6 Comments

Summary:

The FTC has released a draft report that says online advertisers and publishers have been too slow to adopt appropriate privacy rules, and recommends a “do not track” mechanism built into web browsers. But the agency admits new laws would be required for such a move.

privacy card 3x2

The Federal Trade Commission has released a draft report on privacy regulation, which says online advertisers and other companies have been too slow to adopt appropriate privacy rules. The report recommends a one-stop “do not track” mechanism built into websites or web browsers, which would allow consumers to turn off data collection about their online behavior. The agency admitted on Wednesday, however, that it doesn’t have the power to mandate such a move unless Congress changes the federal laws governing privacy.

FTC Chairman Jon Leibowitz said during a conference call about the report that while other legislators are talking about a budget deficit, the agency is “thinking about the privacy deficit American consumers suffer from.” In the 122-page report, entitled “Protecting Consumer Privacy in an Era of Rapid Change” (PDF link), the commission says it wants to develop “a framework to balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services,” a comment clearly directed at companies who believe their ability to track and target users based on demographic information or web-surfing behavior is crucial to their digital livelihood. The report says:

Although many of these companies manage consumer information responsibly, some appear to treat it in an irresponsible or even reckless manner. And while recent announcements of privacy innovations by a range of companies are encouraging, many companies – both online and offline – do not adequately address consumer privacy interests.

Although the commission didn’t mention any companies by name, Facebook in particular has come under fire for the way it handles users’ information, including changes to its privacy settings and more recent developments such as the fact that user IDs were being sent to third-party companies. Facebook’s handling of user privacy triggered a letter to the FTC from four senators complaining about the company’s behavior. Some third parties associated with Facebook passed on user IDs to advertisers, and in the case of Rapleaf, the marketing database company connected those user IDs to other personally identifiable information from other sources (although Rapleaf said later that this was inadvertent and that it has stopped doing so).

The biggest news out of the report is that the FTC is pushing for a “do not track” function, similar to the “do not call” list that became law after years of aggressive telemarketing by companies. The agency said this would “likely be a persistent setting on consumers’ browsers, so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.” According to a recent report from the Wall Street Journal, the Mozilla Foundation — which is responsible for the Firefox browser — has been working on a standard for such a setting, and a House subcommittee is holding hearings this week on potential do-not-track proposals. The report says:

Such a universal mechanism could be accomplished by legislation or potentially through robust, enforceable self-regulation. The most practical method of providing uniform choice for online behavioral advertising would likely involve placing a setting similar to a persistent cookie on a consumer’s browser and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements. To be effective, there must be an enforceable requirement that sites honor those choices.

Many advertisers and websites already allow users to opt out of being tracked, by using a “cookie” file that’s read when the user visits a site. But this system “is clumsy and fails too often,” Jules Polonetsky of the Future of Privacy Forum told the Journal. A number of online advertisers have worked together to launch a site that allows users to opt out of more than 50 different ad networks and programs with a single click, but this also appears not to be broad enough to satisfy the FTC. As director David Vladeck noted at a conference organized by the non-profit group Consumer Watchdog before the report was released, many of these opt-out services prevent users from getting targeted ads, but they don’t stop advertisers or sites from collecting data.

A number of privacy groups submitted a report last month about the ways in which medical information sites, including Google and WebMD, track the search keywords, clicks and other data about users — including data from social networks — and then use that to serve targeted ads about specific medical conditions. Although the privacy groups made it clear they see this as bad, opinions differ on whether it’s always wrong for websites to offer information to users based on their interests and browsing behavior.

Some critics say they are concerned that implementing a “do not track” mechanism would require government regulation of browsers and website architecture, which is not only undesirable, but could provide a “backdoor” for governments to spy on the behavior of web users. The Technology Liberation Front also argues that some tracking of consumer behavior and activity is a necessary part of the way the web functions, since users get what amount to free services — such as email, photo hosting, discussion forums and other information — in return for accepting targeted advertising.

Leibowitz said the report was designed to give guidance to Congress around potential legislation, but was also intended to spark comments from the industry. The FTC will take those comments into account and release final recommendations next year. The commission director said the industry needs to “step up to the plate” in terms of regulating itself, and if changes were not forthcoming, he would support legislative changes to require a “do not track” mechanism. In a press conference following the release of the report, both the World Privacy Forum and EPIC called for the creation of a federal privacy agency, which would have authority to monitor and enforce legislation.

Related content from GigaOM Pro (sub. req’d):

Post and thumbnail photos courtesy of Flickr user Josh Hallett

  1. That is a salient argument, many of the “free” services on the internet are subsidized by ads revenue. Making these free services not free anymore would cause an uproar. While I agree that every user should have their data protected, there must be an reasonable and acceptable level of privacy that we should be willing to share and let go off. I don’t the FTC has the jurisdiction to decide that level but they could create the mechanism that would allow users to tailor their privacy settings. There was a poll about this from the morning, http://my-take.com/poll/should-the-ftc-do-not-track-be-passed Opting out completely doesn’t sound like a good idea anyways because websites could retaliate by refusing or limited access to their sites. Besides, targeted advertising isn’t that bad as long as the data collected isn’t used for evil.

    Share
  2. [...] of databases if they choose. The move to self-regulate is a preemptive attempt to head off a possible “Do Not Track” registry that could limit the way consumers behavior online is tracked, something the FTC called [...]

    Share
  3. At the moment, online companies are allowed to do nearly everything what is technically possible. It’s nice the FTC things about some kind of opt-out – first there has to be better education, about what is really collected from everybody and how the data is used. Then we need general rules, what is ok and what is not.

    Share
  4. [...] used, other than deciding whether or not to use a web service. The FTC has ideas about how to regulate data collection online, and the Department of Commerce has suggested an online Bill of Rights, of sorts, but Congress has [...]

    Share
  5. [...] the federal government pushing for better Do Not Track tools for online users, browser makers are stepping up with solutions that, while not complete, are aimed [...]

    Share
  6. [...] to learn to work with consumers rather than go the easier route to track them. And the fact that Do Not Track proponents are pushing for more regulations of that kind of activity, working with consumers on a more level playing field might be the best [...]

    Share

Comments have been disabled for this post