The FTC issued a final order approving its settlement with...
The FTC issued a final order approving its settlement with Compete, which was alleged to collect personal information through its Web-tracking software without disclosing the extent of the collection and to misrepresent that it would protect personal data, the agency…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
said Monday (http://1.usa.gov/X6oozI). It requires Compete to get consumers’ “express consent” before collecting data from its software that’s downloaded on consumers’ computers, delete or anonymize already-collected consumer data and “provide directions” for uninstalling software, the FTC said. Compete can’t misrepresent its privacy and data security practices under the settlement, and it must implement a comprehensive information security program with independent third-party audits every two years for 20 years, the agency said in the order (http://1.usa.gov/15eNw9s). FTC Chairman Jon Leibowitz, who is stepping down, and Commissioner Joshua Wright didn’t participate in the 3-0-2 vote. The settlement received three comments. The FTC responded to the Electronic Privacy Information Center (http://1.usa.gov/XxiGXf) that the agency doesn’t think it’s “appropriate” to revise its “Policy Statement on Deception” to refer “specifically to particular areas of business activity,” because that statement is a “broad document” intended for “all types and aspects of business activities.” EPIC had asked the commission to amend the policy statement to “explicitly categorize omissions affecting consumer privacy as deceptive under Section 5” of the FTC Act. Creating a best-practices guide for anonymization techniques, as EPIC also suggested, would go against the FTC’s practice of not giving “specific technical guidance in areas like this, which are constantly changing,” the agency said. It can’t impose on Compete “additional obligations that are not reasonably related to such conduct or preventing its recurrence,” the FTC said, responding to EPIC’s request that Compete be required to follow all “fair information practices” in the Consumer Privacy Bill of Rights. Steerads, a provider of “real time price optimization” for display ads, said the order should require Compete’s licensees to destroy their collected data. The order requires Compete to notify third parties of the settlement, and it prohibits Compete from collecting data either directly or through licensees unless they get consumer notice and consent before such collection, which is adequate, the FTC said in response (http://1.usa.gov/126v5pF). The commission noted it entered a separate agreement with Compete licensee Upromise earlier this year, which includes a data-deletion requirement. Steve Fleckenstein of Virginia complained as an individual that the agency had simply accepted another “promise regarding user privacy”; the FTC reiterated what it saw as the sufficiency of the order’s provisions, including its 20-year duration and $16,000 penalty per violation, in a response (http://1.usa.gov/13KH4ED).