Can Online Marketers Be Trusted to Police Privacy Without Feds Oversight
As industry players advance the self-regulatory approach, lawmakers question whether all can be fully trusted to responsibly police their own data collection and if legislative remedies are thereby necessary to really protect consumer privacy on the Web.
At a Senate hearing this week, commerce committee Chairman John Rockefeller (D-W.V.) gave air to those concerns, suggesting that
lawmakers might have a role to play legislating privacy protections in spite of the efforts that industry groups have been making and the
guidance that has emerged from a pair of reports from the executive branch.
“I recognize that consumer information is the currency of the Web,” Rockefeller said. “Thanks to advertising revenue, much of the rich
content of the Internet is available to consumers for free. I also understand that advertising is more effective and valuable to companies when it
is tailored to match consumers’ individual interests and tastes. But there has to be some balance. Consumers should have some degree of
control over their personal, often sensitive, online information.”
The hearing came amid the backdrop of an ongoing drive to implement effective self-regulation led by the Digital Advertising Alliance (DAA), a consortium of industry trade groups and member
companies working to implement standard practices allowing consumers to opt out of data-collection programs and offer more visibility into
what information is collected and how it is used.
Meantime, the White House
and Federal Trade Commission have
each issued their own sets of guidance about privacy best practices, variously calling on industry members to offer more meaningful notice to
consumers about their privacy policies and implement a so-called do-not-track mechanism.
Rockefeller noted the news this week that the travel site Orbitz would begin offering different product
listings to consumers depending on the type of computer they are using. So Mac users, which Orbitz has identified as a more affluent
demographic, would be shown pricier travel options than visitors using a PC.
That announcement, Rockefeller said, “should remind all of us that companies will always be tempted to misuse the consumer information
Rockefeller said he was pleased that member companies of the DAA would offer consumers the ability to opt out of their online tracking
programs, but took issue with the exemptions relating to activities concerning “market research” or “product development.”
“These exceptions are so broad, they could swallow the rule,” he said. “‘Market research’ and ‘product development’ could encompass almost
Bob Liodice, president and CEO of the Association of National Advertisers, a member of the DAA, argued that certain tracking methods are
necessary to support cybersecurity and curb fraud, while other limited marketing activities have won the blessing of Federal Trade Commission
Chairman Jon Leibowitz and staffers.
“The Internet operates on some collection of data. And if a consumer opts out of any kind of information gathering, there are necessary
exceptions in order to be able to ensure that fraud protection, crime prevention, other systems that currently operate on the Internet need to
continue to ensure that those law enforcement capabilities continue to exist,” Liodice said.
Rockefeller challenged the notion that cybersecurity should serve as a license for sophisticated data collection, calling that notion a “red
herring” that furnishes marketers a license to compile detailed consumer profiles.
Liodice, however, allowed that the industry is obligated to provide a certain measure of consumer choice and options to limit the collection
“We would agree that boundaries need to be placed in this arena because consumers need boundaries in order to understand exactly what
their rights are, what their privileges are and what their decisions need to be based upon,” he said.
Liodice also argued against more restrictive regulations along the lines of what European Union officials are backing, warning that overly
prescriptive privacy protections threaten to calcify the industry at a time when the technologies and standards in play are swiftly evolving.
“That is essentially the core fear, that we lock in place what we currently have and not leave ourselves open to the evolution of technology,”
he said. “Creativity and innovation is the basis for the Internet, and we recognize that as part of our self-regulatory principles we have to allow
enough room and flexibility to adapt to a changing economy and rapidly changing technologies.”
Another witness, Alex Fowler, the global privacy and policy leader at Mozilla, questioned the urgency of the privacy issue in the mind of
consumers. Fowler told the committee that online privacy has not yet gained the consumer momentum as previous legislative efforts in the
areas of spam emails and telemarketing.
“I don’t think we’re at the point yet where we have the same kind of consumer backlash that we’ve had with CAN-SPAM and Do-Not-Call,”
Fowler said. “I think there’s still an opportunity here, and some research backs this up — that we have a polarized set of consumers on both
ends that are very surprised and uncomfortable by tracking online and others who are very excited about engaging in personalized content and
services. And we have a much larger — and in fact the bulk of the consumer — market that’s somewhere in the middle and ultimately will decide
based on the value that they receive and how transparent those mechanisms are.”
“We have an opportunity to address this through technology and changes in industry practices that create more transparency,” he
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.