Alarmed that the varied and often murky ways that Internet businesses collect, use and share information about consumers' online activities, the White House today issued a blueprint for strengthening online privacy, including a so-called consumer bill of rights and commitments from leading industry players to adhere to a set of best practices, including a do-not-track tool embedded within the major Web browsers.
"American consumers can't wait any longer for clear rules of the road that ensure their personal information is safe online," President Barack Obama said in a statement. "As the Internet evolves, consumer trust is essential for the continued growth of the digital economy."
Along with the White House's privacy framework, the Digital Advertising Alliance, a coalition of several of the leading marketing and advertising trade associations, announced that it will begin evaluating browser-based tools to enable consumers to stipulate their privacy preferences, which would apply across the organization's participating member companies.
Don't Track Me, Bro'
The browser-based opt-out, familiarly known as a "do-not-track" mechanism (a term the Digital Advertising Alliance does not use), was envisioned by the Federal Trade Commission as a tool for consumers to exercise choice over the ways in which they are marketed to in much the same fashion as the popular Do-Not-Call registry that restricts the activities of telemarketers.
According to the White House, leading online ad networks and content and service providers such as Google, Microsoft and Yahoo, which collectively account for some 90 percent of all behaviorally targeted ads served on the Web, have agreed to comply with the do-not-track preferences that consumers express. What's more, that commitment will subject those companies to FTC enforcement.
Officials also praised the Digital Advertising Alliance member companies for agreeing to limit the scope of their data sharing to advertising, a commitment meant to ensure that information about people's Internet habits would not find its way into the hands unscrupulous data brokers, where it might be used to determine a loan applicant's credit worthiness or inform underwriting decisions about a health or life insurance policy, for example.
"It's great to see that companies are stepping up to our challenge to protect privacy so consumers have greater choice and control over how they are tracked online," said FTC Chairman Jon Leibowitz. "More needs to be done, but the work they have done so far is very encouraging."
Consumer Bill of Rights and an Eye Toward Congress
A centerpiece of today's news is the consumer bill of rights that outlines a set of principles providing for transparency, security and other safeguards to give consumers more control over their information and confidence that it is being used with sufficient deference to privacy considerations.
As the administration wades further into the online privacy debate, it is conscious of the precarious balance between shielding consumers from potentially harmful practices without imposing such onerous restrictions on data collection and behavioral targeting that they quash the activities of legitimate online advertisers, the economic engine behind much of the free content and services available on the Web.
In that sense, much of the industry's push for self-regulation is preserved in today's framework, the FTC enforcement authorities notwithstanding.
The focus left privacy advocates such as Jeff Chester wanting more. Chester, the executive director of the Center for Digital Democracy, called today's announcement a "good start," but lamented that the White House did not take a more forceful approach and lead with the submission of draft legislation to Congress.
"The new framework largely depends on the development of voluntary codes of conduct, to be negotiated between consumer groups and companies like Google, Facebook, Microsoft, Yahoo and others," Chester said in a statement, noting that his group and others championing stronger privacy protections would engage in negotiations with industry and government leaders in "good faith," while making it plain that he has reservations about the administration's efforts. "We cannot accept any 'deal' that doesn't really protect consumers, and merely allows the data-profiling status quo to remain. Instead of negotiations, CDD would have preferred the White House to introduce new legislation that clearly protected consumers online."
Chester also expressed concern that the Digital Advertising Alliance could commandeer the role of overseeing development of the do-not-track system, resulting in a defanged tool that may limit behavioral advertising without really addressing deep well of online data collection. Similarly, he warned against a U.S. approach that could undermine a more rigid set of privacy safeguards under consideration in the European Union.
Over the coming weeks, the Department of Commerce, which was integral in the development of the White House privacy blueprint, will begin convening its meetings with industry stakeholders and other groups to develop codes of conduct and crafting strategies for putting into place the principles outlined in the consumer bill of rights.
"These rights give consumers clear guidance on what they should expect from those who handle their personal information, and set expectations for companies that use personal data," Obama wrote in the introduction to the document. "I call on these companies to begin immediately working with privacy advocates, consumer protection enforcement agencies, and others to implement these principles in enforceable codes of conduct."
Nevertheless, the administration signaled that self-regulation and executive action may not be enough to adequately protect consumers. In announcing its privacy blueprint, the White House said that it also intends to reach out to members of Congress to develop legislation that would enshrine some of the principles within the consumer bill of rights and "extend baseline privacy protections to commercial sectors that existing federal privacy laws do not cover."
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.