other federal and state law obligations. In some industries, such as banking, federal regulators have given
additional guidance on how to deﬁne reasonable security.
周e Commission also promotes better data security through consumer and business education. For
example, the FTC sponsors OnGuard Online, a website to educate consumers about basic computer
Since the Commission issued the preliminary staﬀ report there have been over 1.5 million
unique visits to OnGuard Online and its Spanish-language counterpart Alerta en Línea. 周e Commission’s
business outreach includes general advice about data security as well as speciﬁc advice about emerging
周e Commission also notes that the private sector has implemented a variety of initiatives in the security
area, including the Payment Card Institute Data Security Standards for payment card data, the SANS
Institute’s security policy templates, and standards and best practices guidelines for the ﬁnancial services
industry provided by BITS, the technology policy division of the Financial Services Roundtable.
standards can provide useful guidance on appropriate data security measures that organizations should
implement for speciﬁc types of consumer data or in speciﬁc industries. 周e Commission further calls on
industry to develop and implement best data security practices for additional industry sectors and other
types of consumer data.
Because this issue is important to consumers and because businesses have existing legal and self-
regulatory obligations, many individual companies have placed great emphasis and resources on maintaining
reasonable security. For example, Google has cited certain security features in its products, including default
SSL encryption for Gmail and security features in its Chrome browser.
Similarly, Mozilla has noted that
122 See, e.g., Federal Financial Institutions Examination Council (“FFIEC”), Information Society IT Examination Handbook (July
2006), available at http://ithandbook.ﬃec.gov/it-booklets/information-security.aspx; Letter from Richard Spillenkothen,
Dir., Div. of Banking Supervision & Regulation, Bd. of Governors of the Fed. Reserve Sys., SRO1-11: Identity 周eft and
Pretext Calling (Apr. 26, 2011), available at http://www.federalreserve.gov/boarddocs/srletters/2001/sr0111.htm (guidance
on pretexting and identity theft); Securities & Exchange Commission, CF Disclosure Guidance: Topic No. 2, on Cybersecurity
(Oct. 13, 2011), available at http://www.sec.gov/divisions/corpﬁn/guidance/cfguidance-topic2.htm; U.S. Small Business
Administration, Information Security Guidance, http://www.sba.gov/content/information-security; National Institute
of Standards & Technology, Computer Security Division, Computer Security Resource Center, available at http://csrc.nist.
gov/groups/SMA/sbc/index.html; HHS, Health Information Privacy, available at http://www.hhs.gov/ocr/privacy/hipaa/
understanding/coveredentities/index.html (guidance and educational materials for entities required to comply with the
HIPPA Privacy and Security Rules); Centers from Medicare and Medicaid Services, Educational Materials, available at http://
www.cms.gov/EducationMaterials/ (educational materials for HIPPA compliance).
123 FTC, OnGuard Online, http://onguardonline.gov/.
124 See FTC, Protecting Personal Information: A Guide for Business (Nov. 2011), available at http://business.ftc.gov/documents/
bus69-protecting-personal-information-guide-business; see generally FTC, Bureau of Consumer Protection Business Center,
Data Security Guidance, available at http://business.ftc.gov/privacy-and-security/data-security.
125 See PCI Security Standards Council, PCI SSC Data Security Standards Overview, available at https://www.
pcisecuritystandards.org/security_standards/; SANS Institute, Information Security Policy Templates, available at http://www.
sans.org/security-resources/policies/; BITS, Financial Services Roundtable BITS Publications, available at http://www.bits.org/
publications/index.php; see also, e.g., Better Business Bureau, Security and Privacy – Made Simpler: Manageable Guidelines to
help You Protect Your Customers’ Security & Privacy from Identity 周eft & Fraud, available at http://www.bbb.org/us/storage/16/
documents/SecurityPrivacyMadeSimpler.pdf; National Cyber Security Alliance, For Business, http://www.staysafeonline.org/
for-business (guidance for small and midsize businesses); Direct Marketing Association, Information Security: Safeguarding
Personal Data in Your Care (May 2005), available at http://www.the-dma.org/privacy/InfoSecData.pdf; Messaging Anti-Abuse
Working Group & Anti-Phishing Working Group, Anti-Phishing Best Practices for ISPs and Mailbox Providers (July 2006),
available at http://www.antiphishing.org/reports/bestpracticesforisps.pdf.
126 Comment of Google Inc., cmt. #00417, at 2-3.
its cloud storage system encrypts user data using SSL communication.
Likewise, Twitter has implemented
encryption by default for users logged into its system.
周e Commission commends these eﬀorts and calls
on companies to continue to look for additional ways to build data security into products and services from
the design stage.
Finally, the Commission reiterates its call for Congress to enact data security and breach notiﬁcation
legislation. To help deter violations, such legislation should authorize the Commission to seek civil penalties.
c Reasonable Collection Limitation: Companies Should Limit 周eir Collection of Data
周e preliminary staﬀ report called on companies to collect only the data they need to accomplish a
speciﬁc business purpose. Many commenters expressed support for the general principle that companies
should limit the information they collect from consumers.
Despite the broad support for the concept,
however, many companies argued for a ﬂexible approach based on concerns that allowing companies to
collect data only for existing business needs would harm innovation and deny consumers new products
One commenter cited Netﬂix’s video recommendation feature as an example of how
secondary uses of data can create consumer beneﬁts. 周e commenter noted that Netﬂix originally collected
information about subscribers’ movie preferences in order to send the speciﬁc videos requested, but later
used this information as the foundation for generating personalized recommendations to its subscribers.
In addition, commenters raised concerns about who decides what a “speciﬁc business purpose” is.
For example, one purpose for collecting data is to sell it to third parties in order to monetize a service and
provide it to consumers for free. Would collecting data for this purpose be a speciﬁc business purpose?
If not, is the only alternative to charge consumers for the service, and would this result be better for
As an alternative to limiting collection to accomplish a “speciﬁc business purpose,” many commenters
advocated limiting collection to business purposes that are clearly articulated. 周is is akin to the Fair
Information Practice Principle of “purpose speciﬁcation,” which holds that companies should specify to
consumers all of the purposes for which information is collected at the time of collection. One commenter
supported purpose speciﬁcation statements in general categories to allow innovation and avoid making
privacy policies overly complex.
127 Comment of Mozilla, cmt. #00480, at 7.
128 See Chloe Albanesius, Twitter Adds Always-On Encryption, PC Magazine, Feb. 12, 2012, http://www.pcmag.com/
129 See, e.g., Comment of Intel Corp., cmt. #00246, at 4-5, 7, 40-41; Comment of Electronic Frontier Foundation, cmt. #00400, at
4-6; Comment of Center for Democracy & Technology, cmt. #00469, at 4-5; Comment of Electronic Privacy Information Center,
cmt. #00386, at 18.
130 See, e.g., Comment of Facebook, Inc., cmt. #00413, at 2, 7-8, 18; Comment of Google Inc., cmt. #00417, at 4; Comment of
Direct Marketing Ass’n, Inc., cmt. #00449, at 14-15; Comment of Intuit, Inc., cmt. #00348, at 5, 9; Comment of TRUSTe, cmt.
#00450, at 9.
131 Comment of Facebook, Inc., cmt. #00413, at 7-8.
132 See Comment of SAS, cmt. #00415, at 51; Comment of Yahoo! Inc., cmt. #00444, at 5.
133 Comment of Yahoo! Inc., cmt. #00444, at 5.
周e Commission recognizes the need for ﬂexibility to permit innovative new uses of data that beneﬁt
consumers. At the same time, in order to protect consumer privacy, there must be some reasonable limit on
the collection of consumer data. General statements in privacy policies, however, are not an appropriate tool
to ensure such a limit because companies have an incentive to make vague promises that would permit them
to do virtually anything with consumer data.
Accordingly, the Commission clariﬁes the collection limitation principle of the framework as follows:
Companies should limit data collection to that which is consistent with the context of a particular
transaction or the consumer’s relationship with the business, or as required or speciﬁcally authorized by
For any data collection that is inconsistent with these contexts, companies should make appropriate
other legal document. 周is clariﬁcation of the collection limitation principle is intended to help companies
assess whether their data collection is consistent with what a consumer might expect; if it is not, they should
provide prominent notice and choice. (For a further discussion of this point, see infra Section IV.C.2.) 周is
approach is consistent with the Administration’s Consumer Privacy Bill of Rights, which includes a Respect
for Context principle that limits the use of consumer data to those purposes consistent with the context in
which consumers originally disclosed the data.
One example of a company innovating around the concept of privacy by design through collection
limitation is the Graduate Management Admission Council (“GMAC”). 周is entity previously collected
ﬁngerprints from individuals taking the Graduate Management Admission Test. After concerns were raised
about individuals’ ﬁngerprints being cross-referenced against criminal databases, GMAC developed a system
that allowed for collection of palm prints that could be used solely for test-taking purposes.
print technology is as accurate as ﬁngerprinting but less susceptible to “function creep” over time than the
taking of ﬁngerprints, because palm prints are not widely used as a common identiﬁer. GMAC received a
privacy innovation award for small businesses for its work in this area.
d Sound Data Retention: Companies Should Implement Reasonable Data Retention and
Similar to the concerns raised about collection limits, many commenters expressed concern about
limiting retention of consumer data, asserting that such limits would harm innovation. Trade associations
and businesses requested a ﬂexible standard for data retention to allow companies to develop new products
134 周is approach mirrors the revised standard for determining whether a particular data practice warrants consumer choice
(see infra at section IV.C.1.a.) and is consistent with a number of commenters’ calls for considering the context in which a
particular practice takes place. See, e.g., Comment of CTIA - 周e Wireless Ass’n, cmt. #00375, at 2-4; Comment of Consumer
Data Industry Ass’n, cmt. #00363, at 5; Comment of TRUSTe, cmt. #00450, at 3.
135 See White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation
in the Global Digital Economy, 15-19, (Feb. 2012), available at http://www.whitehouse.gov/sites/default/ﬁles/privacy-ﬁnal.pdf.
For a further discussion of this point, see infra at Section IV.C.1.a
136 See Jay Cline, GMAC: Navigating EU Approval for Advanced Biomterics, Inside Privacy Blog (Oct. 15, 2010), https://www.
GMAC’s adoption of palm print technology); cf. Kashmir Hill, Why ‘Privacy by Design’ is the New Corporate Hotness, Forbes,
July 28, 2011, available at http://www.forbes.com/sites/kashmirhill/2011/07/28/why-privacy-by-design-is-the-new-corporate-
C# Word - Word Conversion in C#.NET
using other external third-party dependencies like Adobe Acrobat. Word SDK to convert Word document to PDF document may directly copy and paste it into your C# add text to pdf file reader; acrobat add text to pdf
and other uses of data that provide beneﬁts to consumers.
One company raised concerns about
prescriptive retention periods, arguing that retention standards instead should be based on business need,
the type and location of data at issue, operational issues, and legal requirements.
noted that retention limits should be suﬃciently ﬂexible to accommodate requests from law enforcement
or other legitimate business purposes, such as the need of a mortgage banker to retain information about a
consumer’s payment history.
Some commenters suggested that the Commission’s focus should be on data
security and proper handling of consumer data, rather than on retention limits.
In contrast, some consumer groups advocated speciﬁc retention periods. For example, one such
commenter cited a proposal made by a consortium of consumer groups in 2009 that companies that collect
data for online behavioral advertising should limit their retention of the data to three months and that
companies that retained their online behavioral advertising data for only 24 hours may not need to obtain
consumer consent for their data collection and use.
Others stated that it might be appropriate for the
FTC to recommend industry-speciﬁc retention periods after a public consultation.
周e Commission conﬁrms its conclusion that companies should implement reasonable restrictions on
the retention of data and should dispose of it once the data has outlived the legitimate purpose for which it
Retention periods, however, can be ﬂexible and scaled according to the type of relationship
and use of the data; for example, there may be legitimate reasons for certain companies that have a direct
relationship with customers to retain some data for an extended period of time. A mortgage company will
maintain data for the life of the mortgage to ensure accurate payment tracking; an auto dealer will retain
data from its customers for years to manage service records and inform its customers of new oﬀers. 周ese
long retention periods help maintain productive customer relationships. 周is analysis does not, however,
apply to all data collection scenarios. A number of commenters noted that online behavioral advertising
data often becomes stale quickly and need not be retained long.
For example, a consumer researching
hotels in a particular city for an upcoming vacation is unlikely to be interested in continuing to see hotel
advertisements after the trip is completed. Indeﬁnite retention of data about the consumer’s interest in
ﬁnding a hotel for a particular weekend serves little purpose and could result in marketers sending the
consumer irrelevant advertising.
137 See Comment of CTIA - 周e Wireless Ass’n, cmt. #00375, at 2-4, 14; Comment of American Catalog Mailers Ass’n, cmt.
#000424, at 5; Comment of IBM, cmt. #00433, at 4; Comment of Intuit, Inc., cmt. #00348, at 9.
138 Comment of Verizon, cmt. #00428, at 10-11.
139 See, e.g., Comment of CTIA - 周e Wireless Ass’n, cmt. #00375, at 14.
140 Comment of Yahoo! Inc., cmt. #00444, at 6; see also Comment of American Catalog Mailers Ass’n, cmt. #00424, at 3-4.
141 Comment of Consumer Federation of America, cmt. #00358, at 4 (citing Legislative Primer: Online Behavioral Tracking and
Targeting Concerns and Solutions from the Perspective of the Center for Digital Democracy and U.S. PIRG, Consumer Federation
of America, Consumers Union, Consumer Watchdog, Electronic Frontier Foundation, Privacy Lives, Privacy Rights Clearinghouse,
Privacy Times, U.S. Public Interest Research group, 周e World Privacy Forum (Sept. 2009), available at http://www.consumerfed.
142 Comment of Center for Democracy & Technology, cmt. #00469, at 6 (“Flexible approaches to data retention should not,
however, give carte blanche to companies to maintain consumer data after it has outlived its reasonable usefulness.”).
143 In the alternative, companies may consider taking steps to de-identify the data they maintain, as discussed above.
144 See Comment of Consumers Union, cmt. #00362, at 8.
In determining when to dispose of data, as well as limitations on collection described above, companies
should also take into account the nature of the data they collect. For example, consider a company that
develops an online interactive game as part of a marketing campaign directed to teens. 周e company should
ﬁrst assess whether it needs to collect the teens’ data as part of the game, and if so, how it could limit the
data collected, such as by allowing teens to create their own username instead of using a real name and email
address. If the company decides to collect the data, it should consider disposing of it even more quickly
than it would if it collected adults’ data. Similarly, recognizing the sensitivity of data such as a particular
consumer’s real time location, companies should take special care to delete this data as soon as possible,
consistent with the services they provide to consumers.
Although restrictions may be tailored to the nature of the company’s business and the data at issue,
companies should develop clear standards and train its employees to follow them. Trade associations and
self-regulatory groups also should be more proactive in providing guidance to their members about retention
and data destruction policies. Accordingly, the Commission calls on industry groups from all sectors – the
online advertising industry, online publishers, mobile participants, social networks, data brokers and others –
to do more to provide guidance in this area. Similarly, the Commission generally supports the exploration of
eﬀorts to develop additional mechanisms, such as the “eraser button” for social media discussed below,
allow consumers to manage and, where appropriate, require companies to delete the information consumers
e Accuracy: Companies should maintain reasonable accuracy of consumers’ data
周e preliminary staﬀ report called on companies to take reasonable steps to ensure the accuracy of the
data they collect and maintain, particularly if such data could cause signiﬁcant harm or be used to deny
consumers services. Similar to concerns raised about collection limits and retention periods, commenters
opposed rigid accuracy standards,
and noted that the FCRA already imposes accuracy standards in certain
One commenter highlighted the challenges of providing the same levels of accuracy for non-
identiﬁable data versus data that is identiﬁable.
To address these challenges, some commenters stated that a sliding scale approach should be followed,
particularly for marketing data. 周ese commenters stated that marketing data is not used for eligibility
purposes and that, if inaccurate, the only harm a consumer may experience is an irrelevant advertisement.
Providing enhanced accuracy standards for marketing data would raise additional privacy and data security
as additional information may need to be added to marketing databases to increase accuracy.
145 See infra at Section IV.D.2.b.
146 See Comment of Experian, cmt. #00398, at 2.
147 See Comment of SIFMA, cmt. #00265, at 4.
148 Comment of Phorm Inc., cmt. #00353, at 4.
149 Comment of Experian, cmt. #00398, at 11 (arguing against enhanced standards for accuracy, access, and correction for
marketing data); see also Comment of Yahoo! Inc., cmt. #00444, at 6-7.
151 Cf. Comment of Yahoo! Inc., cmt. #00444, at 7 (arguing that it would be costly, time consuming, and contrary to privacy
objectives to verify the accuracy of user registration information such as gender, age or hometown).
C# Excel - Excel Conversion & Rendering in C#.NET
using other external third-party dependencies like Adobe Acrobat. SDK to convert Excel document to PDF document You may directly copy and paste it into your C# adding a text field to a pdf; add text to pdf document online
周e Commission agrees that the best approach to improving the accuracy of the consumer data
companies collect and maintain is a ﬂexible one, scaled to the intended use and sensitivity of the
information. 周us, for example, companies using data for marketing purposes need not take special
measures to ensure the accuracy of the information they maintain. Companies using data to make decisions
about consumers’ eligibility for beneﬁts should take much more robust measures to ensure accuracy,
including allowing consumers access to the data and the opportunity to correct erroneous information.
Final Principle: Companies should incorporate substantive privacy protections into their practices,
such as data security, reasonable collection limits, sound retention and disposal practices, and data
2. COMPANIES SHOULD ADOPT PROCEDURAL PROTECTIONS TO IMPLEMENT THE
Proposed Principle: Companies should maintain comprehensive data management procedures
throughout the life cycle of their products and services.
In addition to the substantive principles articulated above, the preliminary staﬀ report called for
organizations to maintain comprehensive data management procedures, such as designating personnel
responsible for employee privacy training and regularly assessing the privacy impact of speciﬁc practices,
products, and services. Many commenters supported this call for accountability within an organization.
Commenters noted that privacy risk assessments promote accountability, and help identify and address
One commenter stated that privacy risk assessments should be an ongoing process, and
ﬁndings should be used to update internal procedures.
周e Commission agrees that companies should
implement accountability mechanisms and conduct regular privacy risk assessments to ensure that privacy
issues are addressed throughout an organization.
周e preliminary staﬀ report also called on companies to “consider privacy issues systemically, at all
stages of the design and development of their products and services.” A range of commenters supported
the principle of “baking” privacy into the product development process.
One commenter stated that this
approach of including privacy considerations in the product development process was preferable to requiring
152 See infra at Section IV.D.2. 周e Commission notes that some privacy-enhancing technologies operate by introducing
deliberate “noise” into data. 周e data accuracy principle is not intended to rule out the appropriate use of these methods,
provided that the entity using them notiﬁes any recipients of the data that it is inaccurate.
153 See, e.g., Comment of 周e Centre for Information Policy Leadership at Hunton & Williams LLP, cmt. #00360, at 2-3; Comment
of Intel Corp., cmt. #00246, at 6; Comment of Oﬃce of the Information & Privacy Commissioner of Ontario, cmt. #00239, at 3
154 Comment of GS1, cmt. #00439, at 3; Comment of Oﬃce of the Information & Privacy Commissioner of Ontario, cmt. #00239,
155 Comment of Oﬃce of the Information & Privacy Commissioner of Ontario, cmt. #00239, at 7.
156 Comment of Intel Corp., cmt. #00246, at 6; Comment of United States Council for International Business, cmt. #00366, at 2;
Comment of Consumer Federation of America, cmt. #00358, at 3.
Another argued that privacy concerns should be considered from the outset, but
observed that such concerns should continue to be evaluated as the product, service, or feature evolves.
周e Commission’s recent settlements with Google and Facebook illustrate how the procedural
protections discussed above might work in practice.
In both cases, the Commission alleged that the
companies deceived consumers about the level of privacy aﬀorded to their data.
周e FTC’s orders will require the companies to implement a comprehensive privacy program reasonably
designed to address privacy risks related to the development and management of new and existing products
and services and to protect the privacy and conﬁdentiality of “covered information,” deﬁned broadly to mean
any information the companies collect from or about a consumer.
周e privacy programs that the orders mandate must, at a minimum, contain certain controls and
procedures, including: (1) the designation of personnel responsible for the privacy program; (2) a risk
assessment that, at a minimum, addresses employee training and management and product design and
development; (3) the implementation of controls designed to address the risks identiﬁed; (4) appropriate
oversight of service providers; and (5) evaluation and adjustment of the privacy program in light of regular
testing and monitoring.
Companies should view the comprehensive privacy programs mandated by these
consent orders as a roadmap as they implement privacy by design in their own organizations.
As an additional means of implementing the substantive privacy by design protections, the preliminary
staﬀ report advocated the use of privacy-enhancing technologies (“PETs”) – such as encryption and
anonymization tools – and requested comment on implementation of such technologies. One commenter
stressed the need for “privacy-aware design,” calling for techniques such as obfuscation and cryptography
to reduce the amount of identiﬁable consumer data collected and used for various products and services.
Another stressed that PETs are a better approach in this area than rigid technical mandates.
周e Commission agrees that a ﬂexible, technology-neutral approach towards developing PETs is
appropriate to accommodate the rapid changes in the marketplace and will also allow companies to
innovate on PETs. Accordingly, the Commission calls on companies to continue to look for new ways to
protect consumer privacy throughout the life cycle of their products and services, including through the
development and deployment of PETs.
Finally, Commission staﬀ requested comment on how to apply the substantive protections articulated
above to companies with legacy data systems. Many commenters supported a phase-out period for legacy
data systems, giving priority to systems that contain sensitive data.
Another commenter suggested that
157 Comment of Intel Corp., cmt. #00246, at 6.
158 Comment of Zynga Inc., cmt. #00459, at 2.
159 Of course, the privacy programs required by these orders may not be appropriate for all types and sizes of companies that
collect and use consumer data.
160 In the Matter of Google Inc., FTC Docket No. C-4336 (Oct. 13, 2011) (consent order), available at http://www.ftc.gov/os/
161 Comment of Electronic Frontier Foundation, cmt. #00400, at 5.
162 Comment of Business Software Alliance, cmt. #00389, at 7-9.
163 Comment of 周e Centre for Information Policy Leadership at Hunton & Williams LLP, cmt. #00360, at 3; Comment of the
Information Commissioner’s Oﬃce of the UK, cmt. #00249, at 2; Comment of CTIA - 周e Wireless Ass’n, cmt. #00375, at 14.
imposing strict access controls on legacy data systems until they can be updated would enhance privacy.
Although companies need to apply the various substantive privacy by design elements to their legacy data
systems, the Commission recognizes that companies need a reasonable transition period to update their
systems. In applying the substantive elements to their legacy systems, companies should prioritize those
systems that contain sensitive data and they should appropriately limit access to all such systems until they
can update them.
Final Principle: Companies should maintain comprehensive data management procedures
throughout the life cycle of their products and services.
164 Comment of Yahoo! Inc., cmt. #00444, at 7.
DATA COLLECTION AND DISPOSAL CASE STUDY: MOBILE
周e rapid growth of the mobile marketplace illustrates the need for companies to implement
reasonable limits on the collection, transfer, and use of consumer data and to set policies for
disposing of collected data. 周e unique features of a mobile phone – which is highly personal,
almost always on, and travels with the consumer – have facilitated unprecedented levels of data
collection. Recent news reports have conﬁrmed the extent of this ubiquitous data collection.
Researchers announced, for example, that Apple had been collecting geolocation data through
its mobile devices over time, and storing unencrypted data ﬁles containing this information on
consumers’ computers and mobile devices.
周e Wall Street Journal has documented numerous
companies gaining access to detailed information – such as age, gender, precise location, and the
unique ID associated with a particular mobile device – that can then be used to track and predict
Not surprisingly, consumers are concerned: for example, a recent Nielsen
study found that a majority of smartphone app users worry about their privacy when it comes
to sharing their location through a mobile device.
周e Commission calls on companies to limit
collection to data they need for a requested service or transaction. For example, a wallpaper app or
an app that tracks stock quotes does not need to collect location information.
周e extensive collection of consumer information – particularly location information – through
mobile devices also heightens the need for companies to implement reasonable policies for purging
Without data retention and disposal policies speciﬁcally tied to the stated business purpose
for the data collection, location information could be used to build detailed proﬁles of consumer
movements over time that could be used in ways not anticipated by consumers.
information is particularly useful for uniquely identifying (or re-identifying) individuals using
disparate bits of data.
For example, a consumer can use a mobile application on her cell phone to
“check in” at a restaurant for the purpose of ﬁnding and connecting with friends who are nearby.
周e same consumer might not expect the application provider to retain a history of restaurants she
visited over time. If the application provider were to share that information with third parties, it
could reveal a predictive pattern of the consumer’s movements thereby exposing the consumer to
a risk of harm such as stalking.
Taken together, the principles of reasonable collection limitation
and disposal periods help to minimize the risks that information collected from or about consumers
could be used in harmful or unexpected ways.
With respect to the particular concerns of location data in the mobile context, the
Commission calls on entities involved in the mobile ecosystem to work together to establish
standards that address data collection, transfer, use, and disposal, particularly for location
data. To the extent that location data in particular is collected and shared with third parties,
entities should work to provide consumers with more prominent notice and choices about
such practices. Although some in the mobile ecosystem provide notice about the collection
of geolocation data, not all companies have adequately disclosed the frequency or extent of
the collection, transfer, and use of such data.
1 See Jennifer Valentino-Devries, Study: iPhone Keeps Tracking Data, Wall St. J., Apr. 21, 2011, available at
2 See, e.g., Robert Lee Hotz, 周e Really Smart Phone, Wall St. J., Apr. 22, 2011, available at http://online.wsj.com/
article/SB10001424052748704547604576263261679848814.html (describing how researchers are using mobile
data to predict consumers’ actions); Scott 周urm & Yukari Iwatane Kane, Your Apps are Watching You, Wall St. J.,
Dec. 18, 2010, available at http://online.wsj.com/article/SB10001424052748704368004576027751867039730.
html (documenting the data collection that occurs through many popular smartphone apps).
3 Privacy Please! U.S. Smartphone App Users Concerned with Privacy When It Comes to Location, NielsenWire Blog
(Apr. 21, 2011), http://blog.nielsen.com/nielsenwire/online_mobile/privacy-please-u-s-smartphone-app-users-
concerned-with-privacy-when-it-comes-to-location/; see also Ponemon Institute, Smartphone Security: Survey of U.S.
Consumers 7 (Mar. 2011), available at http://aa-download.avg.com/ﬁledir/other/Smartphone.pdf (reporting that
64% of consumers worry about their location being tracked when using their smartphones).
4 Similarly, the photo-sharing app Path faced widespread criticism for uploading its users’ iPhone address books
without their consent. See, e.g., Mark Hachman, Path Uploads Your Entire iPhone Contact List By Default, PC
Magazine, Feb. 7, 2012, available at http://www.pcmag.com/article2/0,2817,2399970,00.asp.
5 周e Commission is currently reviewing its COPPA Rule, including the application of COPPA to geolocation
information. See FTC, Proposed Rule and Request for Public Comment, Children’s Online Privacy Protection
Rule, 76 Fed. Reg. 59,804 (Sept. 15, 2011), available at http://www.gpo.gov/fdsys/pkg/FR-2011-09-27/pdf/2011-
6 See ACLU of Northern California, Location-Based Services: Time for a Privacy Check-In, 14-15 (Nov. 2010), available
7 Comment of Electronic Frontier Foundation, cmt. #00400, at 3.
8 Cf. U.S. v. Jones, 565 U.S. 132 S. Ct. 945, 955 (2012) (Sotomayor, J., concurring) (noting that “GPS monitoring
generates a precise, comprehensive record of a person’s public movements that reﬂects a wealth of detail about her
familial, political, professional, religious, and sexual associations”).
Documents you may be interested
Documents you may be interested