On Thursday, the Federal Trade Commission (“FTC”) hosted a workshop to explore the practices and privacy implications of comprehensive data collection. The event gathered consumer protection groups, academics, privacy professionals, and business and industry representatives to examine the current state of comprehensive data collection, its risks and potential benefits, and what the future holds for consumers and their choices.
In her opening remarks, FTC Commissioner Julie Brill indicated the agency was open to revising its consumer privacy framework if comprehensive data collection warranted heightened restrictions or enhanced consent to protect and inform users: “We know that comprehensive data collection allows for greater personalization and other benefits, but there may be other contexts in which it does not lead to desirable results.”
The workshop was one of five main action items adopted by the FTC as part of its March 2012 report, Protecting Consumer Privacy In an Era of Rapid Change. In the report, the commission told companies that consent was not required for the collection and use of information that was consistent with a particular transaction or the company’s relationship with the consumer. But the agency said it needed more information to determine how this principle applied to technologies that could capture large amounts of consumer information, such as deep packet inspection (DPI).
Although Thursday’s panelists differed in their assumptions of what role the government, as opposed to the free market, should play in the regulation of data collection, there were several resounding themes echoed throughout the day:
There Are Benefits of Tracking
The experts all agreed that there are obvious benefits of data collection. The aggregation of data can be used to provide data security, offer effective personalization for consumers, and aid in the development of new products and services.
Consumers Can Also Be Harmed by Tracking
Conversely, everyone agreed that the more data that is collected, the greater the risk for harm from certain uses of the data. This harm is often recognized is economic in nature, but some participants pointed out that harm can also be reputational. Where consensus broke down was over the question of whether the data collection, itself, is a form of harm.
Most Consumers Don’t Understand Data Collection
Consumers, in general, have little understanding about how much of their personal data is collected online—let alone who is collecting it, how they are doing it, and why it is being done. Because so much of the data collection happens behind the scenes, it is hard to say that consumers are making informed decisions about the web-based products they use in their everyday lives, even when they are provided with notice and choice.
The Need for Technology-Neutral Regulation
Although the FTC moderators were interested in DPI—a technology that can be used by Internet service providers and other companies to inspect the content of packets as they travel over the Internet—the experts emphatically stated that regulators should not demonize technology, but instead, regulate certain uses. Panelists explained that by focusing on specific technologies, such as DPI or cookies, regulators miss the complexity of the issues. Because technology is ever changing, there will always be an alternative way of collecting large amounts of data. Since there is no single choke point, participants suggested that regulators examine the harmful uses of data that need to be prevented and policed against