Signaling a heightened focus on privacy, Maryland Attorney General Douglas Gansler said on Monday that he has created a new unit that will monitor Web companies' data collection practices.
The Internet Privacy Unit will investigate several aspects of online privacy, including whether companies are complying with the Children's Online Privacy Protection Act. That law prohibits Web site operators from knowingly collecting personal data from children younger than 13. The Federal Trade Commission recently issued new regulations that broaden the law's reach by prohibiting ad networks from using behavioral targeting techniques on children.
That's not all the new unit will focus on. It will also work with industry representatives and privacy advocates, and will pursue enforcement actions. Perhaps most intriguingly, the new group intends to "examine weaknesses in online privacy policies."
In other words, even companies that post privacy policies might face scrutiny if the policies have loopholes, or outright allow the companies to collect or use data in questionable ways. That's significant because in the past, regulators tended to focus only on whether companies posted and complied with their privacy policies, and not on whether the data collection practices themselves were too broad.
The moves come as consumers are expressing concerns about threats to privacy. Last week, Microsoft reported that two-thirds of users regularly delete cookies; today, TRUSTe reports that 72% of smartphone owners are more concerned about privacy on their phones than they were a year ago. Given the apparent consumer concerns, it wouldn't be surprising to see more state officials following the lead of Maryland and California.