NTIA Recommends Shift in Privacy Protection Responsibility
The National Telecommunications and Information Administration (NTIA) has urged the Federal Trade Commission (FTC) to shift the responsibility for consumer privacy protection toward the companies that collect and sell consumer data, rather than relying on consumers to ensure their own protection.
The recommendations came in comments filed in a Federal Trade Commission inquiry on how trade regulation rules on companies’ data use and sales practices should be altered. The filing urged strong privacy protections and rules curbing “commercial surveillance.”
NTIA Privacy Protection Recommendations
Recommendations in the filing:
- Requiring companies to minimize the data they collect,
- Restricting companies from using data gathered for one purpose for another purpose (such as using data collected as part of providing a service to a consumer to serve them targeted ads),
- Taking a comprehensive approach to new privacy protections, with more stringent protections for marginalized communities and vulnerable populations such as children, where appropriate, and
- Considering stricter limits on biometric technologies, such as facial recognition technologies, because of the higher risk of harm.
“Strong privacy rules will help make the Internet a better place for everyone,” Alan Davidson, NTIA’s Assistant Secretary of Commerce for Communications and Information, said in a press release “NTIA is calling for rules that stop the unnecessary and harmful collection and use of personal information. Companies need guardrails about what they can build, and NTIA supports the FTC’s efforts to put those rules in place.”
The executive summary of the comments makes the direction in which the NTIA wants the FTC to go clear. The idea is that people often give companies permission to do things with their data about which they may not be fully aware and that there are populations that are more at risk than others:
“These rules should eschew consent-dominated privacy governance in favor of data minimization and purpose limitation requirements, and cover the comprehensive range of commercial data practices under the FTC’s jurisdiction with heightened protections where appropriate for harms that disproportionately impact vulnerable populations.”