The mechanism, likely to be a setting on consumers' browsers, was a primary recommendation of a preliminary report released by the FTC on Wednesday detailing a proposed framework to protect consumer privacy.
The framework would apply to all online and offline commercial organizations that collect, maintain, share or use customer data.
“A lot of people in Washington have been spending time thinking about the budget deficit,” FTC Chairman Jon Leibowitz said during a conference call with members of the media on Wednesday. “We have been thinking about the privacy deficit that American consumers suffer from.”
The framework includes three basic components.
First, the FTC calls on companies to adopt an approach called “Privacy by Design,” by building privacy protections into their everyday business practices. The approach, first developed by Ann Cavoukian, Ontario's information and privacy commissioner, includes protections such as collecting only the data needed for a specific business purpose and retaining data only as long as necessary to fulfill that purpose.
Click here to view a video during which Ann Cavoukian discusses the Privacy by Design approach.
Secondly, the FTC wants companies to provide choices to consumers about their data practices in a simpler, more streamlined way, the report states.
As it relates to behavioral advertising, the FTC recommended that users be able to opt-out of data collection though a browser setting that would signal to websites a user's choices about whether to be tracked or receive targeted advertisements.
Several companies, such as Apple and Mozilla, have already experimented with this type of feature, Leibowitz said.
Finally, the FTC is proposing that companies increase transparency by educating consumers about their data policies and the choices available to them.
The FTC has been the primary privacy policy and enforcement agency in the United States since the enactment of the Fair and Credit Reporting Act in 1970. The agency also has authority, under the FTC Act, to take action against acts or practices deemed “deceptive or unfair.” The FTC has used this authority to bring many cases against companies that have failed to protect the privacy of consumers' personal information.
The United States does not currently have an overarching federal law addressing privacy and data security.
The FTC report, intended to provide best practices for businesses and guidance to lawmakers, says that industry-specific efforts to address privacy through self-regulation have so far been inadequate.
The FTC, however, is not calling for legislative action – yet, Leibowitz said.
“Despite some good actions, self-regulation of privacy has not worked adequately for American consumers,” he said. “Industry as a whole needs to do a far better job. From my perspective, a legislative solution will surely be needed if industry doesn't step up to the plate.”
The proposed framework was developed following a series of three FTC-led public roundtables to explore the privacy challenges facing businesses that collect and use consumer data.
The FTC is seeking comment on the report through the end of January and plans to issue a final report next year.