The Federal Trade Commission will host a series of day-long public roundtable discussions to explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses. The goal of the roundtables is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation.
- December 7, 2009 - FTC, Washington, DC
- January 28, 2010 - Berkley, CA
- March 17, 2010 - FTC, Washington, DC
Transcript - Files
Request for Comments
Interested parties are invited to submit written comments electronically or in paper form. Comments should refer to "Privacy Roundtables - Comment, Project No. P095416", to facilitate the organization of comments. Please note that your comment -- including your name and your state -- will be placed on the public record of this proceeding, including on the publicly accessible FTC website, at www.ftc.gov/os/publiccomments.shtm. The comment period will remain open until April 14, 2010. Commenters may address any of the issues raised at the three privacy roundtables.
Because your comment will be made public, it should not include any sensitive personal information, such as your or any other person’s Social Security Number; date of birth; driver’s license number or other state identification number, or foreign country equivalent; passport number; financial account number; or credit or debit card number. Your comment also should not include any sensitive health information, such as medical records or other individually identifiable health information. In addition, your comment should not include any "[t]rade secret or any commercial or financial information which is obtained from any person and which is privileged or confidential. . . .," as provided in Section 6(f) of the FTC Act, 15 U.S.C. 46(f), and Commission Rule 4.10(a)(2), 16 CFR 4.10(a)(2). Comments containing material for which confidential treatment is requested must be filed in paper form, must be clearly labeled "Confidential," and must comply with FTC Rule 4.9(c), 16 C.F.R. § 4.9(c).
Because paper mail addressed to the FTC is subject to delay due to heightened security screening, please consider submitting your comment in electronic form, by using the following weblink: public.commentworks.com/ftc/privacyroundtable2 (and following the instructions on the web-based form). To ensure that the Commission considers an electronic comment, you must file it on the web-based form at the weblink: public.commentworks.com/ftc/privacyroundtable2 .
If you decide to file your comment in paper form, it should include the "Privacy Roundtables - Comment, Project No. P095416" reference both in the text and on the envelope, and should be mailed or delivered to the following address:
Federal Trade Commission
Office of the Secretary
Room H-135 (Annex P2)
600 Pennsylvania Avenue, NW
Washington, DC 20580.
The FTC is requesting that any comment filed in paper form be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.
The questions for comment in conjunction with the third roundtable were:
- How can we best achieve accountability for best practices or standards for commercial handling of consumer data? Can consumer access to and correction of their data be made cost effective? Are there specific accountability or enforcement regimes that are particularly effective?
- What potential benefits and concerns are raised by emerging business models built around the collection and use of consumer health information? What, if any, legal protections do consumers expect apply to their personal health information when they conduct online searches, respond to surveys or quizzes, seek medical advice online, participate in chat groups or health networks, or otherwise?
- Should “sensitive” information be treated or handled differently than other consumer information? How do we determine what information is “sensitive”? What standards should apply to the collection and uses of such information? Should information about children and teenagers be subject to different standards and, if so, what should they be?
The questions for comment in conjunction with the second roundtable were:
- What role do privacy enhancing technologies play in addressing Internet-related privacy concerns? Consider the efficacy of technological innovations in areas such as identity management systems, new means of providing consumer notice and choice, and emerging methods of ensuring accountability in data usage. In framing comments, consider the costs and benefits of privacy-enhancing technologies in the following contexts: cloud computing services; social networking sites; online behavioral advertising; the mobile environment; services that collect sensitive data, such as location-based information; and any other contexts you wish to address. If privacy enhancing technologies do play a role in resolving privacy concerns, discuss whether and how to create incentives for the development and adoption of such technologies, and ways to ensure they are effective and useful to consumers.
- What challenges do innovations in the digital environment pose for consumer privacy, and how can those challenges be addressed without stifling innovation or otherwise undermining benefits to consumers? For example, consider the technology and business practices that enable greater collection, use, and distribution of consumer data, including evolving methods of observation and tracking; techniques for correlating data, including the re-identification of anonymized data; the merging of data between on-line and off-line environments; and the emergence of third-party application developers in online platform environments.”
The initial questions for comment in conjunction with the first roundtable were:
- What risks, concerns, and benefits arise from the collection, sharing, and use of consumer information? For example, consider the risks and/or benefits of information practices in the following contexts: retail or other commercial environments involving a direct consumer-business relationship; data broker and other business-to-business environments involving no direct consumer relationship; platform environments involving information sharing with third party application developers; the mobile environment; social networking sites; behavioral advertising; cloud computing services; services that collect sensitive data, such as information about adolescents or children, financial or health information, or location data; and any other contexts you wish to address.
- Are there commonly understood or recognized consumer expectations about how information concerning consumers is collected and used? Do consumers have certain general expectations about the collection and use of their information when they browse the Internet, participate in social networking services, obtain products from retailers both online and offline, or use mobile communications devices? Is there empirical data that allows us reliably to measure any such consumer expectations? How determinative should consumer expectations be in developing policies about privacy?
- Do the existing legal requirements and self-regulatory regimes in the United States today adequately protect consumer privacy interests? If not, what are the particular privacy interests that warrant increased protection? How have changes in technology, and in the way consumer data is collected, stored, and shared, affected consumer privacy? What are the costs, benefits, and feasibility of technological innovations, such as browser-based controls, that enable consumers to exercise control over information collection? How might increased privacy protections affect technological innovation?