In the ongoing controversies over behaviorally targeted marketing, a new front was opened unexpectedly last week by the Federal Trade Commission: From now on, list managers, brokers, aggregators and other sellers of data are as much on the hook for safeguarding private information as advertisers.
In the FTC's final report issued March 26, “Protecting Consumer Privacy in an Era of Rapid Change,” the commission for the first time specifically criticized the privacy protection practices of “data brokers,” its term for companies that compile sales contact information and sell those lists to marketers, supplying the essential information that fuels direct, outbound marketing campaigns.
The FTC urged legislation providing individuals access to what's contained in those companies' databases. The FTC also called on data brokers to create a centralized website where individuals could get information about their practices and their options for controlling the use of their own information.
The FTC also suggested that marketers that rent or buy database lists from brokers might provide their own customers with information about this proposed data broker website to further ensure confidence in their privacy practices.
The Direct Marketing Association criticized this new wrinkle in the behaviorally targeted ad debate.
“Data is changing the world, but I'm not sure the FTC can define what a 'data broker' is,” said Linda Woolley, exec VP-Washington operations at the DMA. “Is a data broker Acxiom, Google or Macy's?
“All companies are sharing data in 2012,” Woolley said. “First parties are now doing collecting and having third parties crunch the data for them. Where do you draw the line?”
In its report, the FTC specifically cited data brokers as having “fallen short” in protecting sales contact information.
The FTC also made note of the ways database companies build their lists, taking bare-bones contact information, then appending and overlaying other information—such as email addresses, social media information and purchasing histories—generally without contacts' knowledge or permission.
Despite objections by several consumer advocacy groups, the FTC concluded that regulating data-append practices would be too complex and impractical.
It was unclear where the FTC stands on the federal government stepping in to regulate consumer privacy.
On one hand, the commission report recommended that Congress consider enacting legislation specifically addressing data brokers, along with general privacy, data security and breach notification legislation.
On the other, FTC Chairman Jon Leibowitz seemed to leave the door open for self-regulation within the marketing and advertising industry.
“We are confident that consumers will have an easy-to-use and effective do-not-track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don't,” Leibowitz said, in a statement.
Among other recommendations in the report:
- Companies should maintain reasonable security for contact data, limit collection and retention of such data, and employ reasonable procedures to promote data accuracy.
- Companies should give consumers the option to decide what information is shared about them and with whom, and also provide a do-not-track option.
- Companies should disclose details about their collection and use of people's information and provide them with access to data collected.
The FTC said it will address mobile marketing privacy and data disclosures in a workshop set for May 30 in Washington, D.C.