On our Advisories
page we recently posted a detailed analysis
by Robert G. Scott, Jr.
and Paul Glist
of the Federal Trade Commission’s March 26, 2012, final report on “Protecting Consumer Privacy in an Era of Rapid Change” (Final Report
). The Final Report effectively adopts the preliminary FTC staff report from December 2010 (Staff Report
), with important changes that recast the Staff Report’s general framework for privacy protection as privacy by design, simplified consumer choice, and transparency.
The FTC’s privacy framework covers the use of personal and profiling information across all industries, both online and offline. Much of the change from the Staff Report to the Final Report reflects the FTC aligning with the Administration's
approach to privacy. For example, the Commission discarded the Staff Report’s list of permissible “commonly accepted” business uses in favor of contextual justification. It accepts that relationships between companies and their customers vary widely, so privacy protections require flexibility that is best worked out in stakeholder discussions and self-regulatory codes (with the FTC enforcing any promises made). And while the Final Report recognizes the growing success of voluntary Do Not Track tools, the FTC urges industry to increase their effectiveness, or legislation will be needed.
The Final Report additionally restates and renames Fair Information Practice Principles consistent with the White House/Commerce department February 2012 White Paper
. The FTC also, among other things, adopts sweeping principles for consumer access to data held by any company, and in the Final Report recommends a new opportunity for consumers to access a list of all categories of data held by any broker. The full advisory on the FTC’s Final Privacy Report can be accessed here