If you tried to follow privacy issues affecting direct marketing in 2012, you were looking everywhere. While there was no single major impact from legislation, there was agreement among the Federal Trade Commission (FTC), the White House and the Department of Commerce on the direction self-regulatory codes or legislation should take.
Privacy activity demanded our attention locally, nationally and globally. New controls came not just from new regulations, but changes and clarifications to existing regulations. Direct marketers were the focus of investigations from bipartisan congressional caucuses, the FTC and major media outlets.
Considering the rapid pace of change in technology and how quickly marketers are being asked to adapt to those changes, this diverse landscape of privacy controls and influencers is probably the new normal. It will require marketers to be more vigilant than ever to our practices and how we are perceived as an industry.
Privacy got off to a quick start in 2012 when, in February, the White House released its proposed "Consumer Privacy Bill of Rights." The FTC followed with its final commission report on "Protecting Consumer Privacy in an Era of Rapid Change." While neither was introduced as legislation, there is significant common ground and they provide a framework for legislators or industry groups to build upon.
In the spring, focus shifted to the European Union where the cookie law went into effect, though businesses are still trying to figure out how to comply. By the end of the year, there was a flurry of activity that included guidance on de-identification of PHI under HIPAA, changes to the Video Privacy Protection Act, enforcement of the Online Privacy Protection Act in California and dramatic expansions to the Children's Online Privacy Protection Act.
What can the activity in 2012 tell marketers about what to expect in 2013? I don't have a crystal ball, but here are some things that I'm watching.
• Mobile App Privacy: With California's enforcement of the Online Privacy Protection Act, app developers should already be posting privacy policies about how data is collected and used on websites and through their apps. The penalties for non-compliance are high. The FTC is looking at similar issues, and released new recommendations in a February staff report, "Mobile Privacy Disclosures: Building Trust Through Transparency."
• Children's Online Privacy Protection Act (COPPA): The new COPPA rules announced in December will take effect in July and will affect any website or app that has content that might reasonably appeal to children. The impact is still being analyzed, but it will certainly affect ad networks and app developers previously unregulated by COPPA.
• EU Data Protection: The EU continues to work on overhauling the data protection directive from 1995. Despite strong lobbying by both the U.S. government and private sector, challenging new regulation will likely pass this year and be in effect as early as 2015.
• GPS Tracking: A Senate committee approved a bill last year to ban apps that let a person track another person without their knowledge. The legislation will have to be reintroduced to move forward, but unintended consequences could affect legitimate uses of location services.
• Big Data: One area to watch is the increasing interest in Data Brokers by the FTC and Congress. The DMA has launched the Data-Driven Marketing Institute as a forum to discuss the responsible use of data in marketing and the resulting benefits to consumers.
• Do Not Track: The initiative to create formal standards which would allow consumers to indicate their preferences with regard to being "tracked" online is likely on its last leg with respect to becoming an actual World Wide Web Consortium standard. But with parts of the technology already incorporated into major browsers, we can expect a vigorous debate relating to what data collectors should do when they see a DNT signal. New legislation or enforcement under existing authority is also something we should be on the lookout for.
