News & Insights  |  Newsletters

Important Consumer Marketing Privacy Issues Loom for 2012

January 2012

As the new year begins, consumer privacy issues once again will take a turn in the spotlight of Washington legal and policy circles. Decisions to be made over the next several months may greatly affect the shape of consumer marketing during the next few years. The White House, the Federal Trade Commission (FTC), industry groups and Congress all will play important roles over the next months.

White House to Issue "Online Privacy Bill of Rights"

Last March, the Administration called on Congress to enact a consumers' "privacy bill of rights." As 2012 begins, it appears that the Administration is no longer inclined to wait for Congress to act.

The Administration's call was for federal privacy legislation based upon the generally recognized fair information privacy principles (or FIPPs). The Administration envisioned a regime consisting of statutorily established consumer privacy rights protected by stronger FTC enforcement powers, buttressed by provisions that would encourage industry to develop self-regulatory privacy codes of conduct.

The White House's support for legislation was notable, because it was the first time any Administration had called for general consumer federal privacy legislation. In so doing, it stepped well beyond the position advanced by the Commerce Department in a "green paper" released only three months earlier, entitled "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework."  (See our January 2011 article: "Commerce Proposes a 'Privacy Bill of Rights.'") At that time, the Commerce Department stopped short of calling for legislation, instead limiting itself to encouraging the development of voluntary enforceable codes of conduct for specific industries. (A final version of the report is expected to be released shortly.)

However, the Administration has already publicly signaled that it no longer will wait for Congress to enact legislation. Instead, Daniel Weitzner, deputy chief technology officer for Internet policy in the White House, recently stated that the Administration would be announcing a consumer privacy bill of rights as a fundamental component of a baseline "flexible, pro-consumer, pro-innovation" privacy policy. The Administration hopes that industry then will take the lead in developing pro-consumer privacy self-regulatory regimes, which would be enforceable by the FTC. Notably, not only will the Administration not be awaiting congressional action, it also will not seek to establish the consumer privacy bill of rights through an administrative rulemaking proceeding. Instead, the consumer privacy bill of rights will be a policy statement.

The Administration's decision not to await congressional action may be a nod to the current political realities in Washington. However, it also is unclear whether the forthcoming announcement will have any significant effect on the current legal environment. Industry self-regulation has been a component of U.S. privacy policy for more than a decade, and a number of industry groups have undertaken self-regulatory initiatives. Indeed, Mr. Weitzner's recent statement is reminiscent of FTC and Commerce Department policy pronouncements from a decade ago, in which industry self-regulation was regularly touted and legislation avoided.

Then, as now, the federal government and private entities were encouraging industry self-regulation to protect consumer privacy, supplemented by FTC enforcement actions against entities that failed to live up to their published privacy policies. It is not self-evident how the current Administration's consumer privacy bill of rights will change this situation, but time will tell.

FTC to Issue Report on Consumer Privacy

In addition to the Commerce Department report, the FTC is expected to release an important policy report in early 2012. This report will be a final version of the report issued by the FTC staff on December 1, 2010, entitled "Protecting Consumer Privacy in an Era of Rapid Change."

The FTC's final report, which should reflect public comments on the staff draft, as well as an additional year of developments in privacy law, will join the Commerce Department's White Paper in helping to frame the current national debate about privacy and preview the agency's future enforcement actions.  Such "soft legislating" has already spurred industry to provide consumers with more notice of online advertising and opportunities to opt out.

On the other hand, it is not yet clear what effect these developments have had on the online advertising industry and the publishing industry that advertising supports. Commenters on the FTC's staff draft expressed concern that some of the staff's recommendations could prove so unreasonably burdensome as to cause the death of "free" Internet content on many platforms. In the past year, for example, many newspapers have already begun to shift from providing free content (even if registrations were required) to a payment model.

The FTC's final report will likely recount recent industry developments, assess where matters now stand and indicate the direction of the agency's policy and enforcement efforts. Indeed, several important elements of the December 2010 staff report played major roles in driving private and public policy action in 2011. For example, policy recommendations set forth in the staff draft, such as "privacy by design," simplified consumer choice (including "just-in-time" notice and "do not track"), improved privacy notices in mobile applications, and extending the FTC's regulations implementing the Children's Online Privacy Protection Act to teenagers, all received substantial attention from industry and lawmakers in 2011.

Indeed, the privacy-by-design concept was incorporated in FTC consent decrees resolving major privacy investigations of Google and Facebook. Prodded by the FTC, industry has launched a behavioral advertising icon intended to provide just-in-time notice to consumers of online advertising practices, and browser developers have worked to incorporate do-not-track capabilities into their software.

In addition, as discussed below, the industry has made substantial strides in the complex and difficult area of mobile privacy, although much remains to be done.

Continued Attention to Privacy in Mobile Apps

Mobile privacy became a big issue in 2011, starting with alleged geo-location "tracking" capabilities in Android phones and iPhones and moving on to privacy issues arising from mobile applications. (See "Mobile Apps Invite Privacy Problems" in our September issue.) Such matters reached the attention of Congress as well, with the June introduction of the 2011 Location Privacy Protection Act sponsored by Sens. Al Franken (D-MN) and Richard Blumenthal (D-CT).

Although legislation has stalled, the FTC has picked up the slack, bringing several privacy enforcement actions against mobile app developers for alleged privacy violations.

In addition, industry has picked up the slack as a number of industry groups have sought to develop and present best practices for mobile apps privacy, including geo-location privacy. Some—such as the Mobile Marketing Association and PrivacyChoice—have gone as far as to create models that app developers may consult in preparing their own privacy policies. On the distribution end, app marketplaces—and in particular the Apple, Android and Facebook ones—require developers to provide privacy notices for apps that transmit data from the device.

Privacy issues relating to mobile services are sure to increase in 2012. In addition to more work on privacy and location-based services generally, expect more attention to fall on mobile advertising, a market predicted to boom to more than $20 billion annually by 2015. Perhaps the biggest looming privacy challenges will come in the area of mobile payments, when Americans begin to use their smartphones to make payments through payment software contained in the phone.

Telemarketing Legislation Unlikely

One item that is not likely to reappear in 2012 is a legislative initiative—backed by a business coalition including, among others, the U.S. Chamber of Commerce and the Air Transport Association—that would have made it easier for businesses to contact customers' cell phones. The bill, H.R. 3035, was introduced by Rep. Lee Terry (R-NE) and Rep. Edolphus Towns (D-NY) but received strong opposition from consumer interests that viewed it as opening the doors for a flood of robocalls to cell phones. Forty-eight state attorneys general also opposed the bill. Unable to resolve the conflicting interests of businesses and consumers, in December, Reps. Terry and Towns asked the chairman of the House Energy and Commerce Committee not to schedule any further proceedings on the bill.