This image was lost some time after publication.

Following its approval of the Google-DoubleClick merger, the FTC put out a series of proposals regarding privacy and online advertising. Dear God they're boring. But relevant nonetheless. Here are the bullet points.

Proposed Principles

  1. Websites where data is collected for behavioral advertising should provide a prominent statement that (1) data is being collected for use in advertising and (2) consumers can opt out. Make this easy to do.
  2. Companies collecting data should provide security for it consistent with laws and the FTC's data security enforcement actions.
  3. Companies should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need.
  4. No bait-and-switch allowed. A company must keep promises that it makes about how it will handle or protect consumer data, even if changes policies later. Before a company uses data differently from how it said it would when it collected it, consumers have to say OK. Mergers count.
  5. Collecting data for advertising purposes is only OK if consumers want to receive that advertising.

Still bored? How about a fun quiz? Count the number of ways Facebook's Beacon online ads would fail the FTC's proposals!