FTC Cross-Device Tracking Report Touches on Privacy; Ohlhausen Says It Covers Past Ground
The FTC released a long-awaited report on cross-device tracking that recaps a November 2015 workshop that focused on companies tracking consumers across their various connected devices from laptops to smartphones to wearable gear. It raised privacy and transparency questions about data collection, use, sharing and retention (see 1610200025). Commissioners voted 3-0 to issue the staff report Monday, providing general recommendations to companies, with Commissioner Maureen Ohlhausen providing a concurring statement, noting that a 2009 industry report covered much the same ground. Many people have speculated she may run the agency at least on an interim basis (see 1701230043).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
With cross-device tracking, companies can track an individual who uses multiple devices, which is "particularly useful and valuable to advertisers," the report said. It can help advertisers determine that a consumer who buys a product on a smartphone is the same person who saw that product's ad on a work computer, helping companies assess the success of their ad campaigns. The report summarizes the use of both "deterministic" and "probabilistic" techniques by companies and the FTC's own research into the prevalence of such tracking.
Benefits of cross-device tracking include a better ability for companies to detect fraud, improve online security, provide a more seamless experience for consumers, gain better metrics that help companies avoid over-saturating consumers with ads and enhance competition within the ad sector, the report said. It warned of privacy challenges such as transparency. "Because the practice of cross-device tracking is often not obvious, consumers may be surprised to find that their browsing behavior on one device will inform the ads they see on another device," said the report. The document said consumers also have limited ways to control the tracking and many just delete cookies every month and/or install ad blockers. People are also concerned about security since companies collecting so much data about them such as "raw or hashed email addresses" that can be targeted by hackers and used in phishing campaigns, the report added.
Ohlhausen compared the cross-device tracking report to the 2009 Self-Regulatory Behavioral Advertising Report, which "addressed many of the same issues." As "was the case with behavioral advertising when it was new, consumers may not expect cross-device linking," she wrote. Consumers, she said, "might be surprised if their activity on one device informed advertising on another device." She said the report doesn't change the commission's "longstanding privacy principles but simply discusses their application in the context of a new technology.”
The new review noted industry self-regulation efforts promoted by the Digital Advertising Alliance (see 1610130058) and the Network Advertising Initiative, but offered several recommendations for companies engaged in cross-device tracking. It said they should "truthfully disclose" their activities by providing "meaningful information" that could help consumers decide on using opt-out tools, silo their activities or stop using an app, service or website completely. Failure to disclose such activities could violate the FTC Act in some cases, it said. "In its action against the online advertising company Epic Marketplace [(see 1212060110)], the Commission alleged that the company engaged in deceptive practices in violation of Section 5 of the FTC Act by making promises to consumers about the limited nature of its tracking when, in fact, it used 'history sniffing' technology to track consumers across the internet.”
Publishers and device makers must also be transparent about tracking activities, the FTC said. It cited warnings sent last year to a dozen app developers that included code for Silverpush software, which can detect audio signals through a device's microphone as a way of monitoring people's TV use (see 1603170060). The report said companies that develop IoT devices such as smart TVs must explain to consumers about data collected by those devices, who's collecting the information and how they plan to use and share it. The review warned that companies that provide hashed email addresses and usernames to cross-device tracking companies refrain from referring to such data as anonymous or aggregate.