The FTC has had enough. They have issued their “final warning” to the ad industry regarding behavioral targeting. They are demanding that the ad industry implement stronger privacy protections or they’ll do it for them. They created a sample of what they expect to see in the privacy protection guidelines in their 48-page PDF, Staff Report on Behavioral Advertising.
In the PDF they outline four revised principles which as of right now are non-binding. With help from paidContent.org I’ll do my best to explain these principles to you:
Transparency and Consumer Control
The FTC wants you to fully disclose how your site is using behavioral targeting and make it easy for visitors to opt out.
Reasonable Security, and Limited Data Retention, for Consumer Data
The FTC only wants you to hold on to data as long as it has a “legitimate business or law enforcement need.” As David Kaplan of paidContent.org points out, it is unclear how long a site “reasonably” needs to hold onto data. Who gets to determine that? Will it be different for each industry?
Affirmative Express Consent for Material Changes to Existing Privacy Promises
Affirmative Express Consent to (or Prohibition Against) Using Sensitive Data for Behavioral Advertising
You have to get users’ permission to collect data before (not after) users consent.
What do you think about these demands from the FTC? Are they out of line? How do you see guidelines like these actually being implemented?