maintain, share, or otherwise use consumer data either online or offline, contains three top-levelmaxims:
Privacy by Design
: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services. Thisincludes incorporating substantive privacy protections – such as data security and retention practices – into business processes and maintaining comprehensive data management procedures throughout the lifecycle of products and services (Note: in the mobile context,the FTC used as an example that if a mobile App is providing traffic and weather informationto a consumer based on his or her location information, it does not need to collect contactlists or call logs from the consumer’s device
Simplifying Consumer Choice
Increasing Consumer Transparency
: Companies should increase the transparency of their data practices, such as by (i) clarifying, shortening, and standardizing privacy notices;(ii) providing reasonable access to the consumer data they maintain; (iii) providing prominentdisclosures and obtaining affirmative express consent before using consumer data in amaterially different manner than claimed when the data was collected; (iv) obtainingaffirmative express consent when sensitive information such as financial information iscollected and used for online behavioral advertising; and (v) working to educate consumersabout commercial data privacy practices.The Department of Commerce “Green Paper” entitled “Privacy and Information Innovation: ADynamic Privacy Framework for the Internet Age,”
(DOC Green Paper) argued that preservingconsumer privacy online and thereby bolstering consumer trust in the Internet is essential for businesses to succeed online.
Like the draft staff FTC Report, the DOC Green Paper proposedincreasing protections privacy principles, including by enhancing transparency, encouraginggreater detail in purpose specifications and use limitations, and fostering the development of verifiable auditing and accountability programs.As mentioned above, both the draft staff FTC Report and the DOC Green Paper are expected toaffect and influence U.S. privacy law and enforcement in the coming years, including withrespect to mobile Apps.Selected International Laws