For the second time this week, the Federal Trade Commission's consumer protection chief has criticized the long-standing self-regulatory approach to privacy.
“With no legislation in
place, what has emerged over the last two decades is a regime grounded entirely in the fiction of notice and choice,” Samuel Levine told the data-broker trade group Consumer Data Industry
Association Thursday, according to a written version of his prepared speech. “Consumers do not
have the time to read hundreds of pages of dense privacy policies, and it should not be their burden to do so. Nor do consumers have real choice when so much of our lives depends on participating in
the digital economy.”
The remarks come two days after Levine told the National Advertising Division of the BBB National Programs that the
industry's self-regulatory effort on privacy had failed. The ad industry's self-regulatory framework broadly involves notifying consumers about data collection and allowing them to reject some uses of
their information.
Levine on Thursday condemned what he called “unchecked commercial surveillance,” which he said “endangers our privacy, our financial welfare, and our
liberty.”
He added that the unregulated nature of data has led to “vast, unfettered tracking” of people's behavior.
“Worse than this unchecked collection is the
continuous cycle of companies buying more data on each consumer, aggregating, creating profiles, and selling these profiles to additional third parties with little screening about potential
uses,” he said. “Countless data aggregators collect, buy, and combine data from multiple sources and sell it to marketers, researchers, or government agencies.”
The FTC
currently is considering whether to issue privacy regulations. Advocates have long clamored for official restrictions on data gathering, while the ad industry has argued that any new rules should come
from Congress.
New rules or not, Levine made it clear that the FTC is already pressing companies to curb the amount of information they gather about consumers.
“An increasing
number of orders in our privacy and data security cases are requiring companies to minimize the consumer data they collect and retain it for no longer than is reasonably necessary,” he said.
“Data that isn’t collected can’t be compromised, and the unnecessary retention of vast troves of personal data heighten the risks and increase the stakes of data breaches,
manipulation, and other abuses.”
Meanwhile, officials in other states aren't waiting for the FTC to issue privacy rules.
Earlier this year, Washington state passed My Health My Data, which prohibits app developers, website operators and
others from collecting, processing or sharing a broad range of information about consumers' health without their explicit consent.
And California lawmakers just approved the Delete Act, which aims to enable residents to easily remove their
information from every data broker registered with the state.
Advocacy groups backed that measure, while business organizations -- including groups representing advertisers and data brokers --
opposed it.
“Without data, companies would not be able to deliver critically important products and services consumers benefit from today, sometimes without even being aware of how this
data supports their safety and enjoyment of everyday life,” 19 groups including the Association of National Advertisers, American Association of Advertising Agencies, California Retailers
Association, Interactive Advertising Bureau, Los Angeles Area Chamber of Commerce and NetChoice said in a letter sent earlier this month to lawmakers.
That law currently awaits Governor Gavin
Newsom's signature.