Cybersecurity, Financial, Others Seek FTC Privacy Exemptions

The broad applications of the draft proposals pose a “serious threat to the geospatial community,” said the Management Association for Private Photogrammetric Surveyors (MAPPS). The report said companies shouldn’t have to seek consumer consent to collect information for commonly accepted practices, MAPPS said. “We believe similar geospatial data should also be excluded from having to be subjected to consent or waivers,” MAPPS said. The association also urged that geospatial firms’ precise geolocation activities should be excluded. “Failure to do so would thwart some common, justifiable, and emerging uses of geospatial data” for disaster remediation, emergency response and other urgent situations, the group said.

DataXu asked the commission to provide more examples of “commonly accepted practices” that don’t require consumer choice. “It is critically important to the advertising industry that the proposed framework does not impair an advertiser’s use of cookies to measure online ad effectiveness,” said the company, which helps online media websites work more efficiently.

Some organizations asked the FTC to carefully consider the impact of a Do Not Track mechanism. The Safe Internet Alliance (SIA) questioned whether Do Not Track should be a government-regulated function. Many online advertisers and companies, like Google and Apple, “have gone to great lengths to allow consumers to choose whether … they will be tracked for advertising,” SIA said. ThreatMetrix doesn’t believe cybersecurity companies should be covered under the framework proposed in the report, it said. Existing notice requirements and the agency’s enforcement tools, “provide sufficient protection for any misuse of personally identifiable information in a security context,” said the cybersecurity company for e-commerce sites. Do Not Track shouldn’t be expanded to cybersecurity applications because “removing tracking capability will provide anonymity to a fraudster and reduce the likelihood that fraud will be detected,” ThreatMetrix said.

Industries already subject to sectoral regulation, like financial services, should be excluded from the FTC’s and Commerce Department’s final privacy reports, the Securities Industry and Financial Markets Association said. Both reports are “understandably principally focused on sectors of the economy that are not currently subject to privacy regulations,” SIFMA said: “Any new privacy recommendations should take into account the strong legal protections for financial information already in place and the importance of this sector’s recovery to the nation’s economy.” The financial sector adheres to the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act, which orders financial institutions to “securely store personal financial information, and provide data subjects with notice of the institution’s privacy practices and the right to opt-out of some sharing of personal financial information,” SIFMA said. An analysis of the potential costs and benefits to businesses and consumers would be beneficial, the American Bar Association’s Antitrust Law section said. The report “does not address the possible competitive effects that may occur as a result of the various proposals,” it said. While there are potential benefits of a Do Not Track mechanism, “the ambiguous evidence that the Commission has collected so far forms an uncertain basis” for a universal legal obligation, the ABA said.

The American Bar Association’s Intellectual Property Section, the American Association of Ad Industries and other groups requested an extension of time to March 15. After requesting an extension after the original deadline of Jan. 31, the Computer and Communications Industry Association plans to file comments by the upcoming deadline, a spokeswoman said.