FTC Sets the Pace; Brexit & Privacy
July 8, 2016 – Todd Ruback
What a busy few weeks it has been – both domestically and abroad.
Here in the US, the FTC continues to be an active privacy enforcer, with the announcement of increased penalties of up to $40,000 for some privacy violations of the Telemarketing Sales Rule (TSR), the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (HSR), and the Children’s Online Privacy Protection Act (COPPA). The FTC also announced an important privacy settlement against mobile ad network InMobi over poor data collection practices concerning location data, as well as for COPPA violations. This case is important because it signals the FTC’s ongoing focus upon emerging industries, such as mobile ad tech and privacy.
In EU news, I was as surprised as anyone by England’s approval of the Brexit referendum to leave the EU. While I can’t pretend to know how this will play out politically, Brexit will nonetheless have significant privacy repercussions. Some thought leaders are already speculating whether England, if it indeed leaves the EU, will join the EEA, similar to Norway, and thus still have critical access to the EU market, or whether it will need to pass its own version of the GDPR and apply to Brussels for an “adequacy” designation in order to transfer personal data back to England. What a mess! But as I have long said, privacy means full employment opportunity.
On a brighter note, the EU and US have come to a formal agreement on the final framework of the Privacy Shield, amending some language to address concerns from EU privacy advocates. Some key revisions include a written commitment from the White House to not engage in NSA-style bulk collection of transferred data (unless under specific conditions in a “targeted and focused” manner), a requirement for companies to delete data that no longer serves the original purpose of collection, and for the US ombudsperson in charge of overseeing complaints to operate independently of national security services. According to commission officials, the revised framework has been sent to the Article 31 Committee of EU Members States for approval in July. I commend the negotiators on both sides of the Atlantic for their efforts and cool heads. Well done!
In Ghostery news, I was quoted in a Bloomberg article about Brexit’s impact on international digital marketing; be sure to read through for a good overview of various questions that have been raised. Additionally, CEO Scott Meyer was featured in a podcast on online business blog Growth Everywhere, where he speaks about Ghostery’s journey from conception to a successful and rapidly growing privacy business.
Finally, if you would like to receive the Dispatch via email every week, please sign up here and please follow me on Twitter at @CPORuback, where you can get even more insight and information on privacy and security topics.