Three Choices

October 17, 2016

We have explained several times in this blog why the FCC’s Broadband Privacy NPRM would be extraordinarily burdensome for the advertising community and consumers. Now the new Fact Sheet from Commissioner Wheeler provides a revised proposal and provides some additional information as to the path the FCC is hoping to chart regarding online privacy. Importantly, the FCC has decided to distinguish between sensitive and non-sensitive data, an improvement from the Commission’s earlier proposal. Unfortunately, the Fact Sheet’s new definition of sensitive data is breathtakingly broad and sweeping including all web browsing and application use history when linked to a device alone. This definition would encompass the vast majority of consumer activity on the net and mobile, and the FCC has stated that there needs to be opt-in consent for the collection of all “sensitive” data.

Clearly, as the Federal Trade Commission (FTC) has concluded, much general browser activity and app history does not encompass sensitive activity, and therefore, the FCC’s proposal is unprecedented and unwarranted. We believe that browser data and app use data on an across-the-board basis should not be defined as sensitive. Clearly, carefully specified sensitive categories should be carved out, but whether a consumer goes to a site to check out the weather or an offer on non-pulped orange juice or the myriad other mundane daily searches on the web should not be allowed to trigger unnecessary opt-in requirements.

Now that the Commission has established its expansive sensitive data definitions, there are three possible options for implementation. First: the FCC could require online data collectors, including advertisers, to place opt-in notices on every website where browsing or app use information could be utilized for any additional purposes. We believe this would present an extremely overwhelming environment for consumers who are simply trying to use the Internet and apps as they already do each and every day. Clearly, under this scenario, consumers would face a constant bombardment of annoying and disruptive opt-in consent notices. Second: the FCC could allow global opt-in consent options for users whenever they first set up their browser or app. This all-encompassing approach would force consumers to make privacy choices on an indiscriminate across-the-board basis. The third and only sensible option is for the FCC to adopt the FTC’s established and very successful approach to handling data privacy on the Internet and mobile media.

We strongly encourage the FCC to adopt the FTC’s approach. This framework is currently supported and strongly bolstered by the advertising industry’s self-regulatory program – the Digital Advertising Alliance (DAA). The DAA approach provides definitions of clearly specified sensitive data that require heightened consumer consent requirements, and opt-out requirements for the collection of other interest based advertising information. In addition, there are requirements for heightened clear, prominent opt-out notice for companies that collect “all or substantially all browser and application history.” This approach has been working highly effectively for a number of years.

ANA was a founding member of the DAA with the goal of providing Internet users with the capability to educate themselves about interest based advertising and to select which advertisers, if any, can use their information for advertising purposes. As the FCC works to prepare its Broadband Privacy NPRM for a vote on October 27th, we will actively work to inform the Commissioners about the critical effects of sweeping restrictions on data privacy and the adverse impacts of their existing proposal so that this proceeding does not create overly rigid and counterproductive data privacy collection and use rules.


You must be logged in to submit a comment.