Last December, 2010, the Federal Trade Commission released a white paper about their thoughts on Do Not Track (DNT). They requested comments from any interested party, due by February 18, 2011. Below, we’ve analyzed the responses available in a Google Docs spreadsheet in order that people could quickly scan who had responded (lawyer, company, advocacy group, trade organization, individual, etc) and whether they supported DNT, in either a self-regulatory or legal manner, and lists any salient quotes from their submissions. Note that many individuals submitted responses that consisted of a few sentences, often in support of Do Not Track, because they want DNT to stop the tracking they themselves experience. But our analysis was really meant to make it easy to categorize and understand quickly how organizations and entities that submitted document responses to DNT stood with the proposal, without having to read all the documents submissions individually.
- The FTC White Paper itself: ”Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers”, preliminary FTC staff report, December 2010
- The FTC page listing all responses to their White Paper. This page lists links to a short web page for each response. Many of the pages then link to one or more PDFs submitted by that respondent.
- Our page combining all the responses. This single page conveniently contains the text of all the response web pages, and also directly links to all 201 submitted PDFs for easier downloading.
- Spreadsheet with additional data on the responses. This spreadsheet allows for quick scanning of all the responses, allows for the resorting of responses by any column (such as type of responder, or by alpha-name or by date of submission). You can also download the data in the spreadsheet and create whatever other forms you wish from it.
There were 452 responses, compared to 100 responses to the Department of Commerce Green Paper; however, over 250 of the FTC responses were from individual citizens, most brief and supporting Do Not Track or
criticizing tracking in general and other privacy violations; only a few of the Commerce responses had been from unaffiliated individuals. Almost all early responses were from individuals; organizations tended not to submit until close to the deadline, unless to simply request an extension. Many responses supported opt-in (positive consent) rather than an opt-out system like Do Not Track.
Over 60 of the FTC responses were from trade associations, over 60 from private companies, over 25 from publicly traded companies, over 25 from think tanks or advocacy groups, over 10 from academics, and over 10 from governments.
In 83 cases the same organization or individual responded to both DoC and FTC. Many organizations submitted similar documents to both, or a single document, or even sent the FTC a completely unmodified document still referring to Department of Commerce in the text.
AT&T requested “The DNT mechanism should not unduly burden businesses which have direct customer relationships particularly where businesses that have no relationship with the customers frequently engage in the most aggressive tracking” while others
About 50 responses were from the geospatial community concerned that strict new regulation would place an unreasonable burden on their industry, apparently triggered by the call for special protection of and affirmative consent for “precise geolocation data” on p. 61 the White Paper. The paper did not define the phrase “precise geolocation data”, and respondents worried that new regulations could even extend to a requirement for permission from each person whose property is visible in an aerial map. Many responses, often from the same template, requested that FTC define the phrase, or specifically exempt maps. Other than MAPPS, all of these responses were from small businesses and individuals who had not responded to DoC.
Personal Health Data
Wolters Kluver Pharma, supported by Genetic Alliance, defended the use of prescription data that has been de-identified up to the standards defined by HIPAA, something that the Supreme Court later ruled in favor of on April 26th, against the efforts of the Obama Administration and 35 states to require doctors’ permission.
Surprisingly, there are only 3 mentions of “user-centric” in all the responses - 2 mention “user-centric privacy framework” without elaboration, and Ann Cavoukian’s Privacy by Design document lists it as one of the seven principles. ”Personal data ecosystem” is mentioned only by Semcasting, DoubleVerify, and USACM.
Overall, we saw entities with business based upon tracking personal data from individuals come down on the side of either self-regulation or no-regulation at all. And typically, as in the DOC response analysis, we found that advocacy groups typically came down in favor of some kind of enforceable regulation that would protect individuals from tracking if they do not want it. Very few offered a different solution as the Personal Data Ecosystem Consortium does, where we support user rights and data collector responsibilities, coupled with a market solution where startups and existing companies provide the tools and exchanges for users to collect their own data and share it as they wish, with autonomy and control, in those marketplaces and exchanges.