Skip to main content

Many of us have grown used to the idea that companies constantly collect information about us as we go about our daily lives. It may be information we give up willingly, like a credit card number for a purchase. But it also may be information that we don’t know we’re surrendering, and may not want to share. Companies are able to collect enormous amounts of personal data about virtually every conceivable aspect of our lives, often in ways that we might not expect or understand.

The FTC calls this “commercial surveillance,” and it’s the subject of the Commission’s newly announced Advance Notice of Proposed Rulemaking. In this Notice, the FTC asks for your comments about data practices that you might believe are unfair or deceptive, and how the FTC can best address those practices.

The Notice offers lots of food for thought. Among other things, it discusses the wide range of personal data that companies collect, including information as varied as our movements, friend networks, menstrual cycles, web browsing, and faces, and how companies might use that information to draw conclusions about us.

The Notice also discusses how companies collect, store, and manage personal data. Data is often collected in ways that are unclear or invisible to people. Or, data may be collected for one purpose, but then also used for another purpose that people don’t expect. People’s information is so valuable that companies have incentives to collect information they don’t need, and to keep that information indefinitely, heightening the potential harms from a data breach if companies fail to secure the data.

Read the Notice for more information about the issues the FTC is examining. Section IV contains the questions the Commission invites people to address. The Notice will be published in the Federal Register soon. Once it appears, you’ll have 60 days to file a public comment. Section V of the Notice includes detailed instructions on how to do that. To save some time, file online at www.regulations.gov.

On September 8, the Commission also will hold a virtual public forum focused on commercial surveillance practices. Learn more about the forum on the Commercial Surveillance and Data Security ANPR Public Forum page.

22 Comments


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

GURPREET SINGH
August 16, 2022

FTC DOING GOOD JOB TO AWARE PEOPLE ABOUT SCAMMERS , BUT FTC SHOULD OBSERVE CONTINUOSLY THE FAKE BUT SIMILAR NAMES WEBSITES, WHICH SEEMS LIKE GOVT. DEPARTMENTS WEBSITES . THESE WEBSITES POSES BEFORE PEOPLE AS STATE OR FEDERAL GOVT. WEBSITES AND FOR ANY INFORMATION ASK $1 OR $2 . WHEN ANYBODY GAVE THEM C.C. INFO FOR THIS PAYMENT, THEN SCAMMERS GRAB ALL THE MONEY IN THE ACCOUNT OR PAYMENT CARDS.

Karen Nothacker
August 16, 2022

Let us start with Google and it's agreement with ad agencies. I have my "options" set to facilitate: no tracking; no saving; no locations. And yet if I happen to browse a website (where I have already indicated "no sharing") I am hit with pop-up ads immediately (and for the next several days) with related items being advertised. Really? And Google wants to know why I don't "trust" them!?

Octavia
August 16, 2022

Experian saysU have 25 dark web people that have stolen my information

Ron
August 17, 2022

I just have a question. Is this query directed at the data private companies collect from me or NSA, CIA, FBI, etc.? It is well known that the NSA and others collect data on citizens, so should private companies be separated by law from data collection?

Jeff Redwitz
August 16, 2022

I have had a ongoing Privacy Act concern.

fred
August 16, 2022

I should always be given the opportunity to give or not give permission! To many rights are given out to companies, as to what should be private to all of us. We all have rights; but should be limited. WE HAVE THE RIGHT to PRIVACY! Are "private" business being ours and no one should use it, to their favor, without permission from us!!!

Clare DeChiara
August 16, 2022

I hate this practice. I cannot turn on my computer without something popping up on the screen. Also, all the phone calls this causes even being on the do not call list

Jon Doe
August 19, 2022

Walmart, and its illegal use of surveillance. They love to follow you, and harass you in store, using theor facial recognition software when you provide zero probable cause for doing so.

Claire
August 17, 2022

If you could actually stop spam and scam calls I would have more confidence in your anti spying.

Richard Yue
August 17, 2022

I strongly support the mission and intent of this review. Hopefully laws will be developed to protect our encourage companies to be responsible and accountable for their actions.

Tim may
August 17, 2022

It’s a shame I can’t put up a picture I got this unknown domain 48 hrs and today going through my apps collecting information in the app privacy report on my iPhone 12 see if I can look up the domain and see what it is They went through
Every app everything in my phone

Ellen tchartorisky
August 17, 2022

Time limited use of gathered information as well as full disclosure when info is used or sold & to whom for & what purpose. Also, same requirements for the bought info.

Angela
August 17, 2022

I’m so against this. See I knew there was stuff out there in people that blocks them from getting ahead in life. People also have no privacy and we should not have AI take over our lives it goes hand in hand with Ai so if u want to have your life taken over by computers and and eventually go extinct cause we were so lazy we wanted robots to do everything for us, then go ahead and approve this. We might just have 100 years left of Luke in this planet before we ruin the whole thing!

Mel Topf
August 17, 2022

Yes, I absolutely believe this is happening. Honestly, it is not very safe on the internet, anymore. There are millions of hackers out there, many offshore who want to get on to your computer and if you allow it, they will get a lot of your private information like credit card numbers, social security numbers, names, addresses, telephone numbers, passwords and other things that can harm you. I know this for a fact because I had malware put on my computer, and froze it up knowing that while it was in this state, they, the infiltrators were doing everything possible to harm you. All I did was turn it off but that did not solve some of the damage they have already, done. I could not type any numbers and you need that just to get into your email. It took me a day and a half to realize that I had to reinstall my operating system which did solve the problems. What is amazing to me is that they are working day and night to cause problems for the user. We do have a lot of enemies out there and they work continuously to do us harm. It is very unfortunate and no matter what protection you have is not enough.

Rosalind Stennis
August 17, 2022

I'M So Very Happy That You Guys Are Taking Actions For An Average Person Like Myself I Just Wanted To Say THANK YOU

Tommy Dahl
August 17, 2022

The agreement on all apps should separate each item app wants permission to have access too with a check off box yes or no. While the may be beneficial or entertaining it shouldn't have unlimited access to your life.
Also since Google and others make Millions off of this information they should be required to do revenue sharing with the people they stole the information from! This would encourage people to check more of their boxes.

Yvonne Tucker
August 17, 2022

I am always amazed after I have a conversation on my phone (Android) that the next thing I see on facebook is advertising what was in my conversation such as: furniture, clothing, health ads, etc. This seems to be an open book to my life. There should be limits to their access to my conversations other than closing facebook.

Kenneth J Huggins
August 17, 2022

Scary Stuff! Guess the old book was right. Big Government is watching us.

Donnie Alexander
August 17, 2022

I have been having an issue related to my email recently, probably started around June 2022, in that junk mail or solicitations are not going directly to spam but coming to my in-box. I don't know what to think about this new happening. At first I thought someone in a social group I am participating in had sold my email info, but then I was told by a friend of mine who has no association with the group that she is experiencing the same thing. We are both receiving pop-ups from Yahoo with a sales pitch to eliminate junk mail from our in-boxes by paying Yahoo $5 a month. I wonder if Yahoo is manipulating or managing our in-boxes in order to encouraging us to sign up for a program.

Anonymous Amer…
August 23, 2022

I find it strange and curious at the same time that this is being “addressed” in this way, and that most people that have commented HERE.. rather than attempting to submit an observable comment through the provisional methods this notice is intended to put before them… seem to be under the impression that companies such as Facebook and Google, who have been brought to court repeatedly in recent years for reasons we don’t fully understand, if we are even partially aware of the breadth and depth of the scope of allegations and inquiries leveraged against them and to what purposes, which I’m fairly certain we AREN’T, are acting without their consent.
Not that I’m surprised in the least, but it’s mildly interesting to me that it APPEARS that, as it was in the past, the majority of people STILL aren’t aware of “what they’ve signed themselves up for” or “what they’ve agreed to” or “what they’ve given up/signed away” when they signed their name on the proverbial dotted line…

I remember very well the EULAs I read from beginning to very distant tentative end from both of these companies, as well as many others over the years, despite the astonished, bewildered questions or heckling I typically received from others for doing it.. every single time… and then some more when the inevitable annual “policy updates” were rolled out at least annually if not more frequently for the first few years…

… Doesn’t anybody ELSE? DIDN’T anybody else read what they were putting their name on and agreeing to be personally accountable for and to? (Besides attorneys, adjudicators and administrative/business sector individuals, that is… I’m fairly certain that anyone who is, was, and/or was posturing themselves to BE gainfully employed in functions of these natures did their due diligence in reading the policies, terms, rights, & responsibilities put forth in the terms of agreements and privacy policies included in every single EULA that demands signed consent prior to delivery of the proposed product…)

(Though, it’s always interested me that there’s never been any requirements to verify the actual identity of the provider of said required signature, the End User, who is bound legally, as is the entity offering the terms to be agreed upon and entered into legal account BY the documented Terms of Agreement, the contract they are signing prior to being afforded license to lawfully, ethically use a potentially exploitable digital product, which, by its very nature, must contain areas of ambiguity and intentional points of built-in weakness or areas of insertion for developers to exploit or utilize to further develop or alter as necessary or to repair or upgrade defunct, corrupted, or obsolete portions or functions of the product to maintain their viability on the marketplace as a productive business of revenue, which makes it possible for them to continue to bring us new and innovative products and designs guaranteed to change our lives…)

How IS it that one can be bound and beholden… or expect to be able to hold a company accountable for discrepancies, should they be discovered, in what they agreed to produce and exchange or provide per the contract.. if no one has actually witnessed that particular individual, so as to be able to positively identify them and be capable of attesting under oath that this is in fact the person who did sign and agree on the other end of the contract.. not any other person for any possible reason, especially and necessarily to ensure that the wrong person isn’t brought to bear account should an issue arise??
I can’t take an application for certification and License of Marriage to the courts which I have diligently and completely filled out with every required piece of information and all the required signatures of acknowledgement having been signed and dated… even if there are two very distinctively different handwriting styles in two different colors and brands of ink and differing or matching dates not withstanding, deliver to them said application for License, and even HOPE for it to be even VIEWED (much less heard or deemed actionable) by anyone beyond the desk clerk, let alone submitted and entered for evidentiary accounting and public record into The Record of State that I am, from hypothetical moment forward, to be recognized, known, and addressed as Mrs. Keanu Reeves… without providing positive, valid, acceptable, government-produced identification for Mr. Reeves as well as myself, and furthermore, both of us would be required to be present at the court and witnessed by a verifiable, presently active officer OF that court as entering into this legally binding contract…[I don’t even know him so don’t get lost there, it’s pointless.. though I wouldn’t mind in the least ;) just saying.]

Witnessed, identification authenticated, official signatures are required for literally every other type of agreement, record of account, public record, license, and contract out there…

So my question is this:
Why is it any different regarding contracts for the use of digital software products? There are programs that will allow you to mask/obscure, change, fragment, alter, and proxy your actual IP address, so, literally anyone with the correct understanding of what info to use and how to implement it and the right program to facilitate the endeavor can change their IP address to be recorded and seen as if they were physically anchored to a specific/specified location which could be thousands of miles away where they’ve never, and never intend to set foot… and absolutely anybody can say absolutely anything without proper observance and positively verifiable authentication… otherwise, I’m the Queen of England and very confused as to why I’m here in the US and I demand to be safely delivered to Buckingham Palace without further delay... Mr. Reeves would certainly be welcome to accompany me on the journey to ensure my safety. (Though I doubt the present Mrs. Reeves would simply allow THAT bird to fly…)

Honest Guy
August 24, 2022

Let's start by getting Big Tech and Big Government out of the "bad for citizens" partnership they currently have. Government works for the people. Big Tech works to create a monopoly and make $$. Having the two working so closely creates a bad deal for free people.

Carolyn Mills
August 24, 2022

I have a trust wherein I am trustee and have all my assets in that trust. I received a letter from my bank telling me the federal government requires that they have certain information about my trust which is too sensitive to disclose on the phone and I must make an appointment with a branch at my earliest opportunity to go to the branch with government ID. I believe the bank is “trolling for dollars” and is using the government as their excuse and their strong arm.