Consumers will likely be given greater ability to control what personal information is given to marketers and how such data is utilized

Consumer privacy is a critical concern with respect to online and electronic activity today. The Obama administration’s recent reintroduction of a Consumer Privacy Bill of Rights as well as regulatory scrutiny by the Federal Trade Commission (FTC) appear to be a direct reaction to these growing concerns. In this series of articles, we will examine recent scrutiny of data collection practices and how businesses utilizing such data should modify their practices.

Background

President Obama first introduced the Consumer Privacy Bill of Rights in February 2012. Three years later, the President announced a reintroduction of the bill followed by the release of a draft bill on Feb. 27, 2015, based on the Fair Information Practice Principles. If enacted, the Bill of Rights would govern the collection and dissemination of consumer data with the potential hammer of the FTC having enforcement authority for failure to meet. The bill has the potential to govern not just the data broker’s use of consumer data, but the many businesses that collect and disseminate consumer data in order to provide targeted advertising.

The bill is designed to protect consumers from the release of their personal information as well as provide transparency and control over how data is kept and collected by marketers, and provide consumers with reasonable means to control the use of their personal data depending on the context and privacy risk. The proposed bill would require industry to develop and implement data collection codes. The failure of a data collector to comply with a governing industry standard would subject the business to enforcement from the FTC. The proposed legislation would apply to any commercial use of personal information and anything that could link to a specific individual via their computer or other smart device.

The bill is a reaction to the changing technologies that have become a reality in the relationship between companies and consumers. Additionally, recent data breaches have caused concern over the release of personal information by companies because of lack of regulation. As Americans continue to use new technologies to hold their personal information, the risk of a cyber attack exploiting their data becomes more likely.

The reintroduced bill should come as no surprise to those involved in data collection. A number of significant online businesses have come under FTC scrutiny for their lax or ineffective privacy practices. For example, in 2011, Google was subjected to FTC liability with respect to its social network, Buzz, which caused its Gmail users to believe they had the option to join the new social network. However, user declines to join the network were ineffective, and user acceptances had misleading privacy controls over personal information. As a violation of the FTC Act, Google reached a final settlement with the FTC barring Google from future misrepresentations as well as an improved privacy program. In 2012, the FTC also settled with Facebook over the social media giant’s lack of transparency in its privacy policies and for allegedly deceiving consumers into thinking that their personal information was kept private when it was in fact made public. More recently, the FTC began exploring Apple’s HealthKit platform on its latest iPhone model and its built-in data health collection. Apple has responded that while the health data will be stored by the HealthKit, it will not be accessible in iCloud or any apps, and Apple has ensured that user data will not be sold to third parties. While the FTC has yet to launch a formal investigation, Apple’s upcoming iWatch release may cause the FTC to continue to monitor Apple’s data collection practices.

For more information contact Andy Lustigman, Olshan.  alustigman@olshanlaw.com