Caveat Vendor
FTC Issues Privacy and Security Recommendations for Mobile Payments Industry
March 12, 2013
Devon Winkles
On Friday, the Federal Trade Commission
Thus, the FTC stressed the importance of “privacy by design”—that is, considering and addressing privacy at every stage of product development. “Privacy by design” incorporates concepts such as data security, reasonable collection limits, sound retention policies and data accuracy and is implemented through privacy controls including designation of personnel responsible for the privacy program, a risk assessment, implementation of controls designed to address the risks identified and appropriate oversight of service providers.
In addition, the FTC recommended that companies aim to increase consumer trust in the young-but-growing mobile payments marketplace. One way to do this is to provide appropriate choices to consumers about data collection and use related to mobile payments. For instance, use of payment data for other purposes or by third parties should not be pre-selected as default options. In addition, companies should develop ways to provide transparency about their data practices.
These recommendations should sound familiar to those who follow the FTC’s thinking on privacy and security issues. They largely echo the FTC’s privacy principles, announced in its March 2012 report titled
The report acknowledged that the mobile payments industry is still developing and placed the burden on the industry to craft consumer protections. Policymakers at the FTC and other agencies, as well as on the Hill, will continue to monitor the industry to determine whether those industry-led protections are adequate or whether regulations are necessary.
Caveat Vendor is Paul Hastings’ Consumer Issues blog. We welcome your feedback. Please contact our blog editor with any thoughts or suggestions.