Probably the most specific recommendation is a "Do Not Track" mechanism, which would give users stronger control over what companies can collect. FTC chair Jon Leibowitz said that in the last year, companies had made "great strides" in the system, and that he expected a comprehensive, usable version to be in place by most major sites and companies by the end of the year. Leibowitz said he was optimistic that this could be done without legislation, but that Congress should step in if insufficient progress was made.
"It's fairly limited, and it's the right thing to do."
There was also discussion of a centralized website where users could find information about what was being traded by "data brokers," and the FTC said it strongly supported legislation regarding groups that resold consumer data. However, Leibowitz said that he was pleased with the overall progress made in privacy policies, believing that companies had an incentive not only to avoid regulation, but to gain consumer trust with clearer policies. "It's fairly limited, and it's the right thing to do... and it's good for your business."
One area that was touched on but not elaborated upon was the issue of mobile device privacy. The Commission plans to hold a workshop in May that will address mobile privacy disclosures, something it hopes will "spur further industry self-regulation." With Congress probing iOS app policies, however, it's possible that self-regulation isn't going to be the only limit in place.
The FTC's framework was first issued as a draft in 2010, and comments prompted some changes in the proceeding years. The framework, for example, now does not apply to small businesses that collect "non-sensitive data" or sell what they collect to third parties. The proposed legislation of information brokers was also added in response to requests.