If you promise customers that their personal information is secure, you had better deliver on that promise. That is the message of last week’s settlement between the FTC and Twitter — the FTC’s first case against a social networking service. It’s a message the FTC has sent to industry before.
The matter arose when hackers twice secured administrative control of Twitter in early 2009. (How? In one case, an automated password-guessing tool smoked out the administrative password – ”a weak, lowercase, letter-only, common dictionary word,” according to the complaint.) The breach led to a series of phony tweets from a number of user accounts — including one from then President-elect Obama. Hackers also reviewed non-public user information. Read more »
Yesterday, the Federal Trade Commission released answers to frequently asked questions about its Guides Concerning the Use of Endorsements and Testimonials in Advertising. These FAQs provide helpful additional guidance regarding the FTC’s revisions to the Guides. Key issues addressed by the FAQs include: Read more »
If you are a provider of sensitive Web-based services, do you send all data exclusively using secure sockets layer (SSL) protocol? The Electronic Frontier Foundation — citing a March 17th FTC “roundtable” speech by Commissioner Pamela Jones Harbour – reports that SSL is now on the FTC’s agenda. While the largest Web services (Yahoo!, Facebook) will give a lot of thought to Commissioner Jones’ comments, we believe all providers of cloud-based services that trade in sensitive information should give their users the option of using SSL (or, better yet, default to SSL). Not only does this demonstrate a commitment to protecting sensitive information about customers, it also helps minimize online fraud and data theft.
Stephanie Clifford reports in today’s The New York Times on an interesting development in the online privacy wars. According to the article, several major advertisers are considering appending a stylized ”i” icon to their online ads that rely on consumer online behavioral data. The initiative would begin this summer. The icon was developed by the Future of Privacy Forum. A consumer who clicks on the icon will receive information explaining how the advertiser used the consumer’s Web surfing history and demographic information to target him or her for the ad. Advertisers hope this new effort at self-regulation can help the industry stave off potential FTC regulation.
We previously mentioned that the FTC will explore online privacy issues at its next privacy roundtable on January 28th at the Berkeley Center for Law and Technology. The FTC unveiled the agenda for the roundtable today.
The Commission also released more information on its third and final privacy roundtable – in Washington, DC on March 17, 2010. This roundtable will focus on protection of health data and other sensitive consumer information, and identity management and accountability approaches to privacy.
FTC Chairman Jon Leibowitz and David Vladeck, chief of the FTC’s Bureau of Consumer Protection, recently spoke with editors and reporters of the New York Times about online privacy. In their discussion, available here, both signaled again that they expect the commission to take a more active role in protecting consumer privacy online.
Specifically, Mr. Vladek indicated that the advise-and-consent framework adopted by previous commissions (whereby a company would advise consumers — usually via a privacy policy — about what they are doing with their personal information, and obtain their consent) “depended upon the fiction that people were meaningfully giving consent.” Mr. Liebowitz hinted that the commission may head towards an opt-in framework, which would be a significant departure from advise-and-consent, in that companies could then be required, as a default practice, to limit their dissemination of personal information about consumers, and only be able to share such information if a consumer affirmatively chooses to allow it.
The FTC will explore these issues at a privacy roundtable on January 28th, and plans to issue a report on the subject in June or July.
Google’s “First Click Free” program for content publishers with pay walls appears to have had some vulnerabilities. If you’re not familiar with First Click Free, it’s a program that allows readers of Google News search results to read one piece in its entirety — without being forced to register or subscribe. If the reader tries to read a second article from a site requiring payment or registration, she would be prompted to pay or subscribe. A compromise, according to Google, that ”allow[s] publishers to sell access to their content in general while still allowing users to find it through our search results. Read more »
The FTC issued a congressionally mandated report today about online virtual worlds. ”Virtual Worlds and Kids: Mapping the Risks” details the types of content found in online virtual worlds, and the methods virtual world operators currently take to prevent youth access to explicit content. The report is the result of an FTC survey of 27 virtual worlds. The FTC found “at least one instance of either sexually or violently explicit content” in 19 of the 27 virtual worlds it studied. “It is far too easy for children and young teens to access explicit content in some of these virtual worlds,” said FTC Chairman Jon Leibowitz in the press release accompanying distribution of the report. The report, which we are studying, is available online here.
The Federal Trade Commission (“FTC”) recently approved a settlement of a complaint against Sears Holding Management Company (“Sears”) regarding the failure, by Sears, to disclose certain online data collection practices. The settlement, which reflects the FTC’s increasing focus on privacy, has received attention. Below is a summary of the case, and suggestions for companies that track online user behavior.
The Complaint
According to the FTC’s administrative complaint, Sears presented 15% of the visitors to its sears.com and kmart.com websites with a “My SHC Community” pop-up box.
Read more »
FTC, Laws and Regulations, Privacy, Twitter | editor | 
June 28, 2010 3:03 pm | 
Comments (0) 
Subscribe
