"Companies engaged in behavioral advertising may be invisible to most consumers," the report said. "The FTC repeatedly has called on stakeholders to create better tools to allow consumers to control the collection and use of their online browsing data."
The report shows a failure of private industry to adequately address customer privacy concerns online, FTC Chairman Jon Leibowitz said during a press conference. "Despite some good actors, self-regulation of privacy has not worked adequately and is not working adequately for American consumers," he said. "We deserve far better from the companies we entrust our data to, and industry as a whole needs to do a far better job."
Earlier this year, Leibowitz said the FTC was considering a do-not-track list, and several privacy groups proposed such a list back in 2007.
"But, of course, that's the issue," Lenard said. "It is highly likely the DNT mechanism would interfere with those benefits. Furthermore, the DNT mechanism cannot be compared to the popular do-not-call list, which reduces unwanted marketing messages. A DNT mechanism wouldn't necessarily reduce advertising messages, it just would likely make them less useful."
The FTC should compare the benefits and costs of do-not-track before making such a "major proposal," Lenard added.
The FTC is not yet calling for do-not-track legislation in Congress, but Web browser makers and other Internet companies should act quickly to implement a universal do-not-track list, Leibowitz said.
New privacy protections, either from industry or government, are needed, because Internet users are often confused about how companies are collecting and using their personal data, Leibowitz said. "Many companies are not disclosing their practices," he said. "Even among the companies that do disclose them, those disclosures are often done in long, incomprehensible privacy policies and user agreements that consumers don't read, let alone understand."
The FTC report also calls on companies to adopt a so-called "privacy by design" approach by building in privacy protections to their everyday business practices. U.S. businesses should ensure reasonable security for consumer data, limit their collection and retention of personal data, and make reasonable efforts to ensure the data is accurate, the report said.
Companies should also provide customers with choices about how their data is collected and shared, the report said. Those choices should come at the time and in the context of decisions consumers are making -- "not after having to read long, complicated disclosures that they often cannot find," the FTC said in a press release.
Companies should not, however, have to seek consumer permission to collect data for some commonly accepted practices, such as product shipping, internal operations and fraud prevention, the FTC report said.
In addition, online companies should look to create shorter and standardized privacy policies that are easy to understand, the FTC report recommends.
The IDG News Service