FTC privacy report

Jon Leibowitz, chairman of the Federal Trade Commission, and Cameron Kerry, general counsel of the Department of Commerce, spoke today about the need for industry codes of conduct to address emerging privacy issues.  They were the featured speakers at an event held by the Brookings Institution on strategies to protect consumer privacy while ensuring continued innovation on the Internet.

As we previously discussed, the Commerce Department has called for baseline consumer privacy protections that would serve as the basis for codes of conduct that specify how the baseline principles apply in particular contexts.  At today’s event, Kerry provided more detail about the Department’s proposal.Continue Reading FTC, Commerce Department Reiterate Support for Industry Codes of Conduct

Although concerns about locational privacy are hardly new, recent developments suggest that policymakers and government officials are taking a close look at the privacy issues raised when geolocation data is collected via smartphones.

  • The Wall Street Journal reports that a federal grand jury in New Jersey is probing the data collection practices of smartphone applications.  According

Today, the Federal Trade Commission announced that it has accepted, subject to final approval, a consent agreement from Google that would resolve the Commission’s allegations that Google engaged in deceptive trade practices when it launched its “Buzz” social networking service in February 2010. The FTC’s complaint alleges, among other things, that the launch violated Google’s  privacy policy in

Two of the country’s largest video rental services, Netflix and Redbox, have been sued for allegedly violating the federal Video Privacy Protection Act (“VPPA”).  The plaintiffs in both suits contend that the rental services stored information about their rental histories for long after that information had ceased being “necessary” to provide the services for which customers had signed up, in violation of the VPPA.  The Netflix complaint also alleges that the company unlawfully maintained the information even after customers had cancelled subscriptions to the service.

One central issue in both cases will be the question of the point at which information collected by a company is “no longer necessary for the purpose for which it was collected” — specifically, with respect to Netflix, whether it was reasonable for it to retain subscriber information after cancellation of the service.  

The answer to this question about the substantive requirements of the VPPA may also have ramifications beyond the law of video privacy.  As we have previously detailed, the FTC’s recent staff report on consumer privacy recommended that businesses do more to incorporate substantive privacy protections at every stage of a product’s lifecycle.  The FTC, which characterized this approach as “privacy by design,” stressed the importance of limited data retention.Continue Reading Netflix, Redbox Sued for Allegedly Violating Renters’ Privacy

We have previously reported on the Federal Trade Commission’s December 2010 preliminary staff report, “Protecting Consumer Privacy In An Era of Rapid Change.”  With the February 18, 2011 extended deadline to comment on the report quickly approaching, the Berkeley Center for Law & Technology held a roundtable on Browser Privacy Mechanisms last week. 

Participants included spokespersons from the FTC, privacy groups such as the Center for Democracy & Technology and Electronic Frontier Foundation, representatives from Microsoft, Google, and Mozilla, and leading academics and technologists.

FTC Commissioner Julie Brill noted that although most of the buzz around the preliminary staff report has focused on Do Not Track, the report has three principle components—Privacy By Design, Choice, and Transparency.  She commented that although industry has been slow to deal with these issues in the past, the response this time appears to be much stronger and more focused.  As of the roundtable, the FTC already had received more than 200 comments and expects the Commission’s server to be tested by the volume of comments anticipated on the deadline. 

Brill also outlined the five components by which FTC will judge a choice mechanism offered to consumers (whether through a self-regulatory mechanism or congressional action).Continue Reading Roundtable, Commissioner Brill Discuss Preliminary FTC Staff Report

We have previously blogged on the FTC’s privacy report on “Protecting Consumer Privacy in an Era of Rapid Change” and the Department of Commerce’s Green Paper on “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”  We have also published client alerts on the FTC report and the DOC green paper.  In this and two subsequent blog posts, I will share some observations on themes in these proposed frameworks that have implications for how companies approach their IT contracts.  

My first observation is that both the report and the green paper emphasize the need for a coordinated and well managed set of policies with respect to privacy and security arrangements in contracts with third party business partners. 

The FTC’s framework advocates for “privacy by design” where companies promote consumer privacy throughout their organizations.  As companies’ operations are supported by a complex mix of internal and external IT resources, privacy by design necessitates that privacy and security considerations be addressed in every contract with an external IT service provider. 

The DOC focus is on broader adoption of better Fair Information Practice Principles (FIPP) backed up by the ability to assess and audit compliance.  In relation to external IT resources, that ability to assess and audit is wholly dependent on the terms of the contract between the customer and the provider.  IT contracts also need to require that the provider comply with the customer’s policies on FIPPs. Continue Reading Implications of the FTC Report and DOC Green Paper for IT Contracts