It’s nearly impossible for members of the general public to understand whether or not their personal data is being protected by the companies that collect it. The FTC technically oversees this data flow to protect consumers, though the agency’s efficacy is very much up for debate. It’s no wonder, then, that the FTC feels the need to remind internet companies that it’s watching them.
Kristin Cohen, the FTC Division of Privacy & Identity Protection’s acting associate director, published a blog post this week speaking to the FTC’s ongoing commitment to protect user data. “Companies that make false claims about anonymization can expect to hear from the FTC,” Cohen writes.
On the whole, Cohen’s post doesn’t offer up much new information on how, exactly, the FTC plans to “crack down” on companies that misuse consumer data. It’s a useful primer on the data protection problems facing consumers, but Cohen doesn’t exactly bolster her promises with much action.
Laying down the foundation — Cohen spends most of her post providing a cause-and-effect chain demonstrating how user data has become such a murky problem. The problematic process essentially goes:
- Users accept data-collection in exchange for benefits
- Data is analyzed and used for purposes other than stated benefits
- Curated data is sold to various third parties for them to do with as they wish
The problem, as Cohen notes, is that it’s very difficult to pin down where this data ends up — it is, in her words, an “opaque” marketplace. That data could end up in anyone’s hands. In many cases the most nefarious use of this data is targeted advertising. But there is always the potential that this data could be used for scams, stalking, and other harms.
So... what now? — Well, the FTC says it’s “committed to using the full scope of its legal authorities to protect consumers’ privacy.” It has done so in the past, as Cohen reminds the reader, as in the case of period-tracking app Flo. Cohen makes special mention of companies that claim to “anonymize” collected data and never do so in a meaningful way.
It’s nice to know that the FTC is willing to prosecute companies that abuse user data. Better still would be if the FTC were to protect user data before it’s used for invasive purposes. This would require significantly more oversight, yes, but it would also do much more to mitigate harm. It’s one thing to recognize how opaque the system currently is; it’s another endeavor entirely to push for policies that actually make it more transparent.