Yesterday the Federal Trade Commission proposed a broad framework for protecting consumer privacy both on the Web and offline. The framework is meant to help guide policymakers in crafting legislation to prevent the tracking and wholesale collection and sale of consumer information that is practiced by large online companies like Google, Mozilla, and Microsoft. Yesterday I wrote about health information “data mining;” (see post here) the collection and sale specifically of web user’s health data, including the conditions they suffer from, medications used and identification information like name, age, gender and even personal doctor. As the FTC notes in its proposal; “The more information that is known about a consumer, the more a company will pay to deliver a precisely-targeted advertisement to him.”
The FTC noted that current privacy efforts by most online companies were inadequate. Some did not alert consumers to the fact that data was being collected in the first place, others provided lengthy and incomprehensible warnings that most Web users ignore and others did offer the chance for individuals to block collection of their personal data, but this action has to be repeated at the beginning of every transaction.
Instead, the FTC framework proposes a “Do Not Track” option that consumers can chose to activate on their browsers. Similar to a “Do Not Call” list that prevents most (but not all) telemarketers from contacting you by phone, the “Do Not Track” option would prevent most data miners from surreptitiously collecting personal information online. The FTC says that the Do Not Call registry currently contains 200 million telephone numbers.
The framework is open to comment until January 31, 2011, and the FTC plans on issuing a final report later that year.
All of these recommendations directly apply to the particularly sensitive area of online health information. As an example of the problem, at a FTC roundtable meeting earlier this year, a panelist and commenter “cited a Wall Street Journal article indicating that some data brokers maintain lists of elderly patients who suffer from Alzheimer’s disease and similar maladies as ‘perfect prospects for holistic remedies, financial services, subscriptions and insurance.’” (The implication being that these folks would be perfect marks for buying costly, but useless, products.) One could imagine cancer sufferers being bombarded with similar product pitches, as well as “education” information that is sponsored by drug companies pushing their latest treatment.
It is a positive development that the FTC is acknowledging the gravity of the problem with online data mining and is devising protections to help consumers keep their health-related (and purchasing, web browsing, etc.) information private. A “Do Not Track” option is a good start—one that is likely to be opposed by industry if it applies to a broad range of consumer information—and in the coming months Congress will need to develop legislation that leads to better protection of sensitive information. It’s a start; a much-needed action to address the growing threat to our personal privacy.