FTC filing

Jan 19 2023

Statement of Pam Dixon at the FTC Open Commission Meeting regarding health privacy statements and consumer confusion

Thank you Chair and Commissioners. The profusion of health apps, websites and digital tools that provide consumers with assistance and insights about their health is a positive development. However, it has come at the cost of increasing privacy risks. One of these risks is that consumers are confused about when and where federal health privacy protections apply to their health information.

Nov 06 2009

WPF files comments for FTC Roundtables on privacy standards, consumer expectations of privacy

FTC Privacy Roundtable — The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers’ interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.

Aug 17 2009

FTC issues final rule on health data breaches

Health data breach rulemaking — The Federal Trade Commission has issued its final Health Breach Notification Rule for vendors of Personal Health Records and related entities, as required under ARRA, The American Recovery and Reinvestment Act of 2009. The initial proposed Health Breach Notification Rule was generally thoughtful and thorough. The World Privacy Forum submitted extensive comments on the proposed rule both supporting parts of it and making some suggestions for changes. The FTC incorporated several specific WPF suggestions into the final rule. In particular, the FTC incorporated the applicability of the rule to foreign entities with U.S. customers (Final Rule p. 17), and the applicability of the rule to search engines appearing on Personal Health Record web sites (Final Rule p. 34). The new rule will be published in the Federal Register shortly; until then, it is available at the FTC web site. Also available is a form that entities covered under this rule can use to report data breaches to the FTC. The Health Breach Notification Rule will be effective 30 days after publication in the Federal Register, and full compliance with the rule will be required beginning 180 days after publication.

Feb 28 2005

World Privacy Forum and Privacy Rights Clearinghouse ask the FTC to immediately stop credit bureaus from blocking web links to www.annualcreditreport.com

The World Privacy Forum and the Privacy Rights Clearinghouse sent a letter to the FTC today requesting the agency immediately take steps to protect consumers in advance of the March 1 rollout of free credit reports to Midwestern U.S. residents.

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.