Skip to main content

FTC’s ‘Privacy by Design’ plan: What you need to know


The Federal Trade Commission (FTC) released today its final report on privacy. An updated and revised version of the preliminary report the FTC released in December 2010, the new report (pdf), dubbed “Protecting Consumer Privacy in an Era of Rapid Change,” outlines laws that are on the books concerning user privacy, and details a framework for how US businesses can better protect user data. While the report does not establish any new rules, it does provide a comprehensive look at how the federal government is attempting to get a handle on privacy in the Web and application era. Rather than making you read through the full report, here’s a breakdown of the most important bits that could have an effect on you online life.

Who’s in, who’s out

The policy framework outlined by the FTC applies to nearly all companies “that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device.” Due to the financial burden of the proposals in the famework, the FTC has updated this final version of the report to exclude business that collect data from fewer than 5,000 customers per year, and do not “share data with third parties.” In other words, the proposal applies to nearly every service that you use.

Privacy by design

At the heart of the FTC’s recommendations is that companies should build privacy protections into their businesses and services from the ground up. This includes “data security, reasonable collection limits, sound retention and disposal practices, and data accuracy.” Moreover, the FTC recommends that companies maintain these standards for data management for the life of a product or service.


While asking businesses to build with privacy in mind is definitely good advice, it fails to address all the business that are already up and running at full force, and does little to help users protect themselves. That’s where Do Not Track comes in. For those of you in the dark, Do Not Track is a technology that allows users to opt-out of having their Web activity tracked by websites they do not visit. The FTC says Web users will have “an easy to use and effective” Do Not Track option by the end of this year.

Browsers: The FTC says “significant progress” has been made in the area of Do Not Track implementation, with Mozilla, Microsoft, and Apple all releasing updated versions of their browser with Do Not Track technology built in. Mozilla’s Firefox for Android also includes Do Not Track.

Digital Advertising Alliance: The Digital Advertising Alliance, or DAA, which represents about 90 percent of all websites that use advertising, has agreed to respect Do Not Track, as well as browser settings that prevent data collection. In addition, the DAA has created an icon that will appear in DAA-affiliated ads, which users can click to see what types of data is being collected. Finally, the DAA has agreed to limit the secondary use of collected data in credit reports, and employer background checks.

W3C: The World Wide Web Consortium (W3C), the international standards body for the Internet, has agreed to work on an industry-developed standard technology for Do Not Track, which will make it easier to implement, and hopefully negate the need for a law that requires the use of Do Not Track.

Better privacy policies

The FTC concludes that most privacy policies are “generally ineffective” at explaining to users what types of information they are handing over to companies because most are “too long, are difficult to comprehend, and lack uniformity.” For this reason, the FTC proposes that all privacy policies “should be clearer, shorter, and more standardized.” The simplification and shortening of privacy policies is especially recommended for services that are accessed via mobile devices, which have smaller screens. Unfortunately, at this time, there is broad disagreement in the industry for how to achieve this.

Increased transparency on data brokers

The FTC says it will push “targeted legislation” that will require all data brokers — shadowy companies that collect and sell a staggering (sometimes troubling) range of user data to marketers, media organizations, the government, and others  — to make it easy for users to see how and what information is collected. As part of this plan, the Commission seeks to create a centralized website where data brokers can “identify themselves to consumers and describe how they collect and use consumer data,” as well as provide details on who can access that information.

In addition to enabling users to see what of their personal data is collected, the FTC also proposes making it possible for users to access the data, and correct errors, or change inconsistencies. As with the privacy policies, most companies that the FTC spoke with said this was a good idea, but disagreed on how to make this happen.

Many of the companies and organizations the FTC spoke with also wanted to limit users’ ability to access and edit all types of data, instead restricting this feature for financial records and other “sensitive” data. They said giving users the ability to access all data would be too costly. The FTC agrees that access to data should “be proportional to the sensitivity and intended use of the data.”

Will this report change anything?

Not by itself. As the FTC makes clear, this proposal is just that — a set of ideas for how things should work, not a set of rules. This means that the report has no direct repercussions for companies or the way your data is treated; no enforcement mechanism is established. Its purpose, however, is to explain to the technology industry what the federal government expects them to do voluntarily, and what kinds of legislation the Commission hopes Congress will enact to help protect consumers from zealous data collectors.

We highly recommend everyone read through the whole report (pdf) themselves — it’s a little long, and probably boring. But it provides the best look at the state of online privacy, and where it might be headed.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
Everything you need to know about Facebook’s reasserted right to use your content in ads
want to know what data facebook has on you a primer get and how it

In case you totally missed Facebook’s earlier court-mandated policy revisions that clarified how ads use your personal data on the social network, here’s a brand-new update: Facebook can definitely use your personal data for ads.
On Friday, Facebook reasserted in an announcement the changes made to its Statement of Rights and Responsibilities and Data Use Policy documents back in August, using blunt and straightforward language: Basically if you have an account on Facebook, you are giving them free reign to use your content – posts, activities, pertinent profile information, everything – for advertising purposes.
These policy changes affected teenage users in a big way, stating that any user under the age of 18 are automatically assumed to have parental consent to join the site. It means that their names, profile photos, and other Facebook content are free for use, much to the chagrin of concerned parents and various advocacy groups. And while their petitions were heard and examined by the Federal Trade Commission – Facebook even promised to run their policies through more edits, based on the feedback they’ve received from users – not much has changed in the final draft of the legal documents.
In a nutshell, here’s what changed since the last time we reported about Facebook’s policy overhaul:

Using Facebook posts as advertising vehicles – according to the new policy language – is comparable to how users are able to keep track of their friends’ activities (shares, comments, profile photo changes, etc …) on the site. In short, your Likes and location check-ins are easily transformed into ads/endorsements – once you like something or check into a place, your friends will be able to see your activity alongside an ad for the page, in either your Timeline, News Feed, or through Graph Search.

Read more
Facebook is axing an old feature, meaning you once again need to review your privacy settings

For a widely used social network such as Facebook, it’s very easy to become the object of an online stalking session. The platform actually has a ton of information about you already and while your account can be amply safeguarded by being vigilant about your security settings, there still are Facebook functions that may be unknown even to the most attentive user. One such function is called, “Who can look up my timeline by name?” which is on its way out.
The removal of the setting – which is still currently being used by a “small percentage of people” – was announced last year, but the earlier change only affected those who didn’t have the function activated at all. According to the recent update, those who have it enabled will see a reminder about its complete removal in the next few weeks, and it looks something like this:

The setting was created during a time when Facebook was a mere directory of people’s profiles. Now that it’s way easier to stalk and troll people by searching for them through Graph Search, there’s a need for a more pro-active way to protect your Facebook privacy – instead of using “Who can look up my timeline by name?” to stop people from having the ability to look you up, users can control who has access to your Timeline by limiting what your audience can see under the Privacy Settings and Tools tab. Facebook says the no-longer-needed setting is also being removed because users had difficulty finding people they already knew. Basically, it's yet another signal that you cannot avoid the powers of Graph Search, especially not with one fell swoop asking to make your Timeline unsearchable - now, you more than ever need to review what you're showing and with who. For instance, maybe everything on your profile is private except your check-ins and location are public; that means if someone searched for "People in Austin," you could come up even though you thought your account was locked down. 
Additionally, if you have posts that are on public view, you will also get sent a notification reminding you that your posts can also be seen by people you don’t know and how you can change the audience for each post (If your post has an icon of a globe next to it, it means it’s public. You can change it by clicking on the icon and choosing one of the other remaining options. Friends only is often the safest choice.)

Read more
Everything you need to know about Facebook’s expanded Graph Search features
everything you need to know about expanded graph search

Facebook's Graph Search is supposed to be a wide-ranging discovery tool to make the site a source of information about people, places, and things, but until recently, it's been way more effective at helping users find Game of Thrones' Wikipedia page than it has been at helping us find out what friends and other users have posted about the Red Wedding. But Facebook is moving forward with Graph Search and making it better at honing in on what users are saying. 
Facebook expanded its Graph Search to include posts and status updates, which means everything you've been posting is way easier to find than ever before. This expanded search is only available to a select test group, so you probably won't be able to use it quite yet, but it will eventually roll out on a wider scale and likely prompt a ton of annoying complaints in your News Feed. 
Here's what you need to know about the changes: 
You can now search for what your friends and other users are posting about a certain topic 
This topic-specific search pulls up instances where your friends or the general Facebook population use whatever term you're searching for, so it's helpful for following discussions about pop-culture events -- something valuable to Facebook as it attempts to convince broadcasters that it's an online destination for real-time chatter to rival Twitter. It's still not as good as Twitter for discovery, but this is a step in the right direction.

Since most people on Facebook aren't using hashtags to append their Breaking Bad rants, now you can look up posts by topic - i.e., "my .friends talking about Breaking Bad."
You can now search based on location or time
If you want to see what one of your friends was posting about a year ago today, or you're interested in seeing how people in Washington, D.C. are handling the government shutdown, there's also an option to look at posts and updates based on location or when they went up. 

Read more