FTC’s Shot Across the Bow: Purpose and Use Restrictions Could Frame The Future of Personal Data Management

I just read a wonderful piece from Joseph Duball,1 who reported on the U.S. Federal Trade Commissioner Rebecca Kelly Slaughter’s keynote at the IAPP’s “Privacy. Security. Risk 2021” event. According to Duball, Slaughter suggests that we need to change “the way people view, prioritize, and conceptualize their data.”

“Too many services are about leveraging consumer data instead of straightforwardly providing value. For even the savviest users, the price of browsing the internet is being tracked across the web.” – Rebecca Kelly Slaughter, Commissioner, U.S. Federal Trade Commission 20212

According to Slaughter, privacy issues within data-driven markets stem from surveillance capitalism, which is fueled by indiscriminate data collection practices. She suggests that the remedy to curtail these practices is to focus on “purpose and use” restrictions and limitations rather than solely relying on the notice & choice framework. In other words, in the future industry may no longer justify data practice with explanations like “they opted in” and “we got consent” or falling ba

“Collection and use limitations can help protect people’s rights. It should not be necessary to trade one’s data away as a cost of full participation in society and the modern information economy.” – Rebecca Kelly Slaughter, Commissioner, U.S. Federal Trade Commission 20213

FTC Has Concerns Other Than Privacy

So that there is no uncertainty or doubt, however, Duball4 reports that, while consumer privacy is a chief concern for the commission, it is not the primary concern to the exclusion of other concerns. The commission is also worried about algorithmic bias and “dark patterns” practices. In other words, it is not just about the data, it is about the methods used to “trick” people into giving it up and how it is processed and applied to business decision-making.

Takeaway

My takeaway is that it is time for organizations to take a serious look at revamping their end-to-end processes and tech-stacks. This is a c-suite leadership all-hands-on-deck moment. It will take years for the larger organizations to turn their flotilla in the right direction, and for the industry at large to sort everything out. However, rest asserted, the empowered person–the self-sovereign individual–is nigh and will sort it out for industry soon enough.

There is time, but not much, maybe three, five, or seven years, before the people will be equipped with the knowledge and tools to take back control of their data. It is already happening; just look at open banking in the UK. These new tools, aka personal information management systems, will enable people to granularly exchange data on their terms with their stated purpose of use, not the businesses. They will give them the power to process data in a way that protects them from bias or at least helps them know when it is happening.

Why should businesses care about all this? Well, I predict, as do many so I’m not too far out on a limb here, that in the not-too-distant future, the empowered, connected individual will walk with their wallet and only do business with those institutions that respect their sovereignty, both physically and digitally. So, to all out there, it is time, and it is time to prepare for the future.

REFERENCES


  1. Duball, Joseph. “On the Horizon: FTC’s Slaughter Maps Data Regulation’s Potential Future.” The Privacy Advisor, November 2021. https://iapp.org/news/a/on-the-horizon-ftcs-slaughter-maps-data-regulations-potential-future/.↩︎
  2. IBID.↩︎
  3. IBID.↩︎
  4. IBID.↩︎

Tags: , , , , ,

Top