Don't-track-me browser feature part of FTC privacy plan

Share this article:
The Federal Trade Commission (FTC) is urging companies to develop a “do not track” mechanism so consumers can choose whether to allow the collection of data regarding online searching and browsing activities.

The mechanism, likely to be a setting on consumers' browsers, was a primary recommendation of a preliminary report released by the FTC on Wednesday detailing a proposed framework to protect consumer privacy.

The framework would apply to all online and offline commercial organizations that collect, maintain, share or use customer data.

“A lot of people in Washington have been spending time thinking about the budget deficit,” FTC Chairman Jon Leibowitz said during a conference call with members of the media on Wednesday. “We have been thinking about the privacy deficit that American consumers suffer from.”

The framework includes three basic components.

First, the FTC calls on companies to adopt an approach called “Privacy by Design,” by building privacy protections into their everyday business practices. The approach, first developed by Ann Cavoukian, Ontario's information and privacy commissioner, includes protections such as collecting only the data needed for a specific business purpose and retaining data only as long as necessary to fulfill that purpose.

Click here to view a video during which Ann Cavoukian discusses the Privacy by Design approach.

Secondly, the FTC wants companies to provide choices to consumers about their data practices in a simpler, more streamlined way, the report states.

As it relates to behavioral advertising, the FTC recommended that users be able to opt-out of data collection though a browser setting that would signal to websites a user's choices about whether to be tracked or receive targeted advertisements.

Several companies, such as Apple and Mozilla, have already experimented with this type of feature, Leibowitz said.

Finally, the FTC is proposing that companies increase transparency by educating consumers about their data policies and the choices available to them.

The FTC has been the primary privacy policy and enforcement agency in the United States since the enactment of the Fair and Credit Reporting Act in 1970. The agency also has authority, under the FTC Act, to take action against acts or practices deemed “deceptive or unfair.” The FTC has used this authority to bring many cases against companies that have failed to protect the privacy of consumers' personal information. 

The United States does not currently have an overarching federal law addressing privacy and data security.

The FTC report, intended to provide best practices for businesses and guidance to lawmakers, says that industry-specific efforts to address privacy through self-regulation have so far been inadequate.

The FTC, however, is not calling for legislative action – yet, Leibowitz said.

“Despite some good actions, self-regulation of privacy has not worked adequately for American consumers,” he said. “Industry as a whole needs to do a far better job. From my perspective, a legislative solution will surely be needed if industry doesn't step up to the plate.”

The proposed framework was developed following a series of three FTC-led public roundtables to explore the privacy challenges facing businesses that collect and use consumer data.

The FTC is seeking comment on the report through the end of January and plans to issue a final report next year.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.