The Latest in IT Security

FTC’s Challenge: Protecting Privacy Without Hurting Innovation


NEW YORK – GIGAOM STRUCTURE DATA CONFERENCE – The U.S. Federal Trade Commission has the tricky task of protecting consumer privacy in the age of Big Data and ubiquitous data collection without stifling innovation, a deputy director with the agency said at a conference this week.

When it comes to Big Data, the FTC has typically focused on the negative aspects, such as the inevitable concerns over consumer privacy, but it recognizes there have also been “huge innovation,” Daniel Kaufman, the Deputy Director for the FTC’s Bureau of Consumer Protection, told attendees on Wednesday at GigaOm’s Structure Data conference in New York City. Data collection is not always something sinister as there are plenty of practical—and beneficial—applications in healthcare and other areas.

It’s a balancing act for the FTC.

“For us we have to look at the entire ecosystem and make sure all the players are doing what they should be doing and what the law allows,” Kaufman said.

One challenge for the FTC is to keep up with privacy implications even while the technology is changing so rapidly. The agency has a “mobile lab” where teams of technicians and attorneys work together to analyze how apps handle user data.

The FTC fined Android flashlight app developer GoldenShores last year for not disclosing in its privacy policy that user data was being shared with an advertising network.

In the near future, the agency will be paying a lot of attention to apps to ensure children’s data is protected online. Websites and mobile app developers need to think about their approach for how they get permission for children’s data and how the information is used.

It’s important to note the FTC isn’t just focused on apps, but also on the mobile device and its underlying platform, such as when the agency went after HTC for security vulnerabilities in its software, Kaufman said.

A recent workshop on the Internet of Things highlighted the challenges of collecting data that wasn’t necessarily personal if collected just once, but could be personal when collected repeatedly over a period of time. “Having information about you in one spot but [also] where you travel and go creates a lot of challenges,” Kaufman said.

Another challenge lies in the fact that there are a lot of organizations involved in Big Data and data collection “that have not traditionally focused on privacy by design,” Kaufman said. These organizations aren’t used to thinking about consumer privacy and data security.

“We want to be mindful of individual privacy,” Kaufman said.

The FTC recently issued requests for information from nine different data brokers to figure out just what these entities do with the information they aggregate from disparate sources. The requests included questions about who the data was shared with, what kinds of restrictions are there on how the data can be used, and what is being done with the data. Consumers generally have no idea who the data brokers or what the vast majority of brokers even do with their data, Kaufman noted.

The FTC plans to release a report summarizing its findings sometime this year.

The report will hopefully shed some light on an industry, which has “enormous impact on consumers, but very little transparency,” Kaufman said.


Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.Previous Columns by Fahmida Y. Rashid:FTCs Challenge: Protecting Privacy Without Hurting InnovationHackers Actively Exploiting Old PHP Vulnerability in Server Attacks: ImpervaROI of Faster Incident Detection Puts Focus on Response Plans: SurveyHigh Demand Pushes Average Cyber Security Salary Over $93,000How Hackers Target Cloud Services for Bitcoin Profit

sponsored links

Tags: Mobile Security



Tracking Law Enforcement

Comments are closed.



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments