FTC is getting serious about regulating mobile privacy

Post by: Abigail Augus

Regulating the collection and use of personal information though tort or contract is problematic for a host of reasons and may not provide companies with sufficient incentives to act in line with societal values and expectations. FTC enforcement, coupled with publicity and best practice guidelines, could provide those lacking incentives.

As recently discussed in the New York Times, the FTC is getting serious about regulating mobile privacy. http://www.nytimes.com/2013/02/02/technology/ftc-suggests-do-not-track-feature-for-mobile-software-and-apps.html?hp&_r=1&. Last week, the FTC made two big moves in the mobile arena: first, the FTC released a staff report detailing recommendations for the mobile industry to safeguard personal information (http://www.ftc.gov/opa/2013/02/mobileprivacy.shtm); and second, almost simultaneously, the FTC entered into a settlement agreement with Path through which it fined the social networking company $800,000 and required it to create a comprehensive privacy program along with independent monitoring for the next 20 years (http://www.ftc.gov/opa/2013/02/path.shtm). Similar to the FTC settlement over the launch of Google Buzz, this settlement went far beyond an order to simply desist deceptive practices. Such agreements send powerful messages to other companies. As the NY Times notes, for big companies such as Google and Amazon, “the suggestions essentially carry the weight of policy.”

Though some worry about unintended consequences of these settlements, such as companies eliminating privacy policies altogether to avoid FTC action, it seems likely that the publicity of violations may incite an increasingly savvy public to demand certain protections, which, if ignored, could destroy a business. This may be exactly what caused Instagram to lose almost half its users, as discussed in the January 30th blog post, “Continuing saga of Instagram.” Given that these companies’ ability to profit is entirely dependent on users and user data, reputational threats should be incentive enough for companies both small and large to heed the recommendations of the FTC, as well as those of other organizations setting influential guidelines (see, for example, the ACLU’s guide to privacy and free speech (https://www.aclunc.org/docs/technology/privacy_and_free_speech_it’s_good_for_business,_2nd_edition.pdf) and the California Government’s recommendations for mobile privacy (http://oag.ca.gov/sites/all/files/pdfs/privacy/privacy_on_the_go.pdf)).