White House, FTC, and California Attorney General Step Up to the Starting Line

By: Chris Conley

In the past week, the White House, the Federal Trade Commission, and the California Attorney General's Office have all released reports or announced agreements designed to promote consumer privacy. These announcements incorporate several good ideas that, if implemented and enforced, would give users more control over their own personal information. But the recent moves are just a starting point for protecting privacy, not the finish line.

Here's what has been announced:

  • Last week, the FTC issued a report about mobile applications for children, calling on both app developers and app stores to ensure that children and parents are fully informed about how apps collect, use, retain, and share information about their users.
  • On Wednesday, California Attorney General Kamala Harris announced an agreement with several providers of online platforms that requires all apps to have privacy policies and all platforms to make these policies readily available to users before the user downloads the app.
  • This morning, the White House officially released a white paper calling for a "Consumer Bill of Rights" that would go well beyond simple "secret or public" privacy controls and ensure that users have meaningful control over their own personal information.
  • The White House also announced an agreement with several major tech companies to implement and respect "Do Not Track" controls in browsers.

Individually, each of these proposals has positive aspects. The FTC's call for mobile application and app stores to provide transparency around app data usage and the California AG's announcement that mobile app developers must comply with the California Online Privacy Protection Act of 2003 and spell out out how they collect, use, retain, and store data about users both give users more information about how mobile apps actually collect and share information. The Consumer Bill of Rights suggests that the executive branch may be ready to get down to business on privacy by recognizing that privacy is not a binary choice between keeping data "hidden" and losing control of it entirely but instead a still-necessary right for individuals to maintain control over their personal information. And we have long endorsed the concept of Do Not Track as a way for users to have a simple way to protect their own privacy and supported a true multistakeholder approach that goes beyond "industry self-regulation" and creates a real dialogue about possible approaches to protecting user privacy.

But so far it seems that many of these proposals lack the teeth, or at least the details, needed to effectively protect privacy. The FTC's report states that the agency is still evaluating "whether enforcement is appropriate," while the Consumer Bill of Rights is entirely voluntary barring the sudden passage of comprehensive privacy legislation. And it's not yet clear whether the Do Not Track agreement will actually allow users to prevent all tracking or whether exceptions (such as a potential loophole for "established business relationships" that would allow Facebook, Google, and other Internet giants to largely ignore DNT) or narrow definitions will wind up creating nothing more than an ad preferences manager that doesn't protect privacy at all.

So the best part of the past week may not be any particular proposal but the fact that they've all come out at once. Having the White House, the FTC, and the AG's office all simultaneously call for greater privacy protections for consumers makes it clear to companies that privacy isn't an option, it's a requirement. And as these announcements put privacy policies and practices in the media spotlight and on users' screens, we hope that more companies will come to see that privacy isn't just a requirement to comply with current law and prevent more rigorous regulation but an opportunity to establish a trust-based relationship with users that leads to long-term success.

So if you're a developer or entrepreneur, now is the time to think about building privacy into your next product or business plan from the start so your users never have to choose between you and controlling their own personal information. If you need some pointers, check out our primer for businesses and developers or stop by our panels on mobile privacy at RSA and SXSW. Because even if the finish line isn't quite in sight yet, a head start never hurts!

Chris Conley is the Technology and Civil Liberties Fellow with the ACLU of Northern California.