FTC Official: Cases Against Twitter, Chitika Provide Roadmap To Privacy Enforcement

The Federal Trade Commission seems to have stepped up its privacy enforcement efforts lately, but hasn't yet taken action regarding mobile privacy. But that could potentially change.

The FTC's Maneesha Mithal, director of the division of privacy and identity presentation, told attendees at a Fordham Law event today that, even though the agency lacks jurisdiction over common carriers, it can take enforcement actions against app developers that engage in deceptive practices. What kinds of privacy practices would the FTC consider deceptive? Mithal said two recent cases offered insight. First, the FTC is concerned when companies don't keep users' data secure -- as happened when Twitter security glitches resulted in hackers gaining access to some users' names, passwords and private messages. The agency recently finalized a settlement with Twitter stemming from that data breach. Secondly, she says, failing to live up to promises in privacy policies can trigger FTC action. The agency recently settled with ad network Chitika for telling users they could click on a link to opt out of online behavioral targeting, but then setting those opt-outs to expire after only 10 days. Beyond that, while the FTC would like to see mobile app developers take privacy-friendly steps -- like shedding information as soon as it's no longer needed, and notifying cell phone users about data collection -- the agency doesn't appear to have the authority to force the issue.