Enlightenment Sensibility of Netflix Prize Runs Afoul of FTC

The data privacy and breach stories that have made the biggest headlines over the past couple of years have principally involved companies either not adequately securing data or being the subject or hackers, which in turn resulted in exposure to statutory breach claims under various state laws, contractual breach claims and tort liability under negligence theory.  So, the news this week that Netflix is suspending its much vaunted Netflix Prize 2 until it resolves data privacy concerns expressed by the Federal Trade Commission (FTC) provides a good reminder of the authority at the federal level of the FTC to hold companies accountable for the assurances they provide their customers about data privacy.

Well before the advent of the Nobel Prize, arguably the premier prize for scientific achievement, there existed a tradition dating back at least to the Enlightenment of science-focused groups and clubs staking a prize for the proving of some scientific theorem or mathematical conjecture.  In a sense, Netflix was following in this long tradition, with a little bit of marketing and general business savvy thrown in to the mix, when in 2006 it announced its initial Netflix Prize contest in which it would award $1 million to whoever could most improve its movie recommendation algorithm.  Much like a mini-space program, this spurred numerous teams of professional and amateur researchers to pore over the data that Netflix then made available to facilitate the contest.  Therein lies the rub.  The data was supposed to be anonymous — and for all practical purposes this may have been the case.  The data was purged of all names and other personally identifiable information.  Yet, proving that clever people can do a lot with very little, a separate researchers uninterested in the Netflix prize proceeded to show that with a little effort the purportedly anonymous data was, in fact, not so anonymous. 

While the parallel analysis did not achieve any sort of prize recognition, it garnered the attention of the FTC.  Made aware of the research after the second Netflix Prize contest was announced and that Netflix actually planned to provide even more demographic information than was provided in the first contest, the FTC opened an investigation this past fall pursuant to its broad authority under Section 5 of the FTC Act to address unfair and deceptive trade practices.  While businesses other than those in certain  regulated areas (for example, financial institutions and healthcare providers) do not have to have any privacy policy, if they do have such a policy they are obligated to adhere to what they promise. 

The current Netflix Privacy Policy states, in part, that:  “We may also disclose and otherwise use, on an anonymous basis, movie ratings, consumption habits, commentary, reviews and other non-personal information about customers.” (Emphasis added.)   The quoted portion of the Netflix Privacy Policy is a fairly plain vanilla statement.  Variants of this are commonly found in many consumer-focused websites and work just fine so long as the policy is adhered to.  Netflix is not alone in wanting to use its storehouse of seemingly anonymous customer data for analytical purposes, and there is real good that comes from such efforts.  But, with advanced methodologies and the telling ingredient of a little ingenuity continually posing challenges to long-held assumptions about how secure data is, you can be sure the FTC will keep knocking on the doors of those who are less than vigilant.

NetFlix Blog Notice on Ending Contest: NetflixBlog–PrizeNotice

FTC Letter Closing Investigation: http://www.ftc.gov/os/closings/100312netflixletter.pdf

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: