Have you noticed how Facebook or Gmail tailor ads to the content you post or send? In today’s digital economy, companies’ practices of collecting, storing, sharing, and often times breaching consumers’ information has became a common practice. Although consumer information is often used as helpful data that drives product development and consumer appetite, companies must not do so at the expense of consumer privacy.

The Federal Trade Commission, the nation’s consumer privacy and protection enforcement agency, issued its final report setting forth guidelines, or best practices, that protect the privacy of consumers. The best practices for companies are to provide consumers with greater transparency of what information is collected and how it is used, including a Do-Not-Track mechanism or opt-out feature on Websites to allow consumers to control the tracking of their online activities, and developing privacy protections for consumer data.

Also, in the report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” the FTC recommends that Congress needs to consider enacting general privacy legislation, data security and breach notification legislation. However, federal protection will not likely occur in the election year and the balances of consumers and data brokers behind the online advertising agreements will first have to strike some compromise. The best practices guidelines are largely voluntary and, although it threatens sanctions for non-compliance, the FTC’s authority is limited because of the lack of a federal law.

On one side of the debate are data brokers  (i.e., Experian and Acxiom), which collect and sell information, and the online advertising companies (i.e. Google and Facebook) that target consumers based on their personal preferences. On the other side are consumer groups and privacy advocates that are concerned about the volume of data being collected, how little control consumers have over that information, and the lack of protection of the data. Therefore, the need for compromise between these two groups in the form of a federal law looks similar to the Hollywood v. Silicon Valley war over the proposed SOPA legislation.

Ultimately, companies need to adopt privacy policies that accurately reflect their online practices (and are not just a copy and paste of terms from another Website). The privacy policy needs to outline what information is collected, how it is collected, when personal information is shared, information that is automatically collected through cookies, how to access and update your personal information, and opting out of communications and tracking. Further, areas regarding children’s privacy, state privacy laws, and international user considerations will make the policy more complete depending on the Website.

Further, companies need to be careful of what information they collect for behavioral advertising and need to consider the privacy ramifications. Consumer data may translate into dollar signs, but the more data a company holds, the more potential liability the company is exposed to. It is wise to use data responsibly and in accordance with its sensitivity. Developing policies for data collection, retention, and deletion is crucial. Finally, it is important for companies to establish or upgrade their compliance programs governing data collection, protection, and use of personal information to mitigate risk of a data breach or legal violation which may result in litigation.


About Author

Jenna Sleefe is an in-house attorney for Internet Brands, Inc. Jenna's practice focuses on website aquisitions and privacy law. Jenna has experience drafting and negotiating various types of website agreements, advising clients on rights acquisition agreements and options, reviewing DMCA complaints, preparing and negotiating joint promotion alliances, clearing advertising copy and advising clients on contest and sweepstakes promotions, performing diligence in connection with mergers and acquisitions in the entertainment industry, forming limited liability companies and drafting operating agreements, and analyzing issues arising under online privacy and terms of use policies.

Comments are closed.