader in crisis management, privacy, marketing, advertising, consumer protection, eCommerce, and Internet law. Stu’s leadership in developing cutting-edge…

Stu Ingis is chairman of Venable. Stu is a nationally recognized attorney who has earned a reputation among peers and the industry as a thought leader in crisis management, privacy, marketing, advertising, consumer protection, eCommerce, and Internet law. Stu’s leadership in developing cutting-edge industry self-regulation and coalition building has placed him at the forefront of privacy and data security regulation and public policy. Clients rely on him as a trusted voice, confidant, and advocate before Congress, the Federal Trade Commission, state attorneys general, and other federal and state agencies.

Read more about Stuart P. Ingis
Show more Show less
Related Posts
Event in Review: 10th Advertising Law Symposium
March 27, 2024
The FTC's and DOJ's New Magic Act: Vanished Messages Will Reappear in Discovery
March 20, 2024
What's in a Label? FCC Begins Rulemaking Procedure for Cybersecurity Labeling on IoT Devices
September 5, 2023