At one point or another, we have all heard the warning “don’t make promises you can’t keep.” Recent enforcement actions by the Federal Trade Commission (FTC) demonstrate that organizations must heed this warning as they decide what confidentiality assurances they should make to consumers in their online privacy policies.
With an uptick in identity theft and data breaches, consumers have become more wary about who they share their personal data with. As a result, organizations, especially those that collect or process sensitive personal information about consumers, often attempt to assuage consumers’ concerns about sharing their sensitive personal information by including reassuring privacy promises in their online privacy policies. Such promises may include, for example, statements that they are “certified” by well-known regulatory agencies and assurances that consumers’ personal information is used and shared for “limited purposes” only. However, in reality, many organizations share a vast amount of consumers’ personal information with third-party advertising companies and platforms and use tracking technologies in order to target consumers. Such sharing can be problematic if the consumers are not notified of, and have not consented to, such sharing or targeting.
