Emerging threats related to online advertising were the focus of recent testimony by an official of the Federal Trade Commission to a congressional subcommittee.

Among other witnesses, associate director of the Division of Privacy and Identity Protection Maneesha Mithal appeared before the U.S. Senate Committee on Homeland Security and Governmental Affairs’ Permanent Subcommittee on Investigations to discuss the agency’s efforts and recommend next steps in three areas affecting online advertising: privacy, spyware and other malware, and data security.

Starting with privacy, Mithal referenced the FTC’s 2012 privacy report and noted that the agency encourages companies “to provide simpler and more streamlined choices to consumers about their data, through a robust universal choice mechanism for online behavioral advertising.” She also noted several enforcement actions brought by the FTC in the privacy arena, notably the $22.5 million settlement with Google to settle charges that the company misrepresented its use of cookies.

Turning to spyware and malware, Mithal explained that the agency’s enforcement actions are based on three principles: (i) a consumer must make the choice to install software on his or her computer; (ii) “buried disclosures” about material information are insufficient in connection with software downloads; and (iii) consumers have the right to disable or uninstall any unwanted software.

As for data security, Mithal told lawmakers that the agency has obtained settlements in 53 data security cases, stemming from allegations that the companies failed to reasonably secure consumers’ personal information. Mithal cited the agency’s most recent settlement with mobile app company Snapchat over charges that the company falsely promised users that pictures and videos sent through its service could disappear from the Internet forever.

In conjunction with the hearing, the subcommittee also released a new report on malvertising titled “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.” Based on an investigation, the report concluded that the online advertising industry operates with “significant vulnerabilities” and found that “a potential conflict of interest” exists when self-regulatory programs are dependent upon online ad networks for funding. “The self-regulatory bodies prioritize industry representatives over consumer advocates in the standard-setting process,” according to the report.

To read Mithal’s prepared testimony, click here

The hearing also addressed the question of how to improve the online advertising landscape. Committee member Sen. John McCain (R-Ariz.) suggested that his 2011 legislation, the Commercial Privacy Bill of Rights Act, be reintroduced. Mithal recommended more education on the issue for both businesses and consumers and threw her support behind “continued industry self-regulation to ensure that ad networks are taking reasonable steps to prevent the use of their systems to display malicious ads to consumers.” She also called on the legislators to enact a federal data security and breach notification law that includes a provision granting the FTC the power to seek civil penalties in data security cases.

To read the subcommittee’s report, click here

Why it matters: Mithal’s testimony demonstrates once again that consumer privacy remains a prime FTC and congressional concern.