Privacy & Information Security Law Blog

On September 19, 2024, the Federal Trade Commission (“FTC”) announced the publication of a staff report entitled, “A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services” (the “Report”). The Report documents the data collection and use practices of major social media and video streaming services and alleges that these companies engaged in vast surveillance of consumers while failing to sufficiently protect users, especially children and teens.

The Report is based on responses to 6(b) orders issued in December 2020 to nine social media and video streaming service companies  about the companies’ collection and use of consumer data.

Among other practices, the Report found that the companies collected and retained large amounts of data about users and non-users; shared user data broadly; incentivized monetization of user data; deployed privacy-invasive tracking technologies; engaged in deficient data minimization and retention practices; fed users’ personal information into automated systems with minimal opportunities for users to opt out; and failed to adequately protect children and teens.

Based on these findings, the Report sets forth numerous recommendations, including:

• Recommending that Congress pass:
  • comprehensive federal privacy legislation; and
  • federal privacy legislation to fill the gap in privacy protections provided by COPPA for teens over the age of 13;
• Recommending that companies:
  • limit consumer data collection, implement concrete and enforceable data minimization and retention policies, limit data sharing with third parties and affiliates, delete consumer data when it is no longer needed, and adopt consumer-friendly privacy policies;
  • not collect sensitive information through privacy-invasive ad tracking technologies;
  • carefully examine their policies and practices regarding ad targeting based on sensitive categories of data;
  • address the lack of user control over how user data is used by company systems, increase transparency regarding how such systems are used, and implement more stringent testing and monitoring standards for such systems;
  • treat COPPA as the minimum requirements for children’s data and provide additional safety measures for children; and
  • provide greater privacy protections to teens.