Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Privacy Framework Pushes For Regulation of Data Brokers

Posted by Soulskill on from the suggested-recommendations-for-potential-guidelines dept.

Trailrunner7 writes "The Federal Trade Commission has issued a new report (PDF) on consumer privacy and online tracking. Among the recommendations the commission makes is that data brokers make themselves known to consumers and be open and transparent about the data they collect. The FTC also says companies should be building privacy protections into their products by design, including implementing the Do Not Track mechanism once it's finalized. Data brokers are essentially an unregulated group of companies that collect, store and sell information about consumers and their behaviors and buying preferences. Privacy advocates and some lawmakers have criticized the industry's practices and called for some regulation. As a result, the FTC is recommending that the industry not only create a central site to inform consumers about the kinds of data they collect and sell, but also is pushing for legislation to address the industry's problems."

23 comments

  1. new agenda by girlintraining · · Score: 5, Interesting

    "Okay, and the next item on the federal congressional budget... defunding of the FTC. All in favor? All opposed? Motion passes. We apologize to our corporate sponsors for the delay in identifying these activist accountants, and assure you that by the legislation passed will soon be defanged and rendered useless."

    Please. The FTC is too small to make a difference here. Most of our personal data is shipped overseas anyway to strip it of any legal protections anyway. Remember HIPPA people? That's your private medical data. There's nothing preventing your insurance company from exporting it to an associate overseas, where there is no HIPPA and then selling that data back to a vendor in the US. There's a healthy market for this kind of thing -- it increases the number of rejects based on "pre-existing conditions"... it's very cost effective.

    So if the government can't even protect your medical data, don't hold your breath about your personal data getting any protections.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:new agenda by amiller2571 · · Score: 1

      Not sure either

    2. Re:new agenda by Anonymous Coward · · Score: 0

      Almost definitely an idiot. First off, it's HIPAA, not HIPPA. Secondly, there IS a provision preventing such shady data transactions

    3. Re:new agenda by Anonymous Coward · · Score: 0

      This FTC report recommends that Congress make legislation covering some of the privacy issues, which is the right approach. They've done a good job of spelling out the issues, and yeah in the end it's going to go through the sausage grinder that is our political process. If you give half a damn it wouldn't be a bad thing to contact your congress critter and put some momentum behind this. Apathy gets you zippo in this process.

    4. Re:new agenda by Anonymous Coward · · Score: 0

      ... data is shipped overseas anyway to strip it of any legal protections ...

      The US government has no trouble demanding the whole internet is a US territory when music is pirated. So any piracy was committed under US laws, regardless of the political borders.

      ... if the government can't even protect your medical data ...

      Government is mostly setting (and enforcing) rules for other people to follow. The fact they enforce anti-piracy treaties across the internet for two-cent businesses reveals the lax laws on data retention/privacy are a choice.

    5. Re:new agenda by Anonymous Coward · · Score: 0

      Where? Please provide this provision.

  2. Another item I would like by avandesande · · Score: 4, Insightful

    Ability for consumers to request that their data is permanently deleted.

    --
    love is just extroverted narcissism
    1. Re:Another item I would like by Anonymous Coward · · Score: 2, Insightful

      How about an actual policy stance sort of like they have in Germany? Where I own the rights to my information and it cannot be stored or collected without my explicit consent. Forget being asked to opt out. I want to be asked if I want to opt in to begin with before you start scraping my info for profit.

    2. Re:Another item I would like by Karl+Cocknozzle · · Score: 1

      Why do I only have mod points on days when AC's post sensible things to mod up? Couldn't agree more: It's MY personal information, and data-marts have no right to collect/commercialize it without my consent...and a cut of the profit.

      --
      Who did what now?
    3. Re:Another item I would like by __aaeihw9960 · · Score: 1

      This is where the marketing genius of the US has bamboozled us the most. We shouldn't have to opt-out. We shouldn't be required to be part of telemarketing/data-collection like it's a birthright.

      BUT, by coming up with GENIUS ideas like opt-out, we're trained to honestly believe, deep down, that the system has always been this way, will always be this way, and the only way to not participate is to put your name on a list. Oh, and that list is only good for 5 years or so.

      Marketing, sales and the almighty quest for wealth will be the death of us all.

  3. FTC asks nicely. by Crasoose · · Score: 2

    I wish they had more power to be honest, the FTC is one federal thing I've come to agree with time and time again.

    1. Re:FTC asks nicely. by Em+Adespoton · · Score: 1

      I wish they had more power to be honest, the FTC is one federal thing I've come to agree with time and time again.

      You know what they say... "power corrupts." As the FTC has almost no power, they aren't very corrupt. Personally, I like it this way, as they DO have a voice that will be heard, even if others with power usually overrule their recommendations. Would you rather they were like the TSA or the CBP?

  4. Simpler by Mikkeles · · Score: 4, Interesting

    It would be simpler to just not allow any company to retain any more customer data than is absolutely required to do its business (e.g. mailing address for magazine subscriptions) and retain no data on concluded business beyond warrenty info.

    --
    Great minds think alike; fools seldom differ.
    1. Re:Simpler by 0123456 · · Score: 4, Interesting

      So then you just need a huge bureaucracy interfering with every company in the country to tell them what data is 'absolutely required to do its business'.

      Or the company could risk being sued at any moment by someone who believes their data isn't 'absolutely required to do its business'.

    2. Re:Simpler by Jah-Wren+Ryel · · Score: 1

      Or the company could risk being sued at any moment by someone who believes their data isn't 'absolutely required to do its business'.

      That doesn't seem to have really hindered business in the EU where such is pretty much the law already.

      --
      When information is power, privacy is freedom.
    3. Re:Simpler by Anonymous Coward · · Score: 0

      Sweden have had this as law for +20 years, and there is no huge bureaucracy around it. If you break it, you get orded to imedently implement changes or face fines.

  5. regulation won't help by Anonymous Coward · · Score: 1

    It might push some of the data collection houses offshore, or cause companies to buy... err, find clever loopholes around it, but it won't make any difference in the end.

    There are already protections available to maintain your privacy online, it's just that so few people care. You can't make people care.

    And Do Not Track is just stupid. It'll work as well as "do not spam". The ways to avoid being tracked are things like: Noscript. Adblock. An anonymous proxy. Ghostery. And so on. The ONLY way to avoid being tracked is to avoid leaking data. Any data you leak, well... it's gonna be logged, if not in the USA or EU, then somewhere with looser protections. That's the nature of the beast.

  6. unwarranted defeatism by radarradar · · Score: 1

    Whether or not the people currently in office have the will to do so or not, it's entirely possible to regulate and/or ban the collection and resale of personal data. There may be nothing to stop the import and export of personal data now, but that could change -- if the political will is there. It's up to us to create that political will.

  7. political vs. technical solutions by radarradar · · Score: 1

    So it's possible for data abusers to come up with loopholes and strategies against political/legal solutions but not against noscript, adblock, etc? The people who want your data are more clever than that.

    1. Re:political vs. technical solutions by Anonymous Coward · · Score: 0

      So it's possible for data abusers to come up with loopholes and strategies against political/legal solutions but not against noscript, adblock, etc?

      In a nutshell, yes. If I'm not sending them data, there's nothing they can do about it. But if I'm sending them data and depending on them following some *US* law (when they might not even be in the US), then I'm SOL.

      But even IF what you are alluding to was true, it's still much better to use a technical solution. It can react faster, in a hours or days, to new threats, where the legal environment only changes after years, if that.

      Depending on the law to protect your privacy is idiotic and doomed to failure. Hell, the EU has such laws now..... it doesn't stop every bloody web site from scraping the data of visitors from the EU. It just doesn't work.

  8. Keep it simple by Anonymous Coward · · Score: 1

    Keep in simple, if the site *requires* your REAL NAME, regulate the crap out of it.
    If it requires your taxpayer id, regulate the crap out of it.

    If you can get away without your real name, birthdate, phone number, and zipcode, then it doesn't need to be regulated.

    Facebook, Google plus, regulate the crap out of them. Twitter, not so much. MMORPG's regulate the crap out of them.

  9. just like equifax by CimmerianX · · Score: 1

    What we need is a system just like the one in place to watch the credit agencies.

    There must be a way for the common man to check what information these collectors have. Verify it is accurate. Flag items for removal. Allow free checks every year. Etc.

    Right now, companies like lexis/nexis will send you a copy of your file, but to get it you need to send ID, SS#, and other proofs through normal mail. You can't fedex or overnight, can't get a signature, etc.... There is no online option for this either. There is no way I'm sending out my entire identity with photocopies of all my docs in normal mail. That's just asking to ask your identity stolen.

    This must be done online in a secure fashion, just like the credit checks.