FTC urges tighter privacy rules

The FTC is calling for tighter online privacy rules, saying that if companies don’t voluntarily introduce a ‘do not track’ facility, it’ll do it for them.

In a report released yesterday, it also recommends that Congress consider enacting new legislation on general privacy, data security, breach notification and data brokers.

“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” says FTC chairman Jon Leibowitz.

“We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”

The report urges three main changes. The FTC wants privacy built into products right from the start, a simple way for users to decide what information’s shared about them and greater transparency about the collection and use of customer data.

But there’s an opt-out for smaller companies, with the FTC saying that the framework needn’t apply to organizations that collect non-sensitive data from fewer than 5,000 consumers a year and don’t transfer it to anyone else.

The report also highlights the shadowy world of data brokers, which buy, compile, and sell highly personal information about consumers. The FTC’s urging such companies to be open about the information they hold and create a centralized website, identifying thelselves, revealing how they gather and use personal data, and explaining users’ options for controlling data use.

The report’s been cautiously welcomed by campaigners such as the Electronic Frontier Foundation, which has been calling for a ‘do not track’ feature for some time.

However, the EFF doesn’t believe it goes far enough.

“We think this is a strong first step, but the FTC could easily have urged data brokers to provide a single website through which users can opt-out of having their data listed by any online data brokers,” says the EFF’s Rainey Reitman.

“Right now, not all data brokers provide users with a method to opt-out of having their data personally display personal data listed. A user who wants her information removed from these sites has little legal weight to force companies to respect her choice.”

On the ‘do not track’ issue, too, it believes that more could be done to “provide users with a meaningful form of protection from tracking, not just the display of targeted advertisements.”