FTC's Brill Calls for Congress to Legislate New Data Privacy, Stuns Marketers
Big data brokers are "taking advantage of us without our permission." Those were the words of Federal Trade Commissioner Julie Brill this morning at the Computers, Freedom and Privacy Conference in Washington.
The commissioner, often vocal on data-privacy issues, called on Congress to legislate what she calls a "Reclaim Your Name" program, one that would establish technical controls allowing people to access the information data collectors have stored about them, control how it is shared and correct it when necessary.
The commissioner suggested such a program could operate in tandem with the browser-based Do Not Track standard currently in development. That slow-moving process, however, is under intensifying scrutiny as some World Wide Web Consortium participants question the chances of reaching consensus on key tech and policy elements of DNT, and as Firefox maker Mozilla plans a new approach to DNT with Stanford University.
"I urge the W3C stakeholders to forge ahead and reach consensus" on DNT, said Ms. Brill.
But there's no reason why "big data" cannot coexist with the establishment of standards for DNT and Reclaim Your Name, she added.
The Direct Marketing Association was caught off guard by Commissioner Brill's announcement. "DMA has been in discussion with Commissioner Brill regarding ways to increase transparency in the 'data broker' industry, but was surprised to see her announcement of this new initiative," said Rachel Thomas, VP of government affairs at DMA. "The FTC's Section 6B inquiry into 'data brokers' is still ongoing, and the Commission has yet to articulate a specific problem that would justify a call for congressional action in this area," she continued in an emailed statement.
Ms. Brill indicated that the FTC believes mobile device IDs are personally-identifiable. Many of the companies using device IDs to track in-store shopping behavior and other location-based interactions hold that they are not. "Information linked to specific devices is, for all intents and purposes, linked to individuals," she said.
The FTC is calling on data companies and users of consumer data "to commit to a robust program to de-identify their information," she said, arguing that predictive analytics have rendered much of the consumer information collected as forever linked to individuals, no matter industry's claims that the information often is anonymized or aggregated.
Companies should "take both technical and behavioral steps to make sure information used in advertising is truly and completely de-identified." Ms. Brill didn't make distinctions between data collected and used by first-parties and third-parties.
Ms. Brill's comments come amid revelations that the National Security Administration has gleaned consumer phone call and Internet data from corporations including Verizon, Google and Facebook. Indeed, corporate data-harvesting practices for logistics and marketing purposes have facilitated the controversial NSA data grab.
Companies collecting or employing data should make a public commitment not to re-identify information, and should contractually require their partners to make the same commitments, continued the commissioner.
Ms. Brill's requests may not sit well with companies connecting offline data about consumer purchases and interactions with digital and behavioral data for ad targeting and other marketing purposes. Firms including Datalogix and LiveRamp enable these increasingly popular offline-to-online data linking services.
What's the concern? Ms. Brill suggested consumer data is used to determine eligibility for jobs or loans, so people should be able to correct it if it's wrong. She also pointed to data breaches that jeopardize individual privacy and security.