![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
Who's responsible for educating consumers about privacy in the U.S. and are they doing a good job?
Earlier this year, the White House announced the first-ever
, which was largely developed by the Department of Commerce Internet Policy Task Force as well as the Federal Trade Commission (FTC). The White House has been trying to get Congress to give the bill the force of law, which would allow the FTC and state attorneys general to enforce its privacy protections. In the interim, however, the White House is seeking to get businesses to publicly state that they'll abide by the rules, as a code of conduct, which would allow the FTC to enforce businesses' compliance with the rules.
But the best bill of rights won't work unless consumers feel passionate about their privacy.
"First of all, you need to have a motivated consumer who wants to be educated," said Christopher Wolf, director of the privacy and information management practice at law firm Hogan Lovells and co-chair of the Future of Privacy Forum. "You need to get the horse to the water if you want it to drink, and that's hard to do—in the abstract."
Consumers offer competing privacy definitions
Another issue is the nature of privacy itself.
"One of the challenges with privacy is that, in the consumer space, it has a lot of different meanings assigned to it," said Nathan Good, principal of Good Research. "Also, the way that consumers talk about privacy is very different than the way that a regulator, or an engineer, talks about privacy."
Notably, consumers have a tendency to group security and interface concerns under the "privacy" rubric. "For example, a consumer may consider a popup as a privacy concern," he said. "So there are a lot of these interesting decisions that people need to work through to disambiguate what's a legitimate privacy concern—versus something else—in the consumer privacy space."
Correcting subjective impressions
Numerous research reports reinforce the fact that many consumers don't understand data privacy nuances. Earlier this year, for example, market researcher Annalect
758 adults in the wake of discussions about the do-not-track (DNT) button that's been proposed for web browsers. But the company found that many people didn't understand the underlying privacy and online behavioral tracking issues.
Notably, while 93 percent of people said they planned to use the DNT button, 84 percent of respondents also said they wouldn't pay for access to online content, although they would accept targeted advertising in exchange for free access. Of course, using the DNT button would block such targeted advertising. Furthermore, 52 percent of respondents said that they alone—and not any website they visited—should have access to their online behavior, which would again render targeted advertising ineffective.
Attorney David Jacoby, a partner in the intellectual property and litigation groups at Schiff Hardin LLP, said the divide between how people view privacy, and the reality, was perhaps best encapsulated by a Russian-built app released earlier this year called
, which mashed up freely available, public information—including people's social networking profile pictures, relationship status and location information via Facebook and Foursquare—to show users images of single women located in their vicinity.
"It freaked people out, not unreasonably," said Jacoby, noting that the developer later voluntarily withdrew the app. "So, who are we trying to educate—and does part of the education have to involve developers?"
Targeting Developers: New Mobile App Guidelines
In fact, the FTC in September published guidance for mobile app developers called
, which answers important related questions "like what to tell users about your app, what information to collect from users, and what to do with any information you collect," said Laura Berger, an attorney for the Division of Privacy and Identity Protection at the FTC, in a
.
Those guidelines, "written with a minimum of legalese," she said, build on privacy efforts announced earlier this year by California Attorney General Kamala D. Harris as part of a settlement involving six of the largest mobile app distributors. Notably, 22 of the 30 most-downloaded apps reviewed by the state didn’t have a privacy policy. As part of the settlement agreement, however, all app distributors will ensure that privacy policies are included, and with the FTC's educational efforts, hopefully those policies will also be meaningful and clearly inform consumers.
FTC: Educating consumers
The mobile app guidelines are just a small part of the FTC's recent efforts to educate consumers and other relevant organizations, as is highlighted by the agency's
which is a working document that includes budget allocations. Notably, the FTC's "prevent fraud, deception and unfair business practices in the marketplace" line item includes $14 million and 50 staff members to "prevent consumer injury through education" and $10 million plus 45 staff members to "enhance consumer welfare through research, reports, rulemaking and advocacy." The agency has also assigned "privacy and identity protection" to be the primary objective for six of its staff members and tasked 21 people with responsibilities related to consumer and business education.
As highlighted by its new mobile app guidelines, the plan also promises that the commission will "study new technologies to enable the FTC to take a lead role in addressing the privacy, security and other risks of consumer harm associated with the technologies." By 2013, the FTC has said it will issue a final report on how to protect consumer privacy, assist Congress with draft legislation and complete its review of the
(COPPA), which restricts the information that websites and other services can collect from children under the age of 13.
Online privacy education resources
The FTC maintains a substantial amount of
on its website, including techniques for preventing identity theft. "There are some fantastic resources that the FTC has, and I'm thinking of
and some of its fantastic consumer alerts," Wolf said.
Overall, he lauded the FTC's privacy education efforts as being right on the mark.
"They're doing an awful lot; they have a lot of material in different languages, and addressing different groups, and in different media," he said. "It's hard to see what more they could be doing."
Of course, the FTC isn't the only game in town when it comes to education. In particular, for consumers who want even more privacy resources, Jacoby recommended reviewing the websites for
as well as the
, which contain in-depth information on a variety of privacy-related issues and court cases.
Security awareness lagging for kids
But if current privacy education efforts are advancing, Wolf sees a dearth of privacy education being aimed at kids. "One thing that's missing from the curriculum of most schools is how to use the Internet. Parents don't just send kids out in the big city, but they often let them online without much instruction at all," he said. In other words, the educational system and parents need to work together to educate kids about the best way to protect their personal information online and on smartphones.
"Protecting privacy is part of that, and it needs to start early. It's about control but also one's reputation, and if you release—or allow other people to release—things that could affect your reputation and ability to get jobs, that has real consequences in a social media world," said Wolf.
