[Global_industry_committee] Preliminary FTC Staff Report - Protecting Consumer Privacy in an Era of Rapid Change

Colin Watson colin.watson at owasp.org
Tue Jan 18 12:28:22 EST 2011


I'm going to work through this one tomorrow, and see where we can best
comment, if at all.  These 3 questions may be the most relevant:

  "How can the full range of stakeholders be given an incentive to
   develop and deploy privacy-enhancing technologies?

   "What roles should different industry participants – e.g., browser vendors,
    website operators, advertising companies – play in addressing privacy
   concerns with more effective technologies for consumer control?"

   "Is the list of proposed “commonly accepted practices” set forth in
    Section V(C)(1) of the report too broad or too narrow?"


On 17 December 2010 14:49, Colin Watson <colin.watson at owasp.org> wrote:
> I'm less certain about this...
>  Protecting Consumer Privacy in an Era of Rapid Change
>  A framework for businesses and policymakers
>  http://www.ftc.gov/os/2010/12/101201privacyreport.pdf
> but it is aimed at business, and OWASP has already been cited in this
> FTC document:
>  Protecting Personal Information: A Guide for Business
>  http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business
> The proposed framework is based on three principles, which have some
> relevant content:
> 1. Privacy by design
> 2. Simplified choice
> 3. Greater transparency
> In the first of these "data security" is listed as an example practice
> to build in.  This document also talks about a persistent mechanism to
> allow consumers to opt out of tracking - commentators elsewhere
> believe this might be a "Do Not Track" header added by the browser.  I
> think we need to be careful what constitutes tracking - behavioural
> advertising yes, but how about security event logging, incident
> response or even session management?
> Responses are being accepted until 31 January 2011.  Is it worth responding to:
> 1. if OWASP has something relevant to say, and
> 2. to keep OWASP on the radar as an organisation that engages with others
> ?
> Regards
> Colin Watson
> Global Industry Committee
> http://www.owasp.org/index.php/Global_Industry_Committee

More information about the Global_industry_committee mailing list