- Individual control. Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
- Transparency. Consumers have a right to easily understandable and accessible information about privacy and security practices.
- Respect for context. Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security. Consumers have a right to a secure and responsible handling of personal data.
- Access and accuracy. Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
- Focused collection. Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability. Consumers have a right to have personal data handled by companies with appropriate measures in place to ensure that they adhere to the Consumer Privacy Bill of Rights.
PeekYou.com has applied for a patent for a way to, among other things, match people’s real names to pseudonyms they use on blogs, Twitter and online forums. A statement on its patent application describes the invention as “a method for aggregating over a network, personal information available from public sources.”
PeekYou’s people-watch Web site offers records of about 250 million people, primarily in the U.S. and Canada. PeekYou says it also is starting to work with listening services to help them learn more about the people whose conversations they are monitoring. It claims to provide only demographic information, not names or addresses.
On December 1, 2010, the Federal Trade Commission (FTC) released its long-awaited preliminary report on the protection of consumer privacy titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.” The FTC is seeking input on this proposal and intends to issue a final report sometime in 2011.
The report, which covers both online and offline data collection and use, reiterates certain concrete steps that the FTC believes organizations should take related to choice and transparency and also provides broad guidance that applies to all commercial entities that collect or use consumer data, including companies that do not interact directly with consumers, such as information brokers. The framework is not limited to personally identifiable information (PII); it applies to all consumer data that can be linked to a specific individual or to a computer or other device.
Focusing on new and growing threats to consumer privacy driven by innovations that rely on consumer data, the proposal outlines a three-step framework for data protection:
1) Privacy by Design – Organizations should integrate privacy concepts into every stage of the life-cycle of their products and services, develop marketing initiatives and data-sharing activities based on privacy guidance from the inception of such projects, and develop and maintain comprehensive information programs to protect and manage consumer data within the organization itself. Data security, reasonable collection limits, sound retention practices, and data accuracy are critical program components.
2) Choice – Organizations should offer clear and easy-to-use choice mechanisms at the point when the consumer is making a decision about his/her data, such as at the point of collection, implement a “do not track” mechanism, such as a persistent web browser setting that allows consumers to block all tracking of their online activities, obtain consumer consent before sharing data for marketing purposes with third parties or even with its affiliates if the affiliate relationship is not clear to consumers, and require enhanced consent for sensitive information, such as data about children, financial and medical information, and precise geolocation data.
3) Transparency – While privacy policies remain a critical tool for notifying consumers (and regulators) of an organization’s privacy practices, in general, most privacy polices need to be streamlined and simplified, and organizations must obtain consumer consent before implementing a change in policy that affects previously collected data. Organizations also should explore mechanisms for providing consumers with access to their data.