Following its approval of the Google-DoubleClick merger, the FTC put out a series of proposals regarding privacy and online advertising. Dear God they're boring. But relevant nonetheless. Here are the bullet points.
- Websites where data is collected for behavioral advertising should provide a prominent statement that (1) data is being collected for use in advertising and (2) consumers can opt out. Make this easy to do.
- Companies collecting data should provide security for it consistent with laws and the FTC's data security enforcement actions.
- Companies should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need.
- No bait-and-switch allowed. A company must keep promises that it makes about how it will handle or protect consumer data, even if changes policies later. Before a company uses data differently from how it said it would when it collected it, consumers have to say OK. Mergers count.
- Collecting data for advertising purposes is only OK if consumers want to receive that advertising.
Still bored? How about a fun quiz? Count the number of ways Facebook's Beacon online ads would fail the FTC's proposals!