FTC wants "Do Not Track" feature among wide-ranging online privacy changes

FTC lays down online privacy protection framework

Let the arguments begin!  What should be done with the vast amounts of personal information available online? The Federal Trade Commission is trying to address that critical issue and today issued a wide-ranging, preliminary report on what it wants to see the online industry do to protect basic privacy.

"Companies are using [private] information in innovative ways to provide consumers with new and better products and services. Although many of these companies manage consumer information responsibly, some appear to treat it in an irresponsible or even reckless manner. And while recent announcements of privacy innovations by a range of companies are encouraging, many companies - both online and offline - do not adequately address consumer privacy interests," the FTC stated.

Security absurdity: US in sensitive information quagmire 

One of the chief new technologies the FTC would like to see become widespread is the use of  a do-not-track list that Web users could sign up with that would prohibit websites and advertising networks from following their movements online, the FTC  report stated.  Such a list would be similar to the national do-not-call list that makes it illegal for telemarketers to randomly call consumers.

A "Do Not Track" browser setting would serve as an easy, one-stop shop force consumers to express their choices, rather than on a company-by-company or industry-by-industry basis. Microsoft, Google, Mozilla and Apple have already experimented with this, the FTC stated.

Such a do-not-track list would need to be implemented by the online world voluntarily or by the US Congress, the FTC said.

The FTC Chairman Jon Leibowitz noted that "efforts to address privacy through self-regulation have been too slow, and up to now have failed to provide adequate and meaningful protection."

Another recommendation is that companies should adopt a "privacy by design" approach by building privacy protections into their everyday business practices.  Such protections include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy. Companies also should implement and enforce procedurally sound privacy practices throughout their organizations, including assigning personnel to oversee privacy issues, training employees, and conducting privacy reviews for new products and services, the FTC stated.

The FTC also said consumers should be given a choice about collection and sharing of their data at the time and in the context in which they are making decisions - not after having to read long, complicated disclosures that they often cannot find, the FTC stated.

Leibowitz noted a complaint and settlement the FTC announced this week where the agency charged that EchoMetrix sold so-called "Sentry" software to let parents monitor their children online, but it failed to adequately disclose that it also sold information about the kids' online activities to third-party marketers. The only - only - potential hint to parents was a vague statement buried 30 paragraphs down in the Sentry end user license agreement, he stated.

The report adds that, to simplify choice for both consumers and businesses, companies should not have to seek consent for certain commonly accepted practices. It is "reasonable for companies to engage in certain practices - namely, product and service fulfillment, internal operations such as improving services offered, fraud prevention, legal compliance, and first-party marketing," the report states.

Privacy notices in general should be clearer, shorter, and more standardized, so people understand what's happening with their information and who's watching what they do online - and off, the FTC stated.

The FTC privacy report is the result a numerous hearing on the topic and input from all corners of the online world.  Going forward the agency is going to collect comments regarding its report and will issue final recommendation sometime in 2011.

"We propose a new framework to guide businesses as they formulate best practices, and to guide Congress as it develops privacy legislation. From my perspective, and speaking only for myself, a legislative solution will surely be needed if industry does not step up to the plate, Leibowitz said. 

Follow Michael Cooney on Twitter: nwwlayer8  

Layer 8 Extra

Check out these other hot stories:

US delivers record 1.7B supercomputing hours to boost energy research

AT&T goes after copper thieves

US shutters 82 domain names citing counterfeit goods sales, copyright problems

Who wants to be a cyber-security warrior?

HTTPS Everywhere gets Firefox "Firesheep" protection

Space X gets first private FAA reentry license from space

The battle for space shots heats up on the ground

10 free iPhone apps for spectacular stargazing

NASA, Google, Microsoft, Yahoo!, World Bank team to offer hackathon

World Toilet Day spotlights the throne

Cisco co-founder now talks, lives, breathes turkey

NASA satellite shows comet throwing off cosmic snowstorm

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.