FTC regulation of behavioral advertising

Last updated
Federal Trade Commission Official Seal Seal of the United States Federal Trade Commission.svg
Federal Trade Commission Official Seal

The United States Federal Trade Commission (FTC) has been involved in oversight of the behavioral targeting techniques used by online advertisers since the mid-1990s. These techniques, initially called "online profiling", are now referred to as "behavioral targeting"; they are used to target online behavioral advertising (OBA) to consumers based on preferences inferred from their online behavior. During the period from the mid-1990s to the present, the FTC held a series of workshops, published a number of reports, and gave numerous recommendations regarding both industry self-regulation and Federal regulation of OBA. In late 2010, the FTC proposed a legislative framework for U.S. consumer data privacy including a proposal for a "Do Not Track" mechanism. In 2011, a number of bills were introduced into the United States Congress that would regulate OBA. [1]

Contents

Early history

“The Federal Trade Commission has been involved in addressing online privacy issues for almost as long as there has been an online marketplace.” [2] The FTC is now responsible for the enforcement of a number of sector-specific privacy statues, including the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, the CAN-SPAM Act of 2003, and the Telemarketing and Consumer Fraud and Abuse Prevention Act (“Do Not Call Rule”).

In 1995, [3] 1996, [3] and 1997 [4] the FTC held public workshops exploring consumer data privacy issues. At these workshops, online advertising industry advocates pressed for self-regulation, while privacy advocates argued that self-regulation could only be successful when backed up by “legally enforceable rights to information privacy”. [5] Industry lobbyists argued for opt-out, which allows companies to use personal information for the purposes stated in a privacy policy or other form of notification, unless the consumer “opts-out” and notifies the company not to use the personal information in a certain manner, such as for marketing. Privacy advocates argued for prior affirmative consent, and suggested that software could be used by consumers to communicate their privacy preferences automatically. [5]

In 1998, the FTC released a report in which it undertook a comprehensive review of commercial websites’ disclosures of their privacy practices and laid out the Fair Information Practice Principles (FIPPs). The report concluded that, “[a]s evidenced by the Commission’s survey results, and despite the Commission’s three-year privacy initiative supporting a self-regulatory response to consumers’ privacy concerns, the vast majority of online businesses have yet to adopt even the most fundamental fair information practice (notice/awareness)”. [6]

The FTC held a further public workshop in 1999, [7] and in May 2000, released a report which for the first time recommended that Congress pass online privacy legislation to create a basic level of data privacy protection for consumer-oriented commercial web sites. [8]

In July 2000, the FTC recommended for the first time that legislation should be passed to protect Internet user’s privacy vis-à-vis online profiling. [9] The FTC further stated that “backstop legislation addressing online profiling is still required to fully ensure that consumers’ privacy is protected online” and recommended that [technology neutral] legislation be passed that created a basic level of privacy protection for users of “consumer-oriented commercial websites with respect to profiling”. [10] Under the FTC’s 2000 proposal, all online advertising networks and consumer-oriented commercial websites that allowed the collection of information from or about consumers would be required to implement and comply with the FIPPs. [9]

Congress did not enact the FTC’s recommended legislation, and another decade would pass before the FTC again proposed legislation to regulate OBA. [11]

FTC Commissioner Timothy Muris turned the FTC’s attention away from online privacy and OBA regulation in 2001, stating, “[t]he slowing of the growth of the Internet emphasizes the need to understand the cost of online privacy legislation…At this time, we need more law enforcement, not more laws”. [12]

Return to regulatory focus

In 2006 the FTC once again took up the mantle of online privacy protection at the November 2006 FTC forum, “Tech-ade”, which examined the “key technological and business developments that will shape consumers’ core experiences in the coming ten years”. [13] Participants at the forum described how technological advances in online profiling (now called “behavioral” advertising, targeting, or marketing), had allowed the practice to become more widespread and efficient. [14]

Building on the Tech-ade hearings, the FTC hosted a town hall meeting in November 2007 focused specifically on the privacy implications of behavioral advertising practices called, “Ehavioral Advertising: Tracking, Targeting, and Technology”. [15] The public meeting was prompted, in part, by the growth of behavioral advertising and the interest of large Internet companies in using such techniques to deliver narrowly targeted ads. These developments included Google’s plans to acquire DoubleClick, AOL’s interest in Tacoda, and Microsoft and Yahoo’s continued expansion of their own behavioral advertising products. [16] They also included a presentation by eBay with a live demonstration of the ebay.com website, highlighting the first on ad links enabling consumers to opt out of behavioral ads via an eBay program called AdChoice.

In December 2007, the FTC promulgated a set of proposed “Principles” intended to provide a basis for the online advertising industry’s self-regulatory efforts to address privacy concerns. [17] The Principles “call for companies to obtain affirmative express consent from consumers before they use data in a manner that is materially different than promised at the time of collection and before they collect and use 'sensitive' consumer data for behavioral advertising”. [18]

The FTC followed up this 2007 report with a further report in 2009, which further clarified the self-regulatory principles. [19] At the time, a coalition of consumer groups proposed a “Do Not Track List” in their comments to the 2007 town hall meeting. [20]

The FTC’s 2010 report

In a December 2010 report, the FTC proposed a new regulatory framework for consumer data privacy, including a proposal for a “Do Not Track” mechanism which would allow Internet users to opt out of OBA. [11]

In the report the FTC describes the limitations of the existing notice and choice model, which it states, “have become increasingly apparent in recent years”. [21] The FTC states that the notice and choice-based model, “encourages companies to develop privacy notices describing their information collection and use practices to consumers, so that consumers can make informed choices”. [22] However, “the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand. Likewise, the harm-based model has been criticized for failing to recognize a wider range of privacy-related concerns, including reputational harm or the fear of being monitored”. [22]

In order to address the issues with the notice-and-choice-based model, the FTC’s proposed privacy framework calls on companies to provide consumers with a meaningful choice in regards to OBA tracking, but sets forth “a limited set of data practices for which choice is not necessary” called “commonly accepted practices”. [23] The commonly accepted practices include: Product and service fulfillment, internal operations, fraud prevention, legal compliance and first-party marketing, including contextual marketing. [24]

OBA, along with deep packet inspection (DPI), are specifically noted as not “commonly accepted practices”. [25] Furthermore, the report states that the FTC supports prior “affirmative express consent” in regards to the collection of “sensitive information” (children, financial and medical information, precise geolocation data) for OBA. [26]

Do Not Track

In the 2010 report, the FTC proposed a “uniform and comprehensive consumer choice mechanism” for OBA, referred to as “Do Not Track”. The FTC states, “[t]he most practical method of providing uniform choice for online behavioral advertising would likely involve placing a setting similar to a persistent cookie on a consumer’s browser and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements”. [27] The FTC believes that a "Do Not Track" mechanism is preferable to the existing browser-based cookie opt-outs as it is more “clear, easy to locate and effective” and it conveys the user’s choice to opt out of tracking directly to websites. [28]

FTC goes to Congress

On March 16, 2011, the FTC appeared before the United States Senate Commerce Committee. At the hearing, the FTC recommended imposing more stringent measures to protect Internet users against unauthorized tracking in support of behavioral advertising, including a universal Do Not Track browser setting. [29]

The FTC also announced its first behavioral advertising case, filed against network advertiser Chitika for using a deceptive opt-out mechanism. [29] As part of the settlement, the FTC required that Chitika link all its advertising to an effective opt-out mechanism in the future. It has been commented that, “[t]his requirement of a hyperlink embedded in online advertisements is a good indicator of the type of Do Not Track mechanism that will be acceptable to the FTC if 'Do Not Track' becomes mandatory”. [29]

At the same Senate hearing, the Barack Obama administration called for a new “Internet user’s bill of rights”, which would give the FTC authority to regulate online behavioral advertising. [29]

Congress proposes legislation

Do Not Track Me Online Act of 2011

Representative Jackie Speier (D-CA) introduced the “Do Not Track Me Online Act of 2011”, [30] which would authorize the FTC to promulgate regulations requiring online advertisers and websites to allow users to opt out of having their online activities tracked through the creation of a do-not-track mechanism. The bill gives users the ability to block all collection of data for OBA but gives an exception for commonly accepted practices such as fraud prevention and inventory control. [30] The bill authorizes the FTC to enforce the new regulations by conducting random audits of Web publishers, although the proposed regulations contain an exception for websites that have less than 10,000 visitors per year. [31] The bill never reached a vote and died in Congress. [32]

Commercial Privacy Bill of Rights Act of 2011

On April 12, 2011, Senator John Kerry introduced the “Commercial Privacy Bill of Rights Act of 2011”, co-sponsored by Senator John McCain. [33] At the press conference to introduce the bill, Senators Kerry and McCain said that the bill struck a compromise between business and consumer interests, noting that the bill was supported by Microsoft, Intel, and eBay. [34]

The bill tasks the FTC with developing rules specifically targeted at OBA, requiring companies to offer consumers “a robust, clear, and conspicuous” opt-out mechanism from the use of their personally identifiable information by third parties “for behavioral advertising or marketing”. [35]

The bill calls for the FTC to create regulations requiring businesses collecting personally identifiable information, such as names and email addresses, to provide “clear, concise and timely notice” of data collection, use and transfer, along with “a clear and conspicuous mechanism for opt-out consent for any unauthorized use of [consumers'] personally identifiable information.” [35]

The bill contains a provision which would require opt-in consent for the “collection, use or transfer of sensitive personally identifiable information”. Sensitive personally identifiable information is defined as “personally identifiable information which, if lost, compromised, or disclosed without authorization either alone or with other information, carries a significant risk of economic or physical harm” or is related to a particular medical condition, health record or the religious affiliation of an individual. [33]

The bill also tasks the FTC with establishing a voluntary safe harbor program to review, approve, and monitor self-regulatory programs that provide consumers with “clear, conspicuous, persistent and effective” opt-out from online behavioral advertising or location-based advertising. [36] Once a self-regulatory program is approved by the FTC and the members of that program are covered by the safe harbor, those members would be exempt from some of the provisions of the bill. [36]

The bill does not include the FTC’s proposed Do Not Track mechanism, which Senator McCain stated at the press conference, “didn't seem to fit in our ability to get a balance for consumer and industry support”. [36]

The bill also does not include a private right of action, leaving enforcement up to the FTC and State Attorneys General. [36]

Consumer and privacy advocates have stated that the bill was not strong enough and should contain the FTC’s Do Not Track proposal. [36]

Related Research Articles

<span class="mw-page-title-main">Federal Trade Commission</span> United States government agency

The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) antitrust law and the promotion of consumer protection. The FTC shares jurisdiction over federal civil antitrust law enforcement with the Department of Justice Antitrust Division. The agency is headquartered in the Federal Trade Commission Building in Washington, DC.

Center for Democracy & Technology (CDT) is a Washington, D.C.-based 501(c)(3) nonprofit organisation that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the internet for purposes of well-intent, while at the same time reducing its potential for harm. It advocates for transparency, accountability, and limiting the collection of personal information.

A privacy policy is a statement or legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. Personal information can be anything that can be used to identify an individual, not limited to the person's name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services. In the case of a business, it is often a statement that declares a party's policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises. Privacy policies typically represent a broader, more generalized treatment, as opposed to data use statements, which tend to be more detailed and specific.

The term opt-out refers to several methods by which individuals can avoid receiving unsolicited product or service information. This option is usually associated with direct marketing campaigns such as e-mail marketing or direct mail. A list of those who have opted out is called a Robinson list.

BBB National Programs, an independent non-profit organization that oversees more than a dozen national industry self-regulation programs that provide third-party accountability and dispute resolution services to companies, including outside and in-house counsel, consumers, and others in arenas such as privacy, advertising, data collection, child-directed marketing, and more. The Center for Industry Self-Regulation (CISR) is BBB National Programs' 501(c)(3) non-profit foundation. CISR supports responsible business leaders in developing fair, future-proof best practices, and the education of the public on the conditions necessary for industry self-regulation.

<span class="mw-page-title-main">Jon Leibowitz</span> American lawyer

Jonathan David Leibowitz is an American attorney who served under President Barack Obama as Chair of the Federal Trade Commission (FTC) from 2009 to 2013. Leibowitz was appointed to the commission in 2004, and resigned in 2013. During Leibowitz's tenure, the FTC brought privacy cases against Google, Facebook and others for violating consumer privacy, as well as enforcement against "pay-for-delay" deals in which pharmaceutical companies paid competitors to stay out of the market. Prior to joining the FTC, Leibowitz was Vice President for Congressional Affairs from 2000 to 2004 of the MPAA.

The Online Privacy Alliance was a cross-industry coalition of 81 e-commerce companies and associations. It formed in 1998 with the aim of providing a unified voice for companies in the Internet industry to contribute to the definition of privacy policy for the Internet.

The United States Commission's fair information practice principles (FIPPs) are guidelines that represent widely accepted concepts concerning fair information practice in an electronic marketplace.

The NAI (Network Advertising Initiative) is an industry trade group founded in 2000 that develops self-regulatory standards for online advertising. Advertising networks created the organization in response to concerns from the Federal Trade Commission and consumer groups that online advertising — particularly targeted or behavioral advertising — harmed user privacy. The NAI seeks to provide self-regulatory guidelines for participating networks and opt-out technologies for consumers in order to maintain the value of online advertising while protecting consumer privacy. Membership in the NAI has fluctuated greatly over time, and both the organization and its self-regulatory system have been criticized for being ineffective in promoting privacy.

In re Gateway Learning Corp, 138 F.T.C. 443 File No. 042-3047, was an investigatory action by the Federal Trade Commission (FTC) of the Gateway Learning Corporation, distributor of Hooked on Phonics. In its complaint, the FTC alleged that Gateway had committed both unfair and deceptive trade practices by violating the terms of its own privacy policy and making retroactive changes to its privacy policy without notifying its customers. Gateway reached a settlement with the FTC, entering into a consent decree in July 2004, before formal charges were filed.

<span class="mw-page-title-main">David Vladeck</span>

David C. Vladeck is the former director of the Bureau of Consumer Protection of the Federal Trade Commission, an independent agency of the United States government. He was appointed by the chairman of the FTC, Jon Leibowitz, on April 14, 2009, shortly after Leibowitz became chairman.

<span class="mw-page-title-main">Julie Brill</span> American lawyer

Julie Simone Brill is an American lawyer who serves as Chief Privacy Officer and Corporate Vice President for Global Privacy, Safety and Regulatory Affairs at Microsoft. Prior to her role at Microsoft, Brill was nominated by President Barack Obama on November 16, 2009, and confirmed unanimously by the US Senate to serve as Commissioner of the US Federal Trade Commission on March 3, 2010. Brill served as a Commissioner of the Federal Trade Commission (FTC) from 2010 to 2016.

Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.

Do Not Track legislation protects Internet users' right to choose whether or not they want to be tracked by third-party websites. It has been called the online version of "Do Not Call". This type of legislation is supported by privacy advocates and opposed by advertisers and services that use tracking information to personalize web content. Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt-out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of that data outside its context. Efforts to standardize Do Not Track by the World Wide Web Consortium did not reach their goal and ended in September 2018 due to insufficient deployment and support.

<span class="mw-page-title-main">Chris Hoofnagle</span>

Chris Jay Hoofnagle is an American professor at the University of California, Berkeley who teaches information privacy law, computer crime law, regulation of online privacy, internet law, and seminars on new technology. Hoofnagle has contributed to the privacy literature by writing privacy law legal reviews and conducting research on the privacy preferences of Americans. Notably, his research demonstrates that most Americans prefer not to be targeted online for advertising and despite claims to the contrary, young people care about privacy and take actions to protect it. Hoofnagle has written scholarly articles regarding identity theft, consumer privacy, U.S. and European privacy laws, and privacy policy suggestions.

<i>United States v. Google Inc.</i>

United States v. Google Inc., No. 3:12-cv-04177, is a case in which the United States District Court for the Northern District of California approved a stipulated order for a permanent injunction and a $22.5 million civil penalty judgment, the largest civil penalty the Federal Trade Commission (FTC) has ever won in history. The FTC and Google Inc. consented to the entry of the stipulated order to resolve the dispute which arose from Google's violation of its privacy policy. In this case, the FTC found Google liable for misrepresenting "privacy assurances to users of Apple's Safari Internet browser". It was reached after the FTC considered that through the placement of advertising tracking cookies in the Safari web browser, and while serving targeted advertisements, Google violated the 2011 FTC's administrative order issued in FTC v. Google Inc.

<span class="mw-page-title-main">Jonathan Mayer</span> American computer scientist and lawyer

Jonathan Mayer is an American computer scientist and lawyer. He is an Assistant Professor of Computer Science and Public Affairs at Princeton University affiliated with the Center for Information Technology Policy, and was previously a PhD student in computer science at Stanford University and a fellow at the Center for Internet and Society and the Center for International Security and Cooperation. During his graduate studies he was a consultant at the California Department of Justice.

AdChoices is a self-regulatory program for online interest-based advertising that exists in the United States, Canada and across Europe. The program calls for advertising companies to establish and enforce responsible privacy practices for interest-based advertising, aimed to give consumers enhanced transparency and control. Companies adhere to a set of principles that are enforced by accountability programs.

Digital Content Next (DCN) is a nonprofit international trade association for the digital content industry. DCN develops research, holds informational events and provides policy guidance. It was known as the Online Publishers Association (OPA) until May 2014.

The gathering of personally identifiable information (PII) is the practice of collecting public and private personal data that can be used to identify an individual for both legal and illegal applications. PII owners often view PII gathering as a threat and violation of their privacy. Meanwhile, entities such as information technology companies, governments, and organizations use PII for data analysis of consumer shopping behaviors, political preference, and personal interests.

References

  1. H.R. 654, Rep. Jackie Speier (D-CA), Do Not Track Me Online Act of 2011, http://speier.house.gov/uploads/Do%20Not%20Track%20Me%20Online%20Act.pdf Archived 2011-04-06 at the Wayback Machine , Sen. John Kerry (D-MA), cosponsor Sen. John McCain (R-AZ), Commercial Privacy Bill of Rights Act of 2011 (April 12, 2011), http://kerry.senate.gov/work/issues/issue/?id=74638d00-002c-4f5e-9709-1cb51c6759e6&CFID=86949172&CFTOKEN=10485539 Archived 2011-04-16 at the Wayback Machine
  2. FTC, Privacy Online: A Report to Congress (June 1998), http://www.ftc.gov/reports/privacy3/priv-23a.pdf Archived 2010-05-27 at the Wayback Machine
  3. 1 2 FTC Staff Report, Public Workshop on Consumer Privacy on the Global Information Infrastructure, Dec. 1996, http://www.ftc.gov/reports/privacy/Privacy1.shtm Archived 2010-05-27 at the Wayback Machine .
  4. See - FTC, FTC Announces Two Significant Efforts In Its Comprehensive Examination Of Consumer Privacy (March 4, 1997), http://www.ftc.gov/opa/1997/03/conspriv.shtm Archived 2011-10-11 at the Wayback Machine .
  5. 1 2 FTC Staff Report, Public Workshop on Consumer Privacy on the Global Information Infrastructure (December 1996), at 2, http://www.ftc.gov/reports/privacy/Privacy1.shtm Archived 2010-05-27 at the Wayback Machine .
  6. FTC, Privacy Online: A Report to Congress (June 1998), at 41, http://www.ftc.gov/reports/privacy3/priv-23a.pdf Archived 2010-05-27 at the Wayback Machine .
  7. FTC Press Release, FTC and Commerce Dept. to Hold Public Workshop on Online Privacy (September 15, 1999), http://www.ftc.gov/opa/1999/09/profiling.shtm Archived 2010-06-04 at the Wayback Machine .
  8. FTC, Privacy Online: Fair Information Practices in the Electronic Marketplace (May 2000), http://www.ftc.gov/reports/privacy2000/privacy2000.pdf.
  9. 1 2 FTC, Online Profiling: A Report To Congress, Part 2 Recommendations (July 2000), at 11, http://www.ftc.gov/os/2000/07/onlineprofiling.pdf Archived 2010-03-08 at the Wayback Machine .
  10. FTC, Online Profiling: A Report To Congress, Part 2 Recommendations (July 2000), at 10, http://www.ftc.gov/os/2000/07/onlineprofiling.pdf Archived 2010-03-08 at the Wayback Machine .
  11. 1 2 FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  12. Timothy J. Muris, Protecting Consumers' Privacy: 2002 and Beyond, Remarks delivered at the Privacy 2001 Conference (October 4, 2001), http://www.ftc.gov/speeches/muris/privisp1002.shtm Archived 2010-01-15 at the Wayback Machine .
  13. FTC, Protecting Consumers in the Next Tech-ade: A Report by the Staff of the Federal Trade Commission (March 2008), http://www.ftc.gov/os/2008/03/P064101tech.pdf.
  14. FTC Staff Report, Self-Regulatory Principles For Online Behavioral Advertising, Behavioral Advertising Tracking, Targeting, & Technology (February 2009), at 8, "Archived copy" (PDF). Archived from the original (PDF) on 2010-06-04. Retrieved 2010-03-11.{{cite web}}: CS1 maint: archived copy as title (link).
  15. FTC, Town Hall, Ehavioral Advertising: Tracking, Targeting, and Technology, http://www.ftc.gov/bcp/workshops/ehavioral/index.shtml.
  16. See FTC to Examine Consumer Tracking Practices Used by Online Ad Industry, 6 PVLR 1275 (2007).
  17. FTC, Online Behavioral Advertising Moving the Discussion Forward to Possible Self-Regulatory Principles (December 2007), http://www.ftc.gov/os/2007/12/P859900stmt.pdf Archived 2010-12-26 at the Wayback Machine .
  18. FTC, Online Behavioral Advertising Moving the Discussion Forward to Possible Self-Regulatory Principles (December 2007), at 5, http://www.ftc.gov/os/2007/12/P859900stmt.pdf Archived 2010-12-26 at the Wayback Machine .
  19. FTC Staff Report, Self-Regulatory Principles For Online Behavioral Advertising, Behavioral Advertising Tracking, Targeting, & Technology (February 2009), "Archived copy" (PDF). Archived from the original (PDF) on 2010-06-04. Retrieved 2010-03-11.{{cite web}}: CS1 maint: archived copy as title (link).
  20. FTC Staff Report, Self-Regulatory Principles For Online Behavioral Advertising, Behavioral Advertising Tracking, Targeting, & Technology (February 2009), at 32, "Archived copy" (PDF). Archived from the original (PDF) on 2010-06-04. Retrieved 2010-03-11.{{cite web}}: CS1 maint: archived copy as title (link).
  21. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 19, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  22. 1 2 FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at iii, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  23. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 53, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  24. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 53 – 55, see also note 134 at 55, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  25. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 58, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  26. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 61, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  27. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 66, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  28. FTC, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010), at 67, http://www.ftc.gov/os/2010/12/101201privacyreport.pdf.
  29. 1 2 3 4 Dominique R. Shelton and Clinton J. McCord, How to Respond to Recent Developments in Consumer Information Regulation (March 23, 2011), http://www.wildman.com/bulletin/3232011/ Archived 2011-07-20 at the Wayback Machine .
  30. 1 2 H.R. 654, Rep. Jackie Speier (D-CA), Do Not Track Me Online Act of 2011, http://speier.house.gov/uploads/Do%20Not%20Track%20Me%20Online%20Act.pdf Archived 2011-04-06 at the Wayback Machine
  31. Wendy Davis, Privacy 'Track' Bill Draws Key Support, Online Media Daily (February 11, 2011), http://www.mediapost.com/publications/article/144858/
  32. H.R. 654 — 112th Congress: Do Not Track Me Online Act.” www.GovTrack.us. 2011. May 1, 2017
  33. 1 2 Sen. John Kerry (D-MA), cosponsor Sen. John McCain (R-AZ), Commercial Privacy Bill of Rights Act of 2011 (April 12, 2011), http://kerry.senate.gov/work/issues/issue/?id=74638d00-002c-4f5e-9709-1cb51c6759e6&CFID=86949172&CFTOKEN=10485539 Archived 2011-04-16 at the Wayback Machine
  34. "Senators introduce Internet privacy bill". The Washington Post. Retrieved 2023-07-17.
  35. 1 2 Kate Kay, Kerry and McCain Bill Signals Privacy Law Momentum, clickz.com (April 12, 2011), http://www.clickz.com/clickz/news/2042942/kerry-mccain-signals-privacy-law-momentum.
  36. 1 2 3 4 5 Kang, Cecilia (2023-06-27). "Senators introduce Internet privacy bill". Washington Post. Retrieved 2023-07-17.