While the 2012 election is likely to stall congressional momentum on online privacy legislation, it isn’t slowing down the Federal Trade Commission (FTC). Privacy has become one of its two main priorities, along with protection of the “Great Recession Consumer” from financial scams, according to FTC Chairman Jon Leibowitz. During the past several years, he recently told Congress, the FTC has brought more than 100 cases dealing with online privacy issues, including behavioral advertising, spyware and data security.
The year 2011 will be remembered as the Year of Privacy at the FTC – the time in which it tackled the “Four Horsemen of the Internet” to make the loudest statement possible about privacy standards it expects online firms and social media networks to uphold. First came Twitter, which agreed in March to settle charges of data security breaches and to put in place a comprehensive information security program that will be subject to independent audits over 10 years.
That same month, Google agreed to settle charges it made misrepresentations that led consumers to join its Buzz social media network without their consent, and did not adequately disclose that certain personal information (E-mail contacts) would be made public by default. Like Twitter, Google agreed to implement a comprehensive privacy program, but to submit to independent audits not for 10 years, but 20.
Now, at the end of November, comes Facebook, which just agreed to settle FTC claims it deceived consumers by telling them they could keep their information private, and then allowed it to be shared and made public. Under the settlement, Facebook is barred from making misrepresentations about the privacy of consumers’ personal information; must let consumers expressly opt in (rather than only opt out) to changes that override their privacy preferences (i.e., on sharing of their “Friends List,” or sharing of personal information with advertisers); and, like Google, must establish a comprehensive privacy program that will have to undergo independent audits for 20 years.
Sandwiched between these high-profile actions against the Internet’s behemoths, the FTC found time last month to issue a consent order against ScanScout, an advertising network that places video ads on websites for advertisers, settling charges it deceptively claimed consumers could opt out of receiving targeted ads by changing their browser settings to block cookies. The order requires a prominent notice on ScanScout’s home page that it collects information about consumers’ activities to send them targeted ads, together with a hyperlink to an opt-out mechanism; protects an opt-out choice for at least five years, unless the consumer changes it; and directs ScanScout to embed a hyperlink in its targeted ads that also leads to the opt-out mechanism.
Whether or not an FTC case against the fourth Internet Horseman – Amazon – is in the works, the actions it has taken against companies big and small in 2011 certainly back up its chairman’s pronouncement that privacy is, and will continue to be, a leading priority. To avoid mandatory audits yourself, you may wish to review your practices for compliance with FTC online privacy requirements.