As the tech industry evolves beyond the classic single-device cookie practice, the Federal Trade Commission (FTC) hosted a workshop on cross-device tracking to address a variety of topics, including new methods of tracking consumer behavior, risks and benefits of cross-device tracking, and applying self-regulations to new tracking methods.
On November 16, the FTC invited industry members, privacy advocates, and researchers to discuss cross-device tracking. Cross-device tracking covers practices such as 1) using network, location, and browsing behavior information to link devices together or to associate these devices to a single user, and 2) using a single unique identifier, such as cookies, device IDs, emails, and audio beacons to classify multiple devices together.
Speakers participated in numerous discussions relating to these practices, including the following:
- How different types of cross-device tracking work and their uses
- Consumer and company benefits and risks
- Privacy and security concerns
- Application of industry self-regulatory programs
Throughout the workshop, participants identified benefits to consumers and companies from cross-device tracking, such as fluidity of access to services, consistency in the delivery of services, ability to monitor unauthorized account access and malicious use, and more effective advertising. However, there are also several privacy, security, and legal concerns that accompany cross-device tracking usage.
Consumers may have different privacy concerns for different devices. For example, an individual may not object to tracking on one device but would want to opt out of such tracking being linked to a separate device used for business purposes. Additionally, several speakers highlighted a lack of notice from companies and consumer awareness of cross-device tracking practices. Furthermore, cross-device tracking adds complexity to the ability to opt out and opt in of different information collection and sharing practices. If a consumer opts out of sharing his or her information through one device, should this opt out control the collection of information from all associated devices?
The risks related to consumer choice and notice should also be considered in the context of contractual relationships with third parties. These relationships and the responsibilities related to notice and implementing consumer choices can become more complex through the use of cross-device tracking. In light of these privacy, security, and legal concerns, companies should review their current policies and contracts to determine whether they are adequate for the use of cross-device tracking.