PhotoA coalition of consumer groups is urging the Federal Trade Commission to double down on its efforts to protect consumers who it says are at "great risk of identity theft, financial fraud, and data breaches,"

The Electronic Privacy Information Center (EPIC) and other organizations argue that "proactive efforts to strengthen data protection will spur innovation and support business models that are sustainable over time." It would, of course, be better if companies simply stopped collecting data on every man, woman, and child, but no one really expects that to happen. 

The letter to the FTC asks the agency to increase its enforcement efforts, promote transparency, and pursue actions based on unfairness instead of relying on "notice and choice." 

In fact, even "notice and choice" -- which simply means telling consumers what is being done with their data and giving them a chance to opt out -- is under attack from the new head of the Federal Trade Commission, Maureen Ohlhausen, and the new Federal Communications Commission chair, Ajit Pai, who want to replace it with a "harms-based" approach.
 

Ohlhausen has said that consumers are not harmed when their movements on the web are tracked by marketing research companies and used to target advertising and conduct research into consumer behavior.

"The overwhelming majority of consumer benefits emerge from a free and honest market," she said. "Our job, then, is to address unfair and deceptive practices that harm the market process and harm consumers. And we must do so in a way that avoids hindering market-generated consumer benefits." Pai has made the same general argument, which Sophia Cope, staff attorney for the Electronic Frontier Foundation, called "outrageous" in a recent ConsumerAffairs report.

Both are bad

EPIC executive director Marc Rotenberg takes it a step further and says that both options -- “notice and choice” and “harms-based" -- are bad because both are used to undermine the privacy claims of consumers.

“'Notice and choice' is nothing more than small print disclaimers," Rotenberg told ConsumerAffairs. "Companies announce how they will use data in their privacy policies and consumers are left with a 'take it or leave it choice.' There are no meaningful market-based choices. And companies point to these 'notices' in litigation to say that consumers were warned."

Rotenberg noted an FTC staff report issued in the final days of the Obama Administration that warned of the dangers inherent in "cross-device tracking" of consumers, the practice of tracking consumer actions on desktop devices, on their smartphones, and at ATMs, retail point-of-sale terminals, and elsewhere.

The FTC report recommends that, at the very least, companies that engage in cross-device tracking have an obligation to tell consumers they're doing it and to offer them a chance to opt out. Those who track such sensitive data as health and financial information should be required to seek permission in advance, the report recommends.

Rotenberg disagrees. "It doesnt help consumers to have a 'right to choose' about tracking. The FTC staff report was simply wrong about all that. It is a meaningless choice. The FTC does not even enforce those privacy policies," he said.

Cases of "actual harm"

Ohlhausen said in a recent speech that the agency should use its resources to pursue cases of "actual harm," involving "monetary injury and unwarranted health and safety risks and should not focus on "speculative injury, or on subjective types of harm."
 
But Rotenberg said the "harms-based" approach "places the burden on consumers to prove harm, which is often difficult to detect in privacy cases, even when the company has breached a legal obligation."
 
The correct approach, according to Rotenberg, is “Fair Information Practices (FIPs),” which is to place legal obligations on companies that collect and use personal data and give legal rights to individuals who turn over their data to others.
 
“FIPs is the basis of most real privacy laws. Not notice and choice. Not harms,” Rotenberg said. "Companies need to do more to safeguard the personal information they collect."

Share your Comments