FTC: All eyes on consumer privacy
Battle over Internet privacy heats up. Federal Trade Commission takes a stronger stance, making the issue a top priority.
The FTC's director of consumer protection, Howard Beales, said Thursday that his outfit is gearing up to bring more privacy-related cases against Internet operators, with one expected in the coming weeks.
"Watch the space," he said to an audience of privacy officers and executives attending the three-day Privacy Futures conference here.
Consumer privacy issues exploded nearly five years ago when Internet usage and e-commerce reached a tipping point. Many online companies suffered growing pains trying to wield powerful new technology that could easily track customers and compile dossiers on their surfing and shopping habits. Unaware of these practices, consumer perceptions gradually shifted from a feeling of general anonymity on the Web to one of being watched.
At the time, many online companies were hit with complaints over digital spills of consumer information or security breaches that gave outsiders access to private data. Online advertising networks also came under scrutiny for potentially using consumers' personal information to deliver targeted advertisements.
DoubleClick, for example, was the subject of an FTC investigation for its attempt to combine the consumer information from its offline direct marketing unit Abacus with Web surfing data. It eventually retreated and closed its online media business.
After the Internet bust, some of the privacy concerns dried up, however. Net operators took greater pains to give consumers notice and choice before collecting or sharing data, and general attention shifted to an economic recession. Organizations like the Privacy Foundation, which was founded during the height of a privacy backlash, took a back seat to companies specializing in security technology following the suicide bombings of Sept. 11. Also, an air of complacency crept into some people who held the notion that an expectation of privacy was too much to ask for.
"It remains to be seen whether we're going to go back to where no one is really concerned, like in the offline world or where more restrictions are warranted, by companies in particular," Beales said in an interview.
"The digital revolution cast light on a lot of practices already going on offline...and people were asking, 'Do we want it that way?'" he said.
A handful of privacy-related issues have come into the spotlight of late. For example, Google's forthcoming Web-based e-mail service, Gmail, sparked criticism when it was announced because of the popular search company's plans to scan the contents of messages and deliver targeted ads based on the surveillance. Gmail's 1-gigabyte capacity to store e-mail could create a vast repository of personal correspondence that could be subject to review by police and other outsiders, detractors say.
Already the California state Senate has approved a bill that places limits on e-mail providers seeking to scan customer messages for advertising and other purposes.
The FTC also recently settled charges against music retailer Tower Records for a security breach on its Web site that exposed private consumer data in December 2002. The settlement requires Tower to establish an information security program that must be independently audited every six months.
The specific case the FTC plans to bring soon is one against a company that changed its privacy policy retroactively, allowing it to share personally identifiable information when it previously promised not to. Beales would not divulge the name of the company, yet he urged businesses holding the keys to a collection of sensitive data about consumers to be careful not to share it without customer permission.
Spam is also on the commission's list of high priorities. The FTC has brought 62 cases to date, with recent actions that have delivered criminal sentences to defendants under the country's new federal antispam law. It also recently designated new labels for pornographic commercial e-mail. Beales said the commission is already registering violations of that statute, and it plans to bring cases "soon."
Next week, the FTC will deliver its plan for the Do Not Email Registry to Congress, as designated under the federal Can-Spam Act, which went into effect in January. The 70-page report will cover the FTC's investigation of the implications of enacting, enforcing and managing the registry. Beales said the FTC has previously expressed doubts the registry could work, considering the costs and man power involved.
"This is the plan, but we're not required to adopt the plan," Beales said.