Presentation is loading. Please wait.

Presentation is loading. Please wait.

E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission.

Published byPaul Clinton Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission."— Presentation transcript:

1 E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission

2 E tail d E tails Overview u Background u Privacy disclosures u Third-party data collection u Section 5 enforcement u Relevant privacy statutes u Tips and resources

3 E tail d E tails FTC’s Privacy Initiative u Public workshops u Fair Information Practice Principles u Notice, Choice, Access, & Security u Surveys of commercial Web sites u Annual reports to Congress since 1998 u Enforcement actions u Consumer and business education

4 E tail d E tails Audience Poll Do you post a privacy policy? A.Yes B.No

5 E tail d E tails Audience Poll Where is your privacy policy? A. Hyperlink from home page B. Hyperlink where information is collected C. A and B D. None of the above

6 E tail d E tails Privacy Disclosures: Placement on Your Web Site u Clear and conspicuous u Hyperlink from home page to the complete privacy policy u Post disclosures or hyperlink again at the point of information collection

7

8

9 E tail d E tails Privacy Disclosures: You Should Disclose... u What information is collected u How information is collected u How information is used u Whether information is disclosed to others u How Choice, Access and Security are provided to consumers u Whether other entities are collecting information through the site

10 E tail d E tails Privacy Disclosures: What to Avoid u Contradictory statements u Ambiguous language regarding choice u Applying new, inconsistent policies to previously-collected information

11 E tail d E tails Avoid Contradictory Statements u Example 1: “This site does not sell or rent user information to any third parties.” Followed 2 pages later by: “Information you disclose may be shared with our business partners and sponsors.” u Example 2: “Your privacy is important to us, so we don’t share information about our customers with others, except in the following limited circumstances.” Followed by: a long list of exceptions, including business partners, sponsors, and other third parties u Solution: clarity, brevity, consistency

12 E tail d E tails Avoid Ambiguous Language Yes, make information that I supply available to selected companies, which may contact me regarding products or services I may find of interest. All of the information you provide will be kept completely confidential unless you indicate otherwise.

13 E tail d E tails Avoid Ambiguous Language u Example: Privacy Policy: “Personal information will not be used to contact you without your consent.” Bottom of Registration form: Yes! Send me information about other products I might like! u Solution: be clear about how consumers can exercise choice

14 E tail d E tails Avoid Material Changes Without Providing Notice or Choice u Example: “We will never share customer information with third parties.” But: “Our business changes constantly, so check back here frequently to learn of changes to our privacy policy.” u Solution: provide consumers notice and choice about whether changes shall apply to previously-collected information

15 E tail d E tails Audience Poll Does a third party serve ads on your site? A.Yes B.No C.Don’t know

16 E tail d E tails Third-Party Profiling: What it is and How it Affects You u Third party’s use of cookies, Web bugs, etc., to track consumers across Web sites and develop extensive profiles to help deliver targeted ads u Invisible to consumers u No direct consumer relationship u FTC & Department of Commerce held public workshop in November 1999 u Network Advertising Initiative (“NAI”) announced u 90% of network advertising industry (about 10 members) u Developed self-regulatory principles

17 E tail d E tails NAI Self-Regulatory Principles u Include Notice, Choice, Access, Security and Use Restriction for sensitive information u NAI members will require their clients to provide Notice and opportunity to exercise Choice

18 E tail d E tails Sample Notice: Sharing PII With Third Party

19 E tail d E tails More on Third-Party Data Collection u For more information about the NAI Principles, including sample notices: u NAI Web site www.networkadvertising.org u FTC Report to Congress: Online Profiling www.ftc.gov/os/2000/07/index.htm#27 www.ftc.gov/os/2000/07/index.htm#27

20 E tail d E tails Say What You Do... And Do What You Say u Section 5 prohibits deceptive practices u Deceptive practices include privacy statements that are misleading because u They state or imply something that is not true about what information is collected or how it is used u They omit information that is material in light of the statements made u FTC enforcement

21 E tail d E tails FTC v. Liberty Financial u In connection with a survey about finances, Web site expressly stated that: “All of your answers will be totally anonymous.” u In fact, Web site could identify individuals with their responses to the survey u FTC alleged these were deceptive practices under Section 5

22 E tail d E tails FTC v. Toysmart u Privacy Policy: “When you register with toysmart.com, you can rest assured that your information will never be shared with a third party.” u Conduct: Facing financial difficulties,Toysmart tried to auction off its customer database u Legal consequence: FTC filed lawsuit to block the sale; 40+ states filed objections

23 E tail d E tails Relevant Statutes: Children’s Online Privacy Protection Act u Who is covered by COPPA? u Sites (or portions of sites) directed to children under 13 u Sites that knowingly collect personal information from children under 13 u Collection of anonymous information does not trigger the Act u What does COPPA require? u Posted privacy policy and direct notice to parents u “Opt-in” parental consent prior to collection of personal information u Parental access to information u www.ftc.gov/kidzprivacy www.ftc.gov/kidzprivacy

24 E tail d E tails Relevant Statutes: Gramm-Leach-Bliley Act u Who is covered by GLB? u Financial institutions u Entities “significantly involved in financial activities” (e.g., real estate appraisers, insurance companies, automobile leasing, companies that operate travel agencies in connection with financial services, retailers that offer credit cards directly to consumers) u What does GLB require? u Notice u Opt-out before information is shared with non-affiliated third parties u When must companies comply? u Law went into effect November 13, 2000 u Full compliance required by July 1, 2001

25 E tail d E tails Tips for Writing (and Following) Your Privacy Policy u Make sure you know what information your company collects, how it is stored, and how it is used, and write your policy accordingly u Use a team approach, including representatives from legal, marketing, customer support, IT, and Web design to u Determine current information practices u Assess what laws may apply u Develop and draft a clear privacy policy u Educate your employees, develop training materials

26 E tail d E tails Privacy Policy Generators Can Help u DMA’s Privacy Policy Generator www.the-dma.org/library/privacy/creating.shtml u Microsoft bCentral Privacy Wizard privacy.linkexchange.com u OECD Privacy Policy Generator www.oecd.org u Secure Assure Privacy Profile Wizard www.secureassure.org u TRUSTe Privacy Statement Wizard www.truste.org/wizard

27 E tail d E tails Other Resources u BBBOnline Privacy Seal Program www.bbbonline.org/privacy/index.asp www.bbbonline.org/privacy/index.asp u BetterWeb Seal Program www.pwcbetterweb.com u CPA WebTrust Seal www.cpawebtrust.org u TRUSTe Seal Program www.truste.org u Platform for Privacy Preferences (P3P) Project www.w3.org/P3P www.w3.org/P3P u YOUpowered, Inc. www.youpowered.com u Online Privacy Alliance Guidelines www.privacyalliance.com u NAI Self-Regulatory Principles www.networkadvertising.org www.networkadvertising.org

28 E tail d E tails FTC Privacy Resources u www.ftc.gov/privacy www.ftc.gov/privacy u www.ftc.gov/kidzprivacy www.ftc.gov/kidzprivacy u www.consumer.gov www.consumer.gov u FTC Report to Congress: Fair Information Practices in the Electronic Marketplace (May 2000) u Advisory Committee on Online Access and Security – Final Report (May 2000) u FTC Report to Congress: Online Profiling, Parts 1 & 2 (June & July 2000)

29 E tail d E tails Primer on Privacy Dana B. Rosenfeld January 30, 2001

30 E tail d E tails More about the NAI Principles

31 E tail d E tails Collection of Non-PII u Network advertisers shall require that their clients: u (1) post a privacy policy that clearly and conspicuously discloses (a) the customer's use of the network advertiser services for profiling; (b) the type of information that may be collected by the network advertiser; and (c) the consumer's ability to choose not to participate; and u (2) provide a clear and conspicuous link to the Opt-Out Page of the NAI gateway educational site or to the network advertiser’s own opt out page

32 E tail d E tails Sample Non-PII Notice Language “ We use third-party advertising companies to serve ads when you visit our Web site. These companies may place cookies on your machine and may collect certain anonymous information (not including your name, address, email address, or telephone number) about your visits to this and other Web sites in order to provide advertisements about goods and services of interest to you. Below we’ve provided links to these companies’ privacy policies where you can learn about their practices and the choices you may have to opt-out of having information used or collected by these companies.” CompanyPrivacy Policy Adcompany 1www.adcompany1.com/privacywww.adcompany1.com/privacy Adcompany 2www.adcompany2.com/privacywww.adcompany2.com/privacy

33 E tail d E tails Collection of PII u Network advertisers will provide, through contractual arrangements with their clients, “robust notice” and choice before collecting PII or merging PII with non-PII u Choice varies: u Opt-out for collection of PII u Opt-out for merger of PII and non-PII prospectively u Opt-in for merger of PII and previously-collected non-PII u Opt-in for material change in how previously- collected PII or non-PII is used

34 E tail d E tails “Robust Notice” u At the time and place information is collected (e.g., registration page) u Must disclose u that the PII is shared with a network advertiser for purposes of profiling u the type of information that may be collected and linked by the network advertiser u the consequent loss of anonymity u the consumer’s choices with respect to the data collection or merger of PII and non-PII

Download ppt "E tail d E tails Primer on Privacy Dana B. Rosenfeld Bureau of Consumer Protection Federal Trade Commission."

Similar presentations

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,

International partnership of law companies Customs & Corporate Lawyers, based on the principles of observance of high professional standards, mutual trust,
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.
E-Commerce and the Law Section 13.3. Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.

E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.
Consumer Powers and Protections

Consumer Powers and Protections
4.01 Foundational knowledge of promotion

4.01 Foundational knowledge of promotion
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Consumer Privacy and Information Access Professor Matt Thatcher.

Consumer Privacy and Information Access Professor Matt Thatcher.
September 2006 The effect of the pending privacy legislation on the Direct Marketing and Contact Centre Industries… Catastrophe or Opportunity?

September 2006 The effect of the pending privacy legislation on the Direct Marketing and Contact Centre Industries… Catastrophe or Opportunity?
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.

Privacy Policy Workshop M. Ryan Calo, Center for Internet and Society, Stanford Law School Mali Friedman, Covington & Burling LLP, San Francisco Office.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Behavioral Advertising Privacy, Consumer Attitudes and Best Practices Carolyn Hodge, VP of Communications, TRUSTe David W. Stark CIPP, VP & North America.

Behavioral Advertising Privacy, Consumer Attitudes and Best Practices Carolyn Hodge, VP of Communications, TRUSTe David W. Stark CIPP, VP & North America.
The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.

The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College

Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
June 2015. TRECCCIM  May not discriminate on basis of protected class  May not steer  May not inquire about, respond to or facilitate inquiries which.

June TRECCCIM  May not discriminate on basis of protected class  May not steer  May not inquire about, respond to or facilitate inquiries which.

Similar presentations

Ads by Google