- Jul 27, 2015
Attorneys General from 33 US states are urging the Federal Trade Commission to take a practical step toward reining in commercial surveillance of consumers and minimize the data companies are authorized to collect.
The letter [PDF] comes in response to the FTC's August announcement that it was seeking public comments on whether or not it should implement federal regulations around unfair or deceptive data collection, storage, analysis, and other practices. "Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices and what those rules should potentially look like," FTC chair Lina Khan said in August. The letter makes the ultimate argument for minimizing data collection, but also suggests how different types of data should be handled. Location, biometric, and medical data are all cited as concerns, and the AGs urge the FTC to develop rules that promote "fairness, transparency and accountability to consumers." Luckily, there are some state laws that already do much of what the AGs want, making it easy to point to examples.
Location data, the AGs argue, is incredibly revealing, even when anonymized, and such data can also be used to discriminate against certain groups through "digital redlining," a process through which companies check users' geographically location. "California, Connecticut, and Virginia all have laws which protect or restrict the use and collection of location data in some ways," the AGs said.
Consumers are often in the dark about biometric data, which is readily supplied to companies that offer retina, face, and fingerprint scanning technologies. "But consumers are not always aware of when their data is collected, how it is used, or if it is resold for purposes to which they never meaningfully consented," the AGs said.
They note that Illinois and Texas both have laws that, while not banning the capture of biometric data, "provide safeguards and regulate the capture and use of this data in various ways."
Medical data is being leaked by third-party software like tracking pixels, while health-adjacent data that includes anything collected by wearables, smart devices or apps is available online to the highest bidder as no health-adjacent data is covered by HIPAA, the AGs said.