On January 12, the FTC held its second annual PrivacyCon conference in Washington. The day-long event featured presentations and exhibits by a number of scholars and privacy experts offering their research on consumer privacy and security in the digital age.
Chairwoman Edith Ramirez opened PrivacyCon by noting the myriad ways that consumer data is collected, and she questioned whether the risks associated with data collection can outweigh the benefits. Ramirez then handed off the discussion to the first panel, which addressed privacy concerns associated with the Internet of Things. Topics included security issues in “smart” homes, the privacy risks of cross-tracking between Bluetooth devices, and personalization practices in targeted advertising. Maria Rerecich of Consumer Reports also took part in the panel and described the difficulty of evaluating privacy issues associated with high-tech products and services. According to Rerecich, Consumer Reports is currently working with other consumer groups to create an open source digital standard to hold manufacturers and providers accountable for their methods of managing consumers’ privacy, security, and data.
The second panel of the day focused on mobile privacy and the many problems associated with security on mobile devices. In these sessions, topics included the unencrypted “leaking” of users’ personal information by mobile apps, third-party trackers, the efficacy of user prompts for privacy decisions, and current privacy requirements for mobile apps. Many discussed the inherent tension between strategies to increase consumers’ privacy and the desire to maintain high levels of user functionality.
Consumer expectations of privacy highlighted the third panel’s discussion, as researchers presented data related to consumers’ willingness to trade friends’ data, folk models of online behavioral advertising, and online tracking. Another topic covered was the privacy paradox, whereby consumers feel uncomfortable with a lack of technological privacy, yet become more comfortable if they are given the opportunity to rationalize the lack of privacy. One researcher noted the lack of consumer education about third-party tracking and advocated for trackers to explain clearly the data they collect.
Discussions during the final panels of the day centered on consumers’ online behaviors and information security. The scholars on these panels discussed anonymity on the Web, the number and types of sites that track users, ad blockers, detection of ransomware attacks, and the distribution of unwanted software. In these sessions, panelists encouraged the FTC to focus enforcement on the parties who track consumer data most, such as Google, Facebook, Twitter, and Amazon, to effect change in the rest of the market. The day ended with a wrap-up panel that discussed the earlier presentations.
We will continue to monitor the FTC’s approach to consumer privacy and other developments in this rapidly evolving area.