Consumer Privacy

Consumer privacy on the Internet has been predominately based on industry self-regulation in the US. The FTC had previously only issued suggested guidelines regarding the collection of personally identified information.  These fair infromation practice principles were outlined in a 1998 congressional report, and reviewed again in a 2000 congressional report. (Click here to see report). The suggested practices are based on a doctrine of informed consent with industry self-regulation.

These FTC guidelines contained four basic principles:

Notice - data collectors must disclose their information practices before collecting personal information from consumers;
Choice - consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided;
Access - consumers should be able to view and contest the accuracy and completeness of data collected about them
Security - data collectors must take reasonable steps to assure that information collected from consumers is accurate and secure from unauthorized use.

These guidelines translated into industry practices of: (1) having a clearly stated privacy policy the consumer must acknowledge before collecting information; (2) allowing the consumer to review and correct information collected about them; (3) allowing a consumer to delete their account (4) keeping the collected information secure. 

Companies were basically free to collect whatever information they wanted, and then do whatever they wanted with it along as they informed the consumer up front in a stated policy, and complied with thier stated policy.    

In an updated report issued in 2012, (click here for report) the FTC is recommending enhancements to these guidelines and moving forward with actual regulations under the jurisdiction of the FTC (Federal Trade Commission).  The President backs these recommendations in an effort now referred to as the Consumer Privacy Bill of Rights.

The Fair Practice Principles outlines in this new report include: 
  
Privacy by Design: Build in privacy at every stage of product development; 
Simplified Choice for Businesses and Consumers: Give consumers the ability to make decisions about their data at a relevant time and context, including through a Do Not Track mechanism, while reducing the burden on businesses of providing unnecessary choices; 
Greater Transparency: Make information collection and use practices transparent.

To address concerns about undue burdens on small businesses, the final framework does not apply to companies that collect only non-sensitive data from fewer than 5,000 consumers a year, provided they do not share the data with third parties.