A Federal Trade Commission workshop on Monday that tackled privacy amid tracking consumers across devices suggested that regulators are struggling to keep up with emerging marketing tech.
"While tracking itself is not new, the ways in which data is collected, compiled stored and analyzed certainly is," FTC Chairwoman Edith Ramirez said at the workshop, which gathered usual suspects such as technologists, ad industry trade group representatives and privacy wonks.
Consumers are no longer only monitored and followed as they surf the web on desktop computers. Now opening a mobile app, watching TV via a set-top box, browsing the internet and even standing near a digital sign in an airport can all create data streams.
Companies, some of them software firms helping marketers better track and understand their consumers, are gathering increasing volumes of online and offline data at greater rates than ever with the ultimate goal of linking it back to individual consumers.
"They do this under the veil of anonymous identifiers and hashed P.I.I. [personally-identifiable information], but these identifiers are still persistent and can provide a strong link to the same individual online and offline," Ms. Ramirez said, in language that challenges the typical rhetoric from companies that track consumers.
"Not only can these profiles be used to draw sensitive inferences about consumers, there is also a risk of unexpected and unwelcome use of data generated from cross-device tracking," she added.
Much of the broader privacy conversation revolves around providing consumers with information about why they're seeing certain ads and giving them the ability to opt out from tracking and ad targeting. But many websites that are part of the daisy chain of consumer information do not mention cross-device tracking in their privacy policies, said Justin Brookman, policy director of the FTC's new Office of Technology Research, citing a recent FTC study.
The Digital Advertising Alliance, the industry group behind the Ad Choices icon regime offering consumers information and opt-outs, prepared for Monday's FTC discussion by working over the past six months on extending its principles to "cross-app data." It suggested in updated guidelines that both third parties and companies collecting data on their own consumers provide a "clear, meaningful, and prominent link to a disclosure that either links to the industry developed Web site(s) or choice mechanism that provides control consistent with this guidance or that individually lists Third Parties engaged in the collection of Multi-Site or Cross-App Data through its Web site or application."
But the labyrinth traveled by data as it navigates smartphones, TVs and even fitness trackers is so complex that it's not clear how effective such guidelines can be. Consumers might successfully opt out of one app's tracking, for example, without disrupting the web of of information on them being spun at many other points.
"Most controls do not allow opt-out of the underlying data collection and linking of identifiers," Ms. Ramirez said. There is a need for future discussion regarding data minimization, or the strategic reduction of the amount of data collected and stored, she said.
There was no specific call by the FTC for additional legislation or regulatory moves to prevent cross-device data collection, but the fact that the topic is worthy of a workshop, and the fact that the agency has a new research division to quantify such issues, means government is paying attention.
"The FTC will continue to monitor the marketplace and take action as needed to protect consumers," said Ms. Ramirez.