The FTC staff recently published Principles for Behavioral Targeting resulting from the E-havioral Targeting Town Hall in November. If they follow the pattern established in FTC Security cases these principles will likely be applied going forward in FTC cases and settlements. The Commission has asked for comment by February 22, 2008.
Principle 1 Transparency: Recommends clear and prominent, concise statement on a website (1) that data on online activities is being tracked for purpose of serving ads/providing service and (2) that consumers can choose whether or not to permit that tracking by providing a user-friendly choice mechanism. Although it is not stated whether opt-out is sufficient, that is likely the intent.
Principle 2 Security: Provide “reasonable” security for data collected, as that term is explained in the FTC cases based upon sensitivity of data, type of business, known risks, available protection.
Principle 3 Data Retention: Retain for only as long as necessary to fulfill legitimate business purpose or law enforcement purpose.
Principle 4 Affirmative Express Consent: for material changes in data handling/collection obtaining affirmative express consent.
Principle 5 Affirmative Express Consent: Obtaining affirmative express consent or a flat prohibition on use of sensitive data for behavioral advertising.
The principles are high level and in general agreeable to TRUSTe standards, reflecting for example, our guidance for Facebook Beacon partners on the issue of transparency and choice. TRUSTe will be submitting comments on the Principles.