The much-anticipated guidelines from the FTC (Freakishly Timid Commission) regarding behavioral targeting vs. privacy delivered an anticlimactic denouement. In a typo-infested statement, the blunt-toothed government agency borrowed principles in play since the mid-1990s to shape a wet-noodle platform of privacy and security principles. The basic points:

* When gathering behavioral data, put up a clear privacy policy.

* Provide "reasonable security" for the gathered data.

* Don't hang onto the data longer than necessary.

* Get explicit permission to collect "sensitive data" (however that might eventually be defined).

* If you change the privacy policy, let people know and get permission all over again.

... aaand, that's just about it. In truth, self-regulation will always result in a mixed bag of compliance. The only way to raise the game is to raise the standards. The FTC just looks foolish breaking out principles that responsible publishers have agreed on for years.