• provide a mechanism to the consumer for opting out (for example, by allowing the consumer to electronically check a box indicating that the consumer is opting out or by sending an email to the operator); and • obtain affirmative express consent (which can be provided online) from consumers before collecting or using sensitive consumer data in connection with online behavioral advertising. Sensitive data includes (but is not limited to): 1) financial data; 2) data about children; 3) health information; 4) precise geographic location information, and 5) social security numbers. The extent and type of protections given to consumer data should be based on the: 1) sensitivity of the data; 2) nature of the company’s business operations; 3) types of risk the company faces; and 4) reasonable protections available to the company. In February 2017, the FTC issued a report detailing recommendations for companies engaged in cross-device tracking for purposes of behavioral advertising. This report suggests that companies: • be transparent about their data collection and use practices; • provide choice mechanisms that give consumers control over their data; • provide heightened protections for sensitive information, including
health, financial, and children’s information; and • maintain reasonable security of collected data.
The FTC has also issued other guidelines and publications relating to privacy and data security that are useful for establishing best practices. Two examples are Protecting Consumer Privacy in an Era of Rapid Change and Self-Regulatory Principles For Behavioral Advertising .
34
Made with FlippingBook - Online Brochure Maker