Website users have grown accustomed to the quid pro quo of Internet use and advertising: we browse websites, and those same website collect customer personal data or habits that are used to generate targeted advertising. But how far is too far in terms of data collection? Is our current system of consumer privacy protection a functional one, or one that falls short of adequately protecting the individual and his/her personal information and data?

According to the Federal Trade Commission’s new chief of the Bureau of Consumer Protection, David C. Vladek, the answer is the latter, and our system gets a failing grade. The FTC has expressed both distrust and displeasure with the current standard practice of online disclosure statements, and one-click, cookie-cutter privacy statements that consumers rarely read or understand, as neither may be enough to protect consumers from increasingly invasive Internet tracking practices and technologies. Also, the FTC sees this issue as having a consumer dignity interest element at stake, not merely consumer economic interests. The New York Times and the Wall Street Journal recently reported that Mr. Vladek will be scrutinizing online advertising and consumer privacy issues closely. Within his first few days on the job, Mr. Vladek announced that one of his “major goals” was “rethinking” the FTC’s approach to consumer privacy issues.

As yet, Mr. Vladek has not articulated what these changes will be, but said he is not committed to “imposing regulation.” [quote from NYT article]. In his first few weeks in office, Mr. Vladek has been working with companies, public interest groups, and academics to evaluate the current rules and to suggest new ways to better protect consumer privacy. According to the Wall Street Journal, “the goal [is to have] new privacy guidelines in place by next summer.”

These changes are part of the FTC’s move toward close evaluation of online advertising practices, which included the June settlement of a case with Sears Holdings Management Corp. In that case, Sears invited customers to download onto their computers, “research” software that allowed the company to track their online browsing. In return, customers were paid $10. The FTC found that the software also tracked consumer bank statements and prescription records, which some consumers did not realize, despite a lengthy privacy policy. The company was required to stop the program and to destroy the information it had collected. Mr. Vladek emphasized that the FTC was not just interested in protecting consumers from economic harm, but also in protecting consumers’ “dignity interest[s] wrapped up in having somebody looking at your financial records when they have no business doing that.” [quote from NYT article].

How and what consumer data is collected has been a hot issue in recent months, with the release of a report from the FTC on its online behavioral advertising principles, followed shortly thereafter with self-regulation guidelines from industry groups.

Why This Matters

Some industry groups fear the potential stricter regulations will harm their business models. It is clear that the FTC will expect more transparency from companies, but Mr. Vladek’s approach seems to be a collaborative one so far. Advertisers and industry groups should take advantage of this opportunity. As a practical matter, advertisers should be vigilant in adhering to consumer privacy and consumer information protection guidelines already in place, and should stay abreast of any and all developments in this area. Advertisers should also evaluate the programs and policies they use to protect the consumer information they collect, and alternative means of communicating the extent and use of personal data collected to consumers.