Public Comment for FTC's Commercial Surveillance ANPR

Abstract: These comments, respectfully submitted in response to the Federal Trade Commission’s (FTC) advanced notice of proposed rulemaking (ANPR) on the prevalence of commercial surveillance and data security practices that harm consumers, are based on selected research findings – our own and others. They are organized into four Parts. Part I drives a stake through the heart of direct-to-consumer consent-based approaches, arguing that notice and consent, transparency and choice, and privacy policies are not only ineffe… Show more

“…For example, Google [47], Facebook [7], Proctor & Gamble [21], and other companies have yielded huge returns on their targeted advertising investments. While identifying people's potential shopping interests-based on inferences from their metadata or activities-is not typically a malicious act, there is consternation regarding whether society condones this type of inference [73,85]. After its reputation experienced a temporary dip, Target [38] and other organizations learned to conceal how well they can infer individuals' attributes.…”

“…After its reputation experienced a temporary dip, Target [38] and other organizations learned to conceal how well they can infer individuals' attributes. Nevertheless, organizations continue to direct their advertising at specific users because it is more effective than generalized advertising [7,73]. Although targeted advertising often involves proprietary methods and data that are never intended to be released beyond an organization's authorized analysts, organizations often share inferences with their contracted third-party analysts, circumventing sharing restrictions [44].…”

Mitigating Inference Risks with the NIST Privacy Framework

“…For example, Google [47], Facebook [7], Proctor & Gamble [21], and other companies have yielded huge returns on their targeted advertising investments. While identifying people's potential shopping interests-based on inferences from their metadata or activities-is not typically a malicious act, there is consternation regarding whether society condones this type of inference [73,85]. After its reputation experienced a temporary dip, Target [38] and other organizations learned to conceal how well they can infer individuals' attributes.…”

“…After its reputation experienced a temporary dip, Target [38] and other organizations learned to conceal how well they can infer individuals' attributes. Nevertheless, organizations continue to direct their advertising at specific users because it is more effective than generalized advertising [7,73]. Although targeted advertising often involves proprietary methods and data that are never intended to be released beyond an organization's authorized analysts, organizations often share inferences with their contracted third-party analysts, circumventing sharing restrictions [44].…”

Mitigating Inference Risks with the NIST Privacy Framework