The FTC today released its long-anticipated privacy report, “Protecting Consumer Privacy in an Era of Rapid Change.”  The report proposes a new privacy framework that would apply broadly to online and offline commercial entities that collect, maintain, share, or otherwise use consumer data that can be reasonably linked to a specific consumer, computer, or device.

Although most of the discussion of the report so far has been on its recommendation that Congress implement “do-not-track” legislation — particularly in light of the House Subcommittee on Commerce, Trade, and Consumer Protection hearing on the subject — the FTC’s report includes a number of other significant proposals, including:

  • introducing the concept of “privacy by design,” which would push companies to adopt more rigorous internal privacy policies and to implement privacy protections throughout their organizations
  • clarifying that companies do not need to provide users’ choice for “commonly accepted practices,” and seeks comment on how this term should be defined
  • claiming that pre-checked boxes are not effective means of obtaining meaningful, informed consent
  • encouraging companies to standardize the format and terminology for describing data practices across industries so that consumers can more easily compare companies’ privacy practices and seeks comment on the feasibility of this approach.

We’ve just released a client alert that provides more detail on the report’s key principles and analyzes how the FTC’s new privacy framework is likely to affect businesses in the future.  The alert also focuses on the many questions that the FTC has asked industry to comment on between now and January 31.