Who are the watchdogs in the U.S., protectingthe privacy rights of citizens online? So far it’s all in the handsof the Federal Trade Commission (the FTC), founded in 1914 toprevent unfair competition and regulate monopolies in industry. In1938, Congress passed additional legislation empowering andrequiring the FTC to police and prevent “unfair and deceptive actsor practices,” as the first salvo in the battle of consumerprotection. As a result, for better or for worse, the same folkswho brought us the telephone-based “do not call” registry are nowresponsible for protecting individual privacy on the Internet.
After several false starts in recent years, there is new hope thatthe FTC will get its arms around this issue:
• In early November, the FTC announced the creation of the post ofchief technologist (as well as the hiring of Dr. Edward Felten tofill that position) effective full-time in January 2011. Mostrecently, Felten has been a computer science professor at PrincetonUniversity, as well as the founder of Princeton’s Center forInformation Technology Policy.
• In early December, the FTC Bureau of Consumer Protection releaseda new report, “Protecting Consumer Privacy in an Era of RapidChange: A Proposed Framework for Businesses and Policymakers,” andprovided for a public comment period. Thereportoutlines a framework to balance the privacy rights of consumerswith the marketing industry’s desire to drive innovation based onhighly customized offers. The most widely reported part of thepiece was a proposed “Do Not Track” capability, enabling consumersto prevent businesses gathering data from their browsing historieswithout the consumer’s knowledge or consent.
• On January 21, as the deadline for comments approached the FTCannounced an extension to February 18 for the comment period, inresponse to numerous requests from interested parties. The commentsare available online, and raise some interesting issues.
To date, the leading technology companies, advertisers, andmarketing firms have been unable to agree on a format forself-regulation –thus the urgent need for regulatory intervention.I am reminded of the quote attributed to William Shakespeare,describing his reluctance to engage in a battle of wits with an”unarmed” man. Perhaps the FTC has been relatively “unarmed” up tonow, given the highly technical nature and diversity of availabledata-gathering methodologies.
Fortunately for us as consumers, the FTC appears to be upping itsgame. Can it muster the muscle to restrain the juggernaut ofbrowser-based data collection? Many remain skeptical. The threemajor browser developers (Google, Mozilla, and Microsoft), as wellas the leading social network Facebook, have all gone on theoffensive with the release of new “privacy tools.” Despite thepress fanfare accompanying these releases, early reviews suggestthat the proposed solutions are either inoperable (due todependence on marketer’s acceptance) or too cumbersome fornon-technical consumers to effectively choose and implement desiredlevels of personal protection. (See “The Myth of Browser-Based ‘Do Not Track’,” by Robert McGarvey.)We shall have to wait until the end of February to gain a betterunderstanding of likely developments in online privacyregulation.