A. FTC ROUNDTABLES AND PRELIMINARY STAFF REPORT
Between December 2009 and March 2010, the FTC convened its “Exploring Privacy” roundtables.
周e roundtables brought together stakeholders representing diverse interests to evaluate whether the FTC’s
existing approach to protecting consumer privacy was adequate in light of 21
Century technologies and
business models. From these discussions, as well as submitted materials, a number of themes emerged.
First, the collection and commercial use of consumer data in today’s society is ubiquitous and often invisible
to consumers. Second, consumers generally lack full understanding of the nature and extent of this data
collection and use and, therefore, are unable to make informed choices about it. 周ird, despite this lack of
understanding, many consumers are concerned about the privacy of their personal information. Fourth, the
collection and use of consumer data has led to signiﬁcant beneﬁts in the form of new products and services.
Finally, the traditional distinction between personally identiﬁable information and “anonymous” data has
Participants also pointed to shortcomings in existing frameworks that have attempted to address
privacy concerns. 周e “notice-and-choice model,” which encouraged companies to develop privacy policies
describing their information collection and use practices, led to long, incomprehensible privacy policies
that consumers typically do not read, let alone understand.
周e “harm-based model,” which focused on
protecting consumers from speciﬁc harms – physical security, economic injury, and unwarranted intrusions
into their daily lives – had been criticized for failing to recognize a wider range of privacy-related concerns,
including reputational harm or the fear of being monitored.
Participants noted that both of these privacy
frameworks have struggled to keep pace with the rapid growth of technologies and business models that
enable companies to collect and use consumers’ information in ways that often are invisible to consumers.
Building on the record developed at the roundtables and on its own enforcement and policymaking
expertise, FTC staﬀ proposed for public comment a framework for approaching privacy. 周e proposed
framework included three major components. It called on companies to treat privacy as their “default
setting” by implementing “privacy by design” throughout their regular business operations. 周e concept of
privacy by design includes limitations on data collection and retention, as well as reasonable security and
data accuracy. By considering and addressing privacy at every stage of product and service development,
3 周e ﬁrst roundtable took place on December 7, 2009, the second roundtable on January 28, 2010, and the third
roundtable on March 17, 2010. See FTC, Exploring Privacy – A Roundtable Series, http://www.ftc.gov/bcp/workshops/
4 See, e.g., 1st Roundtable, Remarks of Fred Cate, Indiana University Maurer School of Law, at 280-81; 1st Roundtable, Remarks of
Lorrie Cranor, Carnegie Mellon University, at 129; see also Written Comment of Fred Cate, 2nd Roundtable, Consumer Protection
in the Age of the ‘Information Economy,’ cmt. #544506-00057, at 343-79.
5 See, e.g., 1st Roundtable, Remarks of Marc Rotenberg, Electronic Privacy Information Center, at 301; 1st Roundtable, Remarks of
Leslie Harris, Center for Democracy & Technology, at 36-38; 1st Roundtable, Remarks of Susan Grant, Consumer Federation of
America, at 38-39.
6 See, e.g., 3rd Roundtable, Remarks of Kathryn Montgomery, American University School of Communication, at 200-01; 2nd
Roundtable, Remarks of Kevin Bankston, Electronic Frontier Foundation, at 277.
companies can shift the burden away from consumers who would otherwise have to seek out privacy-
protective practices and technologies. 周e proposed framework also called on companies to simplify
consumer choice by presenting important choices – in a streamlined way – to consumers at the time they are
making decisions about their data. As part of the call for simpliﬁed choice, staﬀ asked industry to develop
a mechanism that would allow consumers to more easily control the tracking of their online activities, often
referred to as “Do Not Track.” Finally, the framework focused on improving consumer understanding of
commercial data practices (“transparency”) and called on companies – both those that interact directly
with consumers and those that lack a consumer interface – to improve the transparency of their practices.
As discussed below, the Commission received a large number of thoughtful and informative comments
regarding each of the framework’s elements. 周ese comments have allowed the Commission to reﬁne the
framework and to provide further guidance regarding its implementation.
B. DEPARTMENT OF COMMERCE PRIVACY INITIATIVES
In a related eﬀort to examine privacy, in May 2010, the Department of Commerce (“DOC” or
“Commerce”) convened a public workshop to discuss how to balance innovation, commerce, and
consumer privacy in the online context.
Based on the input received from the workshop, as well as related
research, on December 16, 2010, the DOC published for comment a strategy paper outlining privacy
recommendations and proposed initiatives.
Following the public comment period, on February 23, 2012,
the Administration issued its ﬁnal “White Paper” on consumer privacy. 周e White Paper recommends that
Congress enact legislation to implement a Consumer Privacy Bill of Rights based on the Fair Information
Practice Principles (“FIPPs”).
In addition, the White Paper calls for a multistakeholder process to determine
how to apply the Consumer Privacy Bill of Rights in diﬀerent business contexts. Commerce issued a Notice
of Inquiry on March 5, 2012, asking for public input on both the process for convening stakeholders on this
project, as well as the proposed subject areas to be discussed.
Staﬀ from the FTC and Commerce worked closely to ensure that the agencies’ privacy initiatives are
complementary. Personnel from each agency actively participated in both the DOC and FTC initiatives,
and have also communicated regularly on how best to develop a meaningful, eﬀective, and consistent
approach to privacy protection. Going forward, the agencies will continue to work collaboratively to guide
implementation of these complementary privacy initiatives.
7 See Press Release, Department of Commerce, Commerce Secretary Gary Locke Discusses Privacy and Innovation with
Leading Internet Stakeholders (May 7, 2010), available at http://www.commerce.gov/news/press-releases/2010/05/07/
8 See Department of Commerce Internet Policy Task Force, Commercial Data Privacy and Innovation in the Internet Economy:
A Dynamic Policy Framework (Dec. 16, 2010), available at http://www.ntia.doc.gov/ﬁles/ntia/publications/iptf_privacy_
9 White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation
in the Global Digital Economy (Feb. 2012), available at http://www.whitehouse.gov/sites/default/ﬁles/privacy-ﬁnal.pdf. 周e
FIPPs as articulated in the Administration paper are: Transparency, Individual Control, Respect for Context, Security, Access,
Accuracy, Focused Collection, and Accountability.
10 See National Telecommunications and Information Administration, Request for Public Comment, Multistakeholder Process
to Develop Consumer Data Privacy Codes of Conduct, 77 Fed. Reg. 13098 (Mar. 5, 2012).
C. LEGISLATIVE PROPOSALS AND EFFORTS BY STAKEHOLDERS
Since Commission staﬀ released its preliminary report in December 2010, there have been a number of
signiﬁcant legislative proposals, as well as steps by industry and other stakeholders, to promote consumer
1. DO NOT TRACK
周e preliminary staﬀ report called on industry to create and implement a mechanism to allow consumers
to control the collection and use of their online browsing data, often referred to as “Do Not Track.” Bills
introduced in the House and the Senate speciﬁcally address the creation of Do Not Track mechanisms, and,
if enacted, would mandate that the Commission promulgate regulations to establish standards for a Do Not
In addition to the legislative proposals calling for the creation of Do Not Track, staﬀ’s preliminary
report recommendation triggered signiﬁcant progress by various industry sectors to develop tools to allow
consumers to control online tracking. A number of browser vendors – including Mozilla, Microsoft, and
Apple – announced that the latest versions of their browsers permit consumers to instruct websites not to
track their activities across websites.
Mozilla has also introduced a mobile browser for Android devices
that enables Do Not Track.
周e online advertising industry has also established an important program.
周e Digital Advertising Alliance (“DAA”), an industry coalition of media and marketing associations,
has developed an initiative that includes an icon embedded in behaviorally targeted online ads.
consumers click on the icon, they can see information about how the ad was targeted and delivered to them
and they are given the opportunity to opt out of such targeted advertising. 周e program’s recent growth
and implementation has been signiﬁcant. In addition, the DAA has committed to preventing the use of
consumers’ data for secondary purposes like credit and employment decisions. 周e DAA has also agreed to
honor the choices about tracking that consumers make through settings on their web browsers. 周is will
provide consumers two ways to opt out: through the DAA’s icon in advertisements or through their browser
settings. 周ese steps demonstrate the online advertising industry’s support for privacy and consumer choice.
11 See Do-Not-Track Online Act of 2011, S. 913, 112th Congress (2011); Do Not Track Me Online Act, H.R. 654, 112th
12 See Press Release, Microsoft, Providing Windows Customers with More Choice and Control of 周eir Privacy Online with
Internet Explorer 9 (Dec. 7, 2010), available at http://www.microsoft.com/presspass/features/2010/dec10/12-07ie9privacyqa.
mspx; Mozilla Firefox 4 Beta, Now Including “Do Not Track” Capabilities, Mozilla Blog (Feb. 8, 2011), http://blog.mozilla.
com/blog/2011/02/08/mozilla-ﬁrefox-4-beta-now-including-do-not-track-capabilities/; Nick Wingﬁeld, Apple Adds Do-Not-
Track Tool to New Browser, Wall St. J., Apr. 13, 2011, available at http://online.wsj.com/article/SB1000142405274870355
1304576261272308358858.html. Google recently announced that it will also oﬀer this capability in the next version of its
browser. Gregg Kaizer, FAQ: What Google’s Do Not Track Move Means, Computerworld (Feb. 24, 2012), available at http://
13 See Mozilla, Do Not Track FAQs, http://dnt.mozilla.org.
14 See Press Release, Interactive Advertising Bureau, Major Marketing/Media Trade Groups Launch Program to Give Consumers
Enhanced Control Over Collection and Use of Web Viewing Data for Online Behavioral Advertising (Oct. 4, 2010),
available at http://www.iab.net/about_the_iab/recent_press_releases/press_release_archive/press_release/pr-100410.
Documents you may be interested
Documents you may be interested