Export.gov - Safe Harbor US Letter on Privacy and FAQsExport.gov - Safe Harbor Enforcement Overview
Federal and State "Unfair and Deceptive Practices" Authority and Privacy
This memorandum outlines the authority of the Federal Trade Commission (FTC) under Section 5 of the Federal Trade Commission Act (15 U.S.C. §§ 41-58, as amended) to take action against those who fail to protect the privacy of personal information in accordance with their representations and/or commitments to do so. It also addresses the exceptions to that authority and the ability of other federal and state agencies to take action where the FTC does not have authority.(1)
FTC Authority over Unfair or Deceptive Practices
Section 5 of the Federal Trade Commission Act declares "unfair or deceptive acts or practices in or affecting commerce" to be illegal. 15 U.S.C. § 45(a)(1). Section 5 confers on the FTC the plenary power to prevent such acts and practices. 15 U.S.C. § 45(a)(2). Accordingly, the FTC may, upon conducting a formal hearing, issue a "cease and desist" order to stop the offending conduct. 15 U.S.C. § 45(b). If it would be in the public interest to do so, the FTC can also seek a temporary restraining order or temporary or permanent injunction in U.S. district court. 15 U.S.C. § 53(b). In cases where there is a widespread pattern of unfair or deceptive acts or practices, or where it has already issued cease and desist orders on the matter, the FTC may promulgate an administrative rule prescribing the acts or practices involved. 15 U.S.C. § 57a.
Anyone who does not comply with an FTC order is subject to a civil penalty of up to $11,000, with each day of a continuing violation constituting a separate violation.(2) 15 U.S.C. § 45(l). Likewise, anyone who knowingly violates an FTC rule is liable for $11,000 for each violation. 15 U.S.C. § 45(m). Enforcement actions can be brought by either the Department of Justice, or if it declines by the FTC. 15 U.S.C. § 56.
FTC Authority and Privacy
In exercising its Section 5 authority, the FTC takes the position that misrepresenting why information is being collected from consumers or how the information will be used constitutes a deceptive practice.(3) For example, in 1998, the FTC filed a complaint against GeoCities for disclosing information it had collected on its Web site to third parties for purposes of solicitation, and without prior permission, despite its representations to the contrary.(4) The FTC staff has also asserted that the collection of personal information from children, and sale and disclosure of that information, without the parents' consent is likely to be an unfair practice.(5)
In a letter to Director General John Mogg of the European Commission, FTC Chairman Pitofsky noted the limitations on the FTC's authority to protect privacy where there has not been a misrepresentation (or no representation at all) as to how the information collected will be used. FTC Chairman Pitofsky letter to John Mogg (September 23, 1998). However, companies that want to avail themselves of the proposed "safe harbor" will have to certify that they will protect the information they collect in accordance with prescribed guidelines. Consequently, where a company certifies that it will safeguard the privacy of information and then fails to do so, such action would be a misrepresentation and a "deceptive practice" within the meaning of Section 5.
As the FTC's jurisdiction extends to unfair or deceptive acts or practices "in or affecting commerce," the FTC will not have jurisdiction over the collection and use of personal information for noncommercial purposes, charitable fund-raising for example. See Pitofsky letter, p. 3. However, the use of personal information in any commercial transaction will satisfy this jurisdictional predicate. Thus, for example, the sale by an employer of personal information on its employees to a direct marketer would bring the transaction within the purview of Section 5.
Last edited by somabc; 9th July 2009 at 11:13 AM.
If each day of a continuing violation is a new violation (the second bold bit in your quote), surely that means that fines would stack up very quickly into a real number, even to someone with Google's bank balance.
Day 1 = $11000
Day 2 = $33000 (day 1's $11k, day 2's $11k plus $11k for a new violation)
Day 3 = $66000 (day 2's $33k, plus $22k for another day plus a new violation)
and so on.
Of course they do mention that each breach of any individual rule is a separate violation, so the fine could work out being several times $11000 each day.
Interesting. Certainly would make sense to support flash like technology. Still it at odds with the article over at Anantech, Linky, which suggests
Still, it's very very early days without even sign of an Alpha release let alone production betas, etc. Certainly will be interesting over the next few months as more details come to light on what exactly it is Google are planning - and Microsoft response/counter attack.Developers would be limited to AJAXy technologies, with no Adobe Flash to back them up. For the most part, developers would be looking at abilities below what Flash and Java are capable of, so not everyone would necessarily be happy about working with a limited toolkit.
@matt40k: I was thinking just the same thing about running applications... many business have been using Citrix products to run their applications for years. The Java client for XenApp works rather well too.
As for things like CRMs, there's many that are web-based and the shiny-AJAX in modern collaboration suites make them easily usable through a web browser.
I don't think that the Google OS will be terrible and there's no way they can tie you in to their services. Treat it like anything else - a tool that will serve the purpose for certain jobs. If it doesn't do what YOU need, don't use it - why does everything need to do everything?
I'm also concerned that they appear to be delusional - talking about creating an OS which won't need any anti-virus or even carry any security risks - Google Oompa-Loompas dream of virus-free OS ? The Register.
They succeeded so well in making Chrome secure after all (ignoring the security vulnerabilities in it, and its tracking back information straight to Google HQ).
There are currently 1 users browsing this thread. (0 members and 1 guests)