The Federal Trade Commission (“FTC”) convened the third and final roundtable in its “Exploring Privacy” series on March 17, 2010 in Washington, DC. The FTC plans to build on the roundtable proceedings to issue a report on privacy issues as early as this summer, and will solicit public comments and responses to this report.

The first roundtable featured panels on the risks and benefits of data practices, consumer expectations and disclosures, online behavioral advertising, information brokers, and existing regulatory frameworks. The second roundtable focused on the benefits and risks created by technology and the privacy considerations associated with social networking, cloud computing, and mobile marketing.

In the third roundtable, the FTC included a panel on privacy and Internet architecture and panels on health and other sensitive consumer information. The series closed with a final panel discussing lessons from the roundtable series and possible paths forward. David Vladeck, the head of the FTC’s Consumer Protection Bureau, opened the event by identifying four themes from the prior roundtables: (1) technology carries both risks and benefits; (2) new business models raise privacy challenges; (3) technological tools can help to protect privacy; and (4) there is agreement that information should be transparent, but further exploration is needed on how this can best be accomplished.

The first panel focused on how Internet design or architecture could be improved to address privacy and security challenges. Panelists discussed the difficulties of building privacy into today’s Internet and raised possible solutions, including the use of identity management services. The second panel discussed health information privacy issues such as how health data should be treated outside the traditional health care context and the need for socially beneficial uses of such data. The third panel of the day explored the treatment of “sensitive” information. The panel examined challenges to defining sensitive data and discussed whether such data should be subject to restrictions. During the final panel, speakers were invited to focus on lessons learned from the roundtables about commercial data practices, and addressed a variety of issues including the roles of consumer notice, choice, and data access, and whether the distinction between personally identifiable information (“PII”) and non-PII has blurred.

The event ended with remarks by Jessica Rich, Deputy Director of the FTC’s Bureau of Consumer Protection. Ms. Rich commented that the roundtables have shown that the dominant privacy models have not kept place with the business models that have been evolving. She identified several issues for consideration, including: (1) how to offer consumers greater control, recognizing that they do not want to review privacy policies; (2) how to treat privacy concerns that vary across individuals; (3) how to protect privacy without stifling innovation; (4) how to accommodate existing and future business models, including models pertaining to online behavioral advertising and location-based services; and (5) how to produce a relatively simple framework built on current privacy models and privacy work already underway.