The debate over online privacy policies is taking shape in Washington today as the U.S. Federal Trade Commission and the Department of Commerce host a day-long workshop on “online profiling,” the practice of collecting consumer information based on their online activities and using that data to create targeted marketing efforts.
The Direct Marketing Association and other online marketing proponents are urging e-commerce advertisers to voluntarily adopt stricter privacy policies when gathering information about the consumers they are reaching. Online privacy advocates, however, say such voluntary policing is not enough to protect consumers from a growing trend of privacy invasion.
The Clinton administration has generally adopted a self-regulatory approach to Internet privacy, with the exception of its endorsement of online privacy legislation for children that was passed last fall. The legislation came on the heels of an FTC survey that found 89 percent of leading commercial Web sites geared towards children collected personal information, such as names, addresses and buying preferences, but only one percent required parental consent to do so.
Advocacy groups point specifically to mergers of online and offline advertisers — such as DoubleClick, Inc. with catalog tracking company Abacus Direct Corp. — as danger signs. “The proposed merger will bring together online profiles obtained from an estimated 850 million Internet advertisements per day and 88 million personally identifiable five-year catalog purchase histories,” the Electronic Privacy Information Center says.
“We must now set the privacy standards that will govern this exploding field in the next century,” EPIC Policy Analyst Andrew Shen added.
Calling for a Ban
Online privacy advocates, such as consulting group Junkbusters.com and the non-profit Center for Media Education, are asking the FTC to order a halt to online profiling until the impact of the practice can be thoroughly investigated. Before online profiling is allowed to continue, they argue, the FTC should get a thorough understanding of how profiling invades consumer privacy and develop recommendations for legislation to protect consumers.
The privacy advocates argue that enacting a new, Internet-specific law controlling the use of consumer information is the only way to effectively police the practice. “The idea of self-regulation was always implausible and has been allowed to fail in practice far too often in recent years,” Junkbusters President Jason Catlett said.
The Direct Marketing Association, however, argues that online profiling can be beneficial to consumers as well as Internet companies, if the data is used appropriately. “The use of third-party ad servers and navigational data is beneficial to the individual’s Internet experience, by enabling customization and personalization of the Internet experience,” DMA Senior Vice President of Government Affairs Jerry Cerasale said.
The DMA is telling online marketers to notify visitors when third-party ad servers are collecting information during the visitor’s time on that site. The marketers should provide the names of the ad servers and give the visitor a link to the server to get more information. They should also give visitors the option to opt out of personally identifiable information exchanges, Cerasale said.
The privacy advocates argue that a ban should remain in place until such legislation is passed. Such a move would effectively end online profiling until next spring, since no bills are currently under consideration in Congress and lawmakers are working frantically to complete fiscal year 2000 budget agreements and adjourn by Friday.
Lawmakers are not scheduled to return to Capitol Hill until mid-January.
More troubling still for the government may be how the issue of online privacy affects U.S. trade negotiations with Europe, which has already enacted data protection laws. To address these issues, undersecretary of commerce for international trade David L. Aaron and European Union top negotiator John Moog are meeting in Washington today.
In the meantime, state attorneys general should take responsibility for protecting consumer privacy by suing companies that go too far, Privacy Journal Publisher Ellis Smith argues. In addition, he is urging consumers to protect themselves by turning off their Internet browsers’ “cookies” function, to prevent online companies from storing and retrieving data on the consumer’s computer, and staying away from commercial Web sites until they are assured their information will be protected.