What Companies Can Learn From FTC Privacy Cases in 2011

December 05, 2011

John Gamble
Marketing Manager | TRUSTe
@johnaddison

Earlier this week the Federal Trade Commission (FTC) announced a settlement with Facebook over charges that the company deceived consumers by changing privacy settings without first giving prominent notice and obtaining their consent. With this settlement the Commission completes the trifecta of taking on three of the largest online players in 2011 over privacy violations (Google, Twitter, and now Facebook). The FTC has made it abundantly clear that they will spare no company when it comes to protecting consumer privacy.

The FTC has settled ten privacy cases in 2011 against companies of all sizes and business models. This past March, they settled with Chitika over charges that the advertiser continued to track consumers with cookies after they had opted-out. A few months later, they settled a case with Frostwire over charges that their apps caused consumers to unknowingly expose personal data because of default privacy settings. And, just last month, the FTC settled charges with ScanScout that the advertiser deceived consumers about their ability to opt-out of tracking by claiming consumers could use web browser settings. In actuality, ScanScout used Flash cookies not controlled by these settings.

One of the largest financial penalties issued in the FTC’s 2011 privacy cases was $3 million, but more commonly the penalties require offending companies to correct their practices, destroy the data in question, and submit to ongoing audits. These cases can also come at a significant cost to a company’s reputation and growth: shortly after the FTC settled with Google over privacy violations with their “Google Buzz” product the company discontinued the service altogether. What can the online advertising and data industry take away from these cases?

  1. Let consumers know you collect data
  2. Let consumers know what you plan to do with that data
  3. If your plans for that data change, let consumers know first, and ask their permission before making those changes
  4. Offer an unambiguous way for consumers to opt-out of online tracking
  5. Continually test to ensure your opt-out mechanisms work

Companies who follow these five rules are unlikely to find the FTC knocking on their doorstep about privacy violations.