Privacy Roundtables - Comment, Project No. P095416
Although there are many benefits to data collection and sharing for businesses, the practices currently used are far too complicated and not transparent enough. The FTC should establish some sort of "opt-in" policy for third-party marketing, behavioral/targeted advertising, mobile marketing, etc. The opt-in program allows the consumer's privacy to be fully protected as the default. This should apply on social networking sites, as well. The consumer can then build up a profile of which personal information he or she would like to share with companies and third-parties. This allows a level of protection that I think individual consumers will be satisfied with. If the consumer sets his or her privacy settings too high, he or she will be able to modify the settings to allow for more data collection. If she or he finds that the settings were created too low, then modification can happen. These opt-in processes and all privacy policies should, however, be written in plain, everyday language, not legal or technical jargon. Having almost attained a legal degree myself, I have found that I still cannot understand privacy policies without reading them over and over. They are far too long, and far too complex for the average user to understand (see e.g. http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf). Business self-regulation does not appear to work in any industry, especially marketing and advertising. The government needs to step in and set minimum, baseline requirements that companies using personal data must follow. This ensures the protection of consumers. Organizations like ACLU, ACLU of Northern California, EFF, and CDT have all done greatly beneficial work that the FTC should take into consideration when creating regulations to protect consumers' privacy online.