E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission.

Slides:

Advertisements

Similar presentations

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,

Advertisements

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.

Consumer Powers and Protections

4.01 Foundational knowledge of promotion

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Consumer Privacy and Information Access Professor Matt Thatcher.

September 2006 The effect of the pending privacy legislation on the Direct Marketing and Contact Centre Industries… Catastrophe or Opportunity?

The Internet industry’s privacy seal program Silicon Valley Web Guild.

Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Behavioral Advertising Privacy, Consumer Attitudes and Best Practices Carolyn Hodge, VP of Communications, TRUSTe David W. Stark CIPP, VP & North America.

The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

June TRECCCIM  May not discriminate on basis of protected class  May not steer  May not inquire about, respond to or facilitate inquiries which.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Per Anders Eriksson

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy Self-Regulation.

Standards and Guidelines for Web Page Publishing December 9, 2009.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

© 2010 Dorsey & Whitney LLP Social Media Friday, September 17, 2010 The Committee on Finance & Information Technology (CFIT)

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Marketing Systems Group Southern California MRA Education Seminar Presentation September 17, 2005 Privacy and Current Issues.

Notes for Discussion on a Privacy Practice © Joe Cleetus.

Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine.

INDUSTRY COMMITMENT TO INNOVATION IN NOTICE AND CHOICE AAAA, ANA, CBBB, DMA, IAB Convene Task-Force (April 2008) Coalition begins drafting industry principles.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Privacy Issues In Market Research Duane L. Berlin, Esq. General Counsel, CASRO Principal, Lev & Berlin, P.C. PL&B Annual Conference Cambridge, MA 22 August.

The DoubleClick controversy and other related issues pertaining to privacy on the Internet.

2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Federal Agencies and Laws for Consumer Rights

ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Essentials Of Business Law Chapter 27 Conducting Business In Cyberspace McGraw-Hill/Irwin Copyright © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

Behavioral Advertising Privacy, Consumer Attitudes and Best Practices Carolyn Hodge, VP of Communications, TRUSTe David W. Stark CIPP, VP & North America.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Online Marketing: Industry Innovation and Government Enforcement Actions Privacy Symposium Wednesday, August 22, 2007 Christine Varney Partner, Hogan &

1 Privacy & Preference Committee Update Ensuring a healthy ecosystem via transparency & trust Date: January 13, 2009 Alan Chapell, President.

[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]

Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Facebook privacy policy

Federal Agencies and Laws for Consumer Rights

"Our vision is to be earth's most customer-centric company; to build a place where people can come to find and discover anything they might want to buy.

Michael Spiegel, Esq Timothy Shimeall, Ph.D.

SETTING UP OF E-COMMERCE WEBSITE

BA 625: Privacy Law and Policy

PERSONAL DATA PROTECTION ACT 2010

Current Privacy Issues That May Affect Your Credit Union

General Data Protection Regulations

Google Privacy Policy Karen Tao.

Introduction to Health Privacy

Student Privacy in the age of big data

Legal Terms electronic commerce (p. 284) electronic signature (p.286)

Presentation transcript:

E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission

E tail d E tails Overview u Background u Privacy disclosures u Third-party data collection u Section 5 enforcement u Relevant privacy statutes u Tips and resources

E tail d E tails FTC’s Privacy Initiative u Public workshops u Fair Information Practice Principles u Notice, Choice, Access, & Security u Surveys of commercial Web sites u Annual reports to Congress since 1998 u Enforcement actions u Consumer and business education

E tail d E tails Audience Poll Do you post a privacy policy? A.Yes B.No

E tail d E tails Audience Poll Where is your privacy policy? A. Hyperlink from home page B. Hyperlink where information is collected C. A and B D. None of the above

E tail d E tails Privacy Disclosures: Placement on Your Web Site u Clear and conspicuous u Hyperlink from home page to the complete privacy policy u Post disclosures or hyperlink again at the point of information collection

E tail d E tails Privacy Disclosures: You Should Disclose... u What information is collected u How information is collected u How information is used u Whether information is disclosed to others u How Choice, Access and Security are provided to consumers u Whether other entities are collecting information through the site

E tail d E tails Privacy Disclosures: What to Avoid u Contradictory statements u Ambiguous language regarding choice u Applying new, inconsistent policies to previously-collected information

E tail d E tails Avoid Contradictory Statements u Example 1: “This site does not sell or rent user information to any third parties.” Followed 2 pages later by: “Information you disclose may be shared with our business partners and sponsors.” u Example 2: “Your privacy is important to us, so we don’t share information about our customers with others, except in the following limited circumstances.” Followed by: a long list of exceptions, including business partners, sponsors, and other third parties u Solution: clarity, brevity, consistency

E tail d E tails Avoid Ambiguous Language Yes, make information that I supply available to selected companies, which may contact me regarding products or services I may find of interest. All of the information you provide will be kept completely confidential unless you indicate otherwise.

E tail d E tails Avoid Ambiguous Language u Example: Privacy Policy: “Personal information will not be used to contact you without your consent.” Bottom of Registration form: Yes! Send me information about other products I might like! u Solution: be clear about how consumers can exercise choice

E tail d E tails Avoid Material Changes Without Providing Notice or Choice u Example: “We will never share customer information with third parties.” But: “Our business changes constantly, so check back here frequently to learn of changes to our privacy policy.” u Solution: provide consumers notice and choice about whether changes shall apply to previously-collected information

E tail d E tails Audience Poll Does a third party serve ads on your site? A.Yes B.No C.Don’t know

E tail d E tails Third-Party Profiling: What it is and How it Affects You u Third party’s use of cookies, Web bugs, etc., to track consumers across Web sites and develop extensive profiles to help deliver targeted ads u Invisible to consumers u No direct consumer relationship u FTC & Department of Commerce held public workshop in November 1999 u Network Advertising Initiative (“NAI”) announced u 90% of network advertising industry (about 10 members) u Developed self-regulatory principles

E tail d E tails NAI Self-Regulatory Principles u Include Notice, Choice, Access, Security and Use Restriction for sensitive information u NAI members will require their clients to provide Notice and opportunity to exercise Choice

E tail d E tails Sample Notice: Sharing PII With Third Party

E tail d E tails More on Third-Party Data Collection u For more information about the NAI Principles, including sample notices: u NAI Web site u FTC Report to Congress: Online Profiling

E tail d E tails Say What You Do... And Do What You Say u Section 5 prohibits deceptive practices u Deceptive practices include privacy statements that are misleading because u They state or imply something that is not true about what information is collected or how it is used u They omit information that is material in light of the statements made u FTC enforcement

E tail d E tails FTC v. Liberty Financial u In connection with a survey about finances, Web site expressly stated that: “All of your answers will be totally anonymous.” u In fact, Web site could identify individuals with their responses to the survey u FTC alleged these were deceptive practices under Section 5

E tail d E tails FTC v. Toysmart u Privacy Policy: “When you register with toysmart.com, you can rest assured that your information will never be shared with a third party.” u Conduct: Facing financial difficulties,Toysmart tried to auction off its customer database u Legal consequence: FTC filed lawsuit to block the sale; 40+ states filed objections

E tail d E tails Relevant Statutes: Children’s Online Privacy Protection Act u Who is covered by COPPA? u Sites (or portions of sites) directed to children under 13 u Sites that knowingly collect personal information from children under 13 u Collection of anonymous information does not trigger the Act u What does COPPA require? u Posted privacy policy and direct notice to parents u “Opt-in” parental consent prior to collection of personal information u Parental access to information u

E tail d E tails Relevant Statutes: Gramm-Leach-Bliley Act u Who is covered by GLB? u Financial institutions u Entities “significantly involved in financial activities” (e.g., real estate appraisers, insurance companies, automobile leasing, companies that operate travel agencies in connection with financial services, retailers that offer credit cards directly to consumers) u What does GLB require? u Notice u Opt-out before information is shared with non-affiliated third parties u When must companies comply? u Law went into effect November 13, 2000 u Full compliance required by July 1, 2001

E tail d E tails Tips for Writing (and Following) Your Privacy Policy u Make sure you know what information your company collects, how it is stored, and how it is used, and write your policy accordingly u Use a team approach, including representatives from legal, marketing, customer support, IT, and Web design to u Determine current information practices u Assess what laws may apply u Develop and draft a clear privacy policy u Educate your employees, develop training materials

E tail d E tails Privacy Policy Generators Can Help u DMA’s Privacy Policy Generator u Microsoft bCentral Privacy Wizard privacy.linkexchange.com u OECD Privacy Policy Generator u Secure Assure Privacy Profile Wizard u TRUSTe Privacy Statement Wizard

E tail d E tails Other Resources u BBBOnline Privacy Seal Program u BetterWeb Seal Program u CPA WebTrust Seal u TRUSTe Seal Program u Platform for Privacy Preferences (P3P) Project u YOUpowered, Inc. u Online Privacy Alliance Guidelines u NAI Self-Regulatory Principles

E tail d E tails FTC Privacy Resources u u u u FTC Report to Congress: Fair Information Practices in the Electronic Marketplace (May 2000) u Advisory Committee on Online Access and Security – Final Report (May 2000) u FTC Report to Congress: Online Profiling, Parts 1 & 2 (June & July 2000)

E tail d E tails Primer on Privacy Dana B. Rosenfeld January 30, 2001

E tail d E tails More about the NAI Principles

E tail d E tails Collection of Non-PII u Network advertisers shall require that their clients: u (1) post a privacy policy that clearly and conspicuously discloses (a) the customer's use of the network advertiser services for profiling; (b) the type of information that may be collected by the network advertiser; and (c) the consumer's ability to choose not to participate; and u (2) provide a clear and conspicuous link to the Opt-Out Page of the NAI gateway educational site or to the network advertiser’s own opt out page

E tail d E tails Sample Non-PII Notice Language “ We use third-party advertising companies to serve ads when you visit our Web site. These companies may place cookies on your machine and may collect certain anonymous information (not including your name, address, address, or telephone number) about your visits to this and other Web sites in order to provide advertisements about goods and services of interest to you. Below we’ve provided links to these companies’ privacy policies where you can learn about their practices and the choices you may have to opt-out of having information used or collected by these companies.” CompanyPrivacy Policy Adcompany 1www.adcompany1.com/privacywww.adcompany1.com/privacy Adcompany 2www.adcompany2.com/privacywww.adcompany2.com/privacy

E tail d E tails Collection of PII u Network advertisers will provide, through contractual arrangements with their clients, “robust notice” and choice before collecting PII or merging PII with non-PII u Choice varies: u Opt-out for collection of PII u Opt-out for merger of PII and non-PII prospectively u Opt-in for merger of PII and previously-collected non-PII u Opt-in for material change in how previously- collected PII or non-PII is used

E tail d E tails “Robust Notice” u At the time and place information is collected (e.g., registration page) u Must disclose u that the PII is shared with a network advertiser for purposes of profiling u the type of information that may be collected and linked by the network advertiser u the consequent loss of anonymity u the consumer’s choices with respect to the data collection or merger of PII and non-PII