‘Do Not Track’ Should Apply To Mobile Environment, says FTC’s Brill
FTC Commissioner Julie Brill advocated Do Not Track mechanisms for mobile devices, apps, and services, during a Center for American Progress event in Washington Monday. “With so much information about consumers being exchanged in that space,” said Brill, “this branch of the information superhighway is in desperate need of reform.” Brill also said there was a “widespread consensus” that the provisions of the Children’s Online Privacy Protection Act (COPPA) apply to most mobile technologies.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
International momentum for Do Not Track mechanisms is growing and there’s a real need to extend the concept to mobile devices, Brill said, citing a recent study by the Future of Privacy Forum which said 22 of the top 30 paid mobile apps did not even have a basic privacy policy. “We are all concerned that much of the tracking underlying [behavioral] advertising is invisible to consumers who at present do not have real choices about how or if their personal information about their cyberbehavior is collected and used,” she said.
The rampant tracking and harvesting of consumer behaviors online is encroaching on consumer privacy rights, said Brill. “We want to build a rich online environment where individuals can make meaningful choices about how they present themselves to the world and that can only come about when individuals control private information about who we talk to, what we say, where we go and what we do in cyberspace, mobilespace and beyond.” She said it’s unreasonable to expect consumers to read mobile privacy policies that are “as long and as clear at the Code of Hammurabi,” the earliest known legal code, consisting of 282 laws.
The success of a Do Not Track mechanism depends on five FTC requirements, said Brill: Ease of use, effectiveness and enforceability, universality, whether choices made persist rather than expire or subject to deletion, and the choice of opt-out or opt-in for the collection as well as use of information.
There’s widespread consensus that COPPA is “written broadly enough to cover most forms of mobile technologies,” said Brill. But that “doesn’t relieve us of the obligation to prepare children to become consumers who will make wise and responsible choices about their online behavior,” she said. The dangers of bullying, sexting and mobile tracking make privacy protections for children and teens particularly important in the mobile environment, said Brill.
Brill said the FTC’s current approach to addressing privacy violations “falls short” because it only addresses infringements on privacy after the harm has been done. This gives “too little incentive to companies to design systems that will not do harm in the first place,” Brill said. Furthermore, not enough has been done to address the “real injuries” suffered by victims of sensitive data theft and manipulation, she said.
Brill reiterated the Commission’s three fundamental privacy recommendations in its December privacy report: Internet and mobile companies should build privacy protections into new products, create clear and understandable privacy policies and be more transparent about how they collect data, how much is collected and how they use it. “The framework we have proposed is flexible enough to allow businesses and consumers to continue to profit from an innovating, growing and rich information marketplace and sturdy enough to provide guideposts on how to innovate, grow and enrich in a responsible manner,” she said.