Can online marketers be trusted to police privacy without feds oversight?
- 29 June, 2012 17:47
With industry players aligning around a set of self-regulatory principles meant to protect consumer privacy on the Internet, some lawmakers are wondering if online marketers and other Web players can be trusted to responsibly police their own data-collection operations.
At a Senate hearing this week, commerce committee Chairman John Rockefeller (D-W.V.) gave air to those concerns, suggesting that lawmakers might have a role to play legislating privacy protections in spite of the efforts that industry groups have been making and the guidance that has emerged from a pair of reports from the executive branch.
"I recognize that consumer information is the currency of the Web," Rockefeller said. "Thanks to advertising revenue, much of the rich content of the Internet is available to consumers for free. I also understand that advertising is more effective and valuable to companies when it is tailored to match consumers' individual interests and tastes. But there has to be some balance. Consumers should have some degree of control over their personal, often sensitive, online information."
The hearing came amid the backdrop of an ongoing drive to implement effective self-regulation led by the Digital Advertising Alliance (DAA), a consortium of industry trade groups and member companies working to implement standard practices allowing consumers to opt out of data-collection programs and offer more visibility into what information is collected and how it is used.
Meantime, the White House and Federal Trade Commission have each issued their own sets of guidance about privacy best practices, variously calling on industry members to offer more meaningful notice to consumers about their privacy policies and implement a so-called do-not-track mechanism.
Rockefeller noted the news this week that the travel site Orbitz would begin offering different product listings to consumers depending on the type of computer they are using. So Mac users, which Orbitz has identified as a more affluent demographic, would be shown pricier travel options than visitors using a PC.
That announcement, Rockefeller said, "should remind all of us that companies will always be tempted to misuse the consumer information they collect."
Rockefeller said he was pleased that member companies of the DAA would offer consumers the ability to opt out of their online tracking programs, but took issue with the exemptions relating to activities concerning "market research" or "product development."
"These exceptions are so broad, they could swallow the rule," he said. "'Market research' and 'product development' could encompass almost anything."
Bob Liodice, president and CEO of the Association of National Advertisers, a member of the DAA, argued that certain tracking methods are necessary to support cybersecurity and curb fraud, while other limited marketing activities have won the blessing of Federal Trade Commission Chairman Jon Leibowitz and staffers.
"The Internet operates on some collection of data. And if a consumer opts out of any kind of information gathering, there are necessary exceptions in order to be able to ensure that fraud protection, crime prevention, other systems that currently operate on the Internet need to continue to ensure that those law enforcement capabilities continue to exist," Liodice said.
Rockefeller challenged the notion that cybersecurity should serve as a license for sophisticated data collection, calling that notion a "red herring" that furnishes marketers a license to compile detailed consumer profiles.
Liodice, however, allowed that the industry is obligated to provide a certain measure of consumer choice and options to limit the collection of data.
"We would agree that boundaries need to be placed in this arena because consumers need boundaries in order to understand exactly what their rights are, what their privileges are and what their decisions need to be based upon," he said.
Liodice also argued against more restrictive regulations along the lines of what European Union officials are backing, warning that overly prescriptive privacy protections threaten to calcify the industry at a time when the technologies and standards in play are swiftly evolving.
"That is essentially the core fear, that we lock in place what we currently have and not leave ourselves open to the evolution of technology," he said. "Creativity and innovation is the basis for the Internet, and we recognize that as part of our self-regulatory principles we have to allow enough room and flexibility to adapt to a changing economy and rapidly changing technologies."
Another witness, Alex Fowler, the global privacy and policy leader at Mozilla, questioned the urgency of the privacy issue in the mind of consumers. Fowler told the committee that online privacy has not yet gained the consumer momentum as previous legislative efforts in the areas of spam emails and telemarketing.
"I don't think we're at the point yet where we have the same kind of consumer backlash that we've had with CAN-SPAM and Do-Not-Call," Fowler said. "I think there's still an opportunity here, and some research backs this up -- that we have a polarized set of consumers on both ends that are very surprised and uncomfortable by tracking online and others who are very excited about engaging in personalized content and services. And we have a much larger -- and in fact the bulk of the consumer -- market that's somewhere in the middle and ultimately will decide based on the value that they receive and how transparent those mechanisms are."
"We have an opportunity to address this through technology and changes in industry practices that create more transparency," he added.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about privacy in CIO's Privacy Drilldown.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
World Quality Report - The State of Quality 2012
The most comprehensive assessment of the current state of enterprise application quality and testing practices available from around the world. With our 1550 respondents, Capgemini, HP & Sogeti bring you the full report. Download today.
Clearing the Clouds for Midmarket Businesses
Cloud computing promises to help midmarket companies reduce cost and complexity in the IT equation – and gain the flexibility and agility they need to thrive. Yet charting a clear course to the cloud isn’t always easy. In this paper, we aim to clear the clouds. We examine different cloud computing models, discuss the types of requirements that each can best address, and consider what midmarket businesses should look for in a cloud solutions provider.
Advanced Malware Exposed
This handbook shines a light on the dark corners of advanced malware, both to educate as well as to spark renewed efforts against these stealthy and persistent threats. By understanding the tools being used by criminals, we can better defend our nations, our critical infrastructures and our citizens. This ebook will provide readers with a new understanding of the rapidly developing cyber threat landscape and practical insights into how they can protect their data and computing infrastructures. Download now.