The Digital Advertising Alliance, representing more than 95 percent of online advertisers, and other groups are making “extraordinary strides” in implementing a browser-based do-not-track system, like one the FTC recommended in late 2010, said FTC Chairman Jon Leibowitz. But if the DAA or other groups do not make more improvements to the system by the end of the year, there will be some momentum in the U.S. Congress to pass do-not-track legislation, he said.
Two bills in Congress — not including one that applies only to children — would create a law enforcing a consumer’s decision to opt out of online tracking by advertising networks and other businesses. The bills are currently stalled in Congress.
However, Congress should pass a handful of new laws, and private businesses can take more steps to protect online privacy, Leibowitz said. A new FTC privacy report, released Monday, calls on Congress to pass legislation that would allow consumers to have access to personal data held by data brokers and legislation to provide a general privacy framework for Web users.
Web users have “enthusiastically” moved more of their lives online over the past decade, Leibowitz said. “As a result, we have had to ask, how can consumers continue to enjoy the riches of a thriving online and mobile marketplace without surrendering their privacy as the price of admission?” he said.
The FTC report asks who should have the choice about how personal and location data is collected and used, he said. “Our prevailing answer: Consumers should have that choice, and consumers should have that control,” Leibowitz said.
The FTC does not plan to launch any more rulemaking proceedings to address online privacy, Leibowitz said. Instead, the agency will work with existing efforts, including the U.S. Department of Commerce’s plan to draft privacy codes of conduct with the help of businesses and privacy advocates, in addition to its calls on Congress to act in some areas, he said.
The new report, which differs in several ways from the December 2010 privacy draft report the FTC released, also calls on data brokers to consider a centralized website where online users could get information about what information the brokers collect and which could have options for controlling the use of their data.
Consumers should also be able to understand privacy policies, Leibowitz said. The average online privacy policy has 2,464 words, while the U.S. Declaration of Independence had 1,337 words, he said. A privacy policy for one recent mobile app required the user to click the screen 102 times, he said.
“You can see how complicated privacy policies have become,” Leibowitz added. “Simply put, your computer is your property. No one has the right to put anything on it that you don’t want.”
The new report repeats the earlier draft’s calls for businesses to build in privacy to their products by design, to offer consumers choice about how their personal data is used, and to provide transparency to consumers about how their data is used and collected. But the new report recommends that small businesses that handle only nonsensitive data from fewer than 5,000 customers a years, should be exempt from the privacy framework.
Common Sense Media, an advocacy group focused on children’s privacy, praised the new FTC report, saying it builds on the code-of-conduct effort of President Barack Obama’s administration announced in February.
“Technology and innovation are extremely important to Americans, and so is privacy,” Common Sense Media CEO James Steyer said in a statement. “We can and must strike a balance that fosters innovation, continues the growth of online and mobile commerce, and protects consumers — especially the children and teens who will be tomorrow’s consumers, business leaders, and entrepreneurs.”
The Software and Information Industry Association, a trade group representing software makers and digital content producers, said it welcomes the FTC’s clarification of its privacy policies, but does not agree with the agency’s call for new privacy laws.
With the FTC’s “substantial authority” to address privacy issues, new legislation isn’t needed, Ken Wasch, the group’s president, said in a statement.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.