From Google's new privacy policy to iOS apps that collect address book information, the new year has seen more of its share of controversy over what data is ethical and legal to collect. Now, after an initial announcement last week, the Federal Trade Commission is releasing a new framework that it hopes will provide more protection for consumers and clarify the expectations for businesses. The report, which is designed to be used by Congress and companies to set laws or policy, includes suggestions for greater privacy policy transparency, privacy setups that are built into the system instead of being added after the fact ("privacy by design"), and consumer choice about what data is collected and used. It's meant to apply to all internet-based services that collect data, from individual sites to major platforms like browsers, operating systems, and ISPs.

Probably the most specific recommendation is a "Do Not Track" mechanism, which would give users stronger control over what companies can collect. FTC chair Jon Leibowitz said that in the last year, companies had made "great strides" in the system, and that he expected a comprehensive, usable version to be in place by most major sites and companies by the end of the year. Leibowitz said he was optimistic that this could be done without legislation, but that Congress should step in if insufficient progress was made."It's fairly limited, and it's the right thing to do."

There was also discussion of a centralized website where users could find information about what was being traded by "data brokers," and the FTC said it strongly supported legislation regarding groups that resold consumer data. However, Leibowitz said that he was pleased with the overall progress made in privacy policies, believing that companies had an incentive not only to avoid regulation, but to gain consumer trust with clearer policies. "It's fairly limited, and it's the right thing to do... and it's good for your business."

One area that was touched on but not elaborated upon was the issue of mobile device privacy. The Commission plans to hold a workshop in May that will address mobile privacy disclosures, something it hopes will "spur further industry self-regulation." With Congress probing iOS app policies, however, it's possible that self-regulation isn't going to be the only limit in place.

The FTC's framework was first issued as a draft in 2010, and comments prompted some changes in the proceeding years. The framework, for example, now does not apply to small businesses that collect "non-sensitive data" or sell what they collect to third parties. The proposed legislation of information brokers was also added in response to requests.