Inside the Privacy Event Keynoted By FTC Chair Leibowitz

By: Nicole Kardell

Federal Trade Commission Chairman Jon Leibowitz delivered the keynote speech at a forum on Internet privacy on Oct. 11, 2011. He was part of a panel that discussed the protection of consumer data and the tracking of online consumer behavior. The Stanford Law School Center for Internet and Society also released a study the same day showing that data collection on the Internet is not anonymous and information about consumers is often leaked from websites.

Leibowitz emphasized that there are three key principles to protecting the privacy of consumers on the Internet. First, companies in the business of collecting and storing data need to build strong privacy policies. Data should be kept only for legitimate business needs and the more sensitive the data is, the more careful they need to be.

Second, there needs to be transparency. If data is being collected then consumers need to be told what is going on in a manner that they can easily understand. Lastly, there needs to be choice for the consumer. Consumers should have streamlined choices about the collection and usage of data based on their online behavior.

Leibowitz said there is a clear need for the development of a do-not-track mechanism for web users, similar to the do-not-call list that has been successful in blocking telemarketing calls. This mechanism would provide web users the ability to opt out of online tracking, which is used to provide targeted advertising based on a person’s online behavior.

Leibowitz emphasized that it is about providing consumers with the choice not to be tracked online, noting that if given the choice himself he would probably choose not to opt out because he enjoys the targeted advertising.

Leibowitz made clear that he does not care who creates this mechanism, but he does not think it needs to be administered by the government, though some members of Congress have proposed legislation to create a do-not-track system. (Note that the Interactive Advertising Bureau, a trade group for online advertisers, established a code of conduct that states that members should give clear and prominent notice of any online behavioral advertising collection and use. The code went into effect at the end of August.)

Leibowitz applauded Mozilla for going out of its way to provide consumers with the information to decide if they want to opt out of online tracking and said he was hoping other online browsers would soon follow. (Microsoft’s IE9 and Apple’s Safari also have do-not-track options.) Leibowitz emphasized that the FTC did not want to interfere with the normal data flow that makes the Internet efficient and did not see the need for the Internet to be a privacy-free zone, but still wanted to have a mechanism that allows for consumer protection.

Jonathan Mayer, a graduate student fellow at the Center for Internet and Society at Stanford University, and identifier of the “supercookie,” released a new study that showed that information collection from many websites is not as anonymous as many sites claim it is or consumers think it is. Identifying information from consumers was often leaked when the consumers went to various websites, though Mayer said that it was not clear that the leakage by websites was intentional and the study did not attempt to gauge this.

Mayer looked at the top 250 websites and signed up as a member on 185 of those websites. Mayer found that 61 percent of the websites leaked a user name or a user ID. Mayer stated that once an identity is provided in a pseudonymous system then it can be associated with what that person has done in the past and will do in the future. Full results of the study are available here.

The talks were sponsored by the ACLU, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers Union, Consumer Watchdog, Electronic Privacy Information Center, Privacy Rights Clearinghouse, US PIRG, and World Privacy Forum.