FTC’s Brill Seeks Enhancements to Industry Privacy Tools, Data Broker Transparency
"There is more work to do” in online behavioral advertising despite headway by industry, FTC Commissioner Julie Brill said at the Association of National Advertisers conference in Washington. Brill also urged enhanced transparency of data brokers and raised concerns about ICANN’s plan to increase the number of generic top-level domains (gTLDs). The commission issued a long-awaited privacy report earlier this week (WID March 27 p1).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The FTC plans to take a “hard look at mobile” privacy, Brill said. For example, the commission has discovered that many children’s apps don’t have privacy policies, she said. The FTC will also review privacy policies of “large platform providers,” said Brill, noting that part of Monday’s privacy report talked about deep packet inspection, ISPs, browsers and social media. “We feel like we need to get a handle on the kind of pervasive collection that may be available to some players in the Internet and mobile ecosystem."
The Digital Advertising Alliance’s “About Ads” program should be “both more persistent and easier to use,” Brill said. DAA doesn’t allow users’ opt-outs to continue after users clear their browsing cookies, she said. Brill praised DAA principles preventing use of consumer data for credit eligibility and employment, an issue that’s concerned her, she said. “Now we need to see those principles implemented.”
Brill wants to “shine a light” on data brokers and make them more transparent to consumers, she said. “Consumers are worried, and I believe they should be worried, about the masses of data that are collected about them and then packaged, parsed, sold and resold by largely faceless data brokers,” Brill said. “This practice runs afoul of the FTC’s recommendation that companies practice data minimization.” If data brokers don’t become more transparent on their own, “Congress will take a hard look in this area,” Brill predicted.
Brill is “open to discussion” about how to define a data broker, she said. “We may not agree at the end of the day about the exact contours of the definition.” The FTC will consider certain practices that may not be data brokering, she said. However, “the first step is to bring more transparency here,” she said. “Consumers don’t know who they are.” Many brokers allow consumers to access and correct data, but consumers don’t know how to do it.
The FTC remains concerned about the ICANN plan to add many more gTLDs to the Internet. “Adding thousands of new names to the system, with no plans to significantly increase ICANN’s compliance staff, will leave those in law enforcement unable to track down criminals and fraudsters who hide behind new generic top-level domains.” ICANN should increase compliance staff, improve accuracy of Whois data and “go slow” on expansion of the domains “until we can be sure” it “won’t hinder law enforcement, won’t place consumers at risk and won’t penalize legitimate businesses and nonprofits that have an online presence."
Brill supported a federal data breach law but voiced reservations about preempting states. “Before we preempt those underlying state laws … I really, really want to see that we have a good federal standard in place,” she said. “The goal should not be to eliminate the multiple state laws. The goal should be to ensure that we're notifying consumers in an effective and appropriate way. Then we can talk about preemption."
The FTC also plans workshops on mobile payment systems, Brill said. And the FTC continues its review of the Children’s Online Privacy Protection Act rule “and will undoubtedly be issuing rules soon,” she said.