Government Prepares to Increase Internet Privacy Protections for Consumers

November 16, 2010

In response to the increasingly key role that personal information plays in the internet economy and the wholesale exploitation of that information by some internet segments, the Obama administration is planning to increase the policing of Internet privacy by introducing new laws and creating a new position to oversee the effort, according to a new article in the Wall Street Journal.

Scheduled to be unveiled in the next few weeks, the initiative marks a shift from previous administrations that steered clear of government regulations out of fear of stifling innovation.

At issue – Today, U.S. consumers don’t have a blanket right to privacy

In spite of commonly held beliefs, there is no overarching law or set of laws that protects consumer’s privacy – online or offline – in the U.S.

This means that internet privacy issues are generally relegated to policing by the Federal Trade Commission (FTC) which can only take action if a company’s privacy violations are deemed unfair or deceptive.

Consumer’s right to privacy is legally protected by strong laws in many other countries like those in the European Union – which explains why most privacy cases and penalties against U.S. Internet companies, like the recent privacy crackdowns on Facebook Inc. and Google Inc. were led by Canada, Germany, Spain, and the U.K.

Industry measures fail to adequately protect consumers

While some industry players maintain an outstanding track record of consumer protections, other players have specifically engineered their businesses to collect and exploit consumer information, and the bulk of players fall somewhere in-between these extremes. Given this reality, a key issue in the debate is whether the Internet industry is even capable of establishing an effective self-policing model.

The Interactive Advertising Bureau, which represents the online-ad industry which has reaped the ire of many online consumers over their personal data collection tactics, is already protesting the prospect of new laws. “We believe we are living up to consumer-privacy expectations and are very advanced in privacy protections and innovation,” said Mike Zaneis, senior vice president for the organization. See my blog ( Ad Stalking – When Ads Follow You Online to learn how dissatisfied consumers are with some online ad tactics.)

Internet Privacy has fast become a very hot topic on Capitol Hill

The outrage over the depth and speed of consumer’s personal data exploitation has been heard loud and clear in D.C. and several proposals are being circulated as to how best address the abuse.

Rep. Joe Barton (R., Texas), co-chairman of the Congressional Privacy Caucus and ranking member of the House Energy and Commerce Committee, said he welcomed the administration’s privacy initiative. “Better late than never,” Mr. Barton said. “I am glad more and more folks, in the government and otherwise, are beginning to realize that there is a war against privacy.”

There are currently two proposals in front of congress that relate to this balance information sharing; the Privacy bill draft by Rep. Sterns (R-FL) and outgoing Rep. Boucher (D-VA) designed to “assure a higher level of [online] privacy protection” for online surfers, by establishing an opt-in model for collecting Web surfing information for marketing purposes, and Representative Rush’s (D-IL) Best Practices Act of 2010 proposal with the following key provisions:

  • Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information.
  • Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers’ options regarding those practices.
  • Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices.
  • Require companies to obtain “opt-in” consent to disclose information to a third party.  In the bill, the term, “third party” would be defined based on consumers’ reasonable expectations rather than corporate structure.
  • Establish a “safe harbor” that would exempt companies from the “opt-in” consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by FTC.
  • Require companies to have reasonable procedures to assure the accuracy of the personal information they collect.  The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend certain information.
  • Require companies to have reasonable procedures to secure information and to retain personal information only as long as is necessary to fulfill a legitimate business or law enforcement need.

U.S. Commerce Department Assistant Secretary Lawrence E. Strickling said in comments in October that Internet privacy needs to be strengthened for the industry to sustain users’ trust. “It’s difficult for consumers to act in their own interest if the law doesn’t meet their basic expectations” He cautioned that the departments’ upcoming report on the topic isn’t a final position statement, but rather the beginning of a “dialogue” that would lead to an official administration policy on information privacy.

The Federal Trade Commission has also announced they will be issuing a report on Internet privacy by the end of the year.

Increased privacy protections are by no means guaranteed

The Obama administration and proponents of increased consumer privacy protections in both the House and the Senate will face stiff challenges.

Though Republicans generally support privacy, they are unlikely to want to increase the authority of the FTC. They may also be reluctant to support legislation that big internet companies – and heavy campaign donors – find unpalatable. And when your information is worth its weight in gold in the digital economy, some companies will find any restrictions to using your information unpalatable.

Privacy advocates on the other hand are likely to balk at any proposals that lack the teeth of enforcement, and there may be strong splits between advocacy groups as to the approach and penalties proposed.

The key will be in creating an appropriate framework of regulatory guidelines, industry innovation, and consumer education. This needs to be approached with an understanding that there will be ongoing tension over how to strike the right balance between corporate (and government) data collection and consumer privacy because there isn’t one ‘right balance’ point. Privacy and authentication/transactional security needs will exist on a sliding scale that varies between the situational needs and consumer comfort levels.

What should be unanimously agreed upon are these three core consumer protections:

  • Transparency – you need to be able to see what information is being collected about you and have a clear understanding of how it’s being used – particularly if that information is shared or sold to other parties
  • Choice – you need to be able to easily find and modify information in your profiles
  • Control – you need the ability to effect a one-click opt-out of data collection

We are at a crucial fork in the road. The decisions that will be made in the next few months regarding consumer’s rights to personal privacy and control of personal information are likely to echo through history. And you have a very high stake in the outcome.

Linda

Advertisements

Ad Stalking – When Ads Follow You Online

September 24, 2010

Ever look for something online only to have the item follow you in the form of an ad wherever you go online? Advertisers call this ‘retargeting’ or ‘remarketing’, most users call it ‘creepy’.

This form of advertising is on the rise as start-ups like Criteo and TellApart are joined by the heavy hitters in online ad publishing like Google and Microsoft, while at the same time an increasing number of stores are leveraging the functionality.

The heavy sales pressure and creep-factor of today’s retargeting programs is so high for many users that they make a vow to never shop on the company’s site again.

The sentiment is understandable. I was recently retargeted to such an extent by Residence Hall Linens that I finally I took a snapshot of the nagging experience when the ad tracked me down on YouTube.

Apparently they hoped that if I only saw their ad often enough I might finally make a purchase. It backfired.

The New York Times recently covered retargeting in an article that hit a frustration point with so many readers it sparked 248 responses – and the only favorable ones I found came from ad industry insiders. A few comments from industry insiders were actually apologetic, and most of the general public comments were angry.

“Among digital advertisers, retargeting is seen as the next breakthrough as it allows companies to provide just-in-time marketing. According to Aaron Magness, senior director for brand marketing and business development at Zappos, “The overwhelming response has been positive.”

I’m guessing Mr. Magness didn’t read the comments generated by the NYT’s article:

“I did a search for .. lotion and now there is an ad on many of the sites I visit. After a few days I realized that the ad was the result of my searches and felt violated. I have decided to purchase a product from a competitor that is not stalking me.”

“If I wander into a store to browse, rather lost in thought, I don’t want a salesperson breathing down my neck.. Hard sellers, whether human or virtual, make me want to flee the scene.”

Remarketing technology is akin to an extremely annoying child who keeps repeating the same thing. Over and Over and Over and Over …. I experienced that with Zappos and the adds got so annoying that I added Zappos to the blocked sites on my Anti Virus software.

I bought a computer earlier this year and did online research and ads for the company STILL show up. I so would sign up for a “do not target” list but perhaps these marketers would ignore this list just like the ones still calling my home.

Same thing happened to me. The ad kept coming up for a particular store, it was very creepy. I wound up getting the item several weeks later but I made sure to ..not buy from the annoying store. When I’m reading the paper online I don’t want to be bombarded with random items I may have recently been researching. So when it happens I make a note not to do business with the company that’s involved in the onslaught.

As more consumers find themselves targeted by ads that follow them, privacy concerns are coming to the fore.

Retargeting has helped turn on a light bulb for consumers,” said Jeff Chester, a privacy advocate and executive director of the Washington-based Center for Digital Democracy. “It illustrates that there is a commercial surveillance system in place online that is sweeping in scope and raises privacy and civil liberties issues, too.”

The actual technology behind retargeting is not new it relies on websites dropping cookies (small text files) on computers of people who use their website. Virtually all commercial websites use cookies for various purposes, and in general these provide a service to you – it means they know how to recognize you when you return to their service, let’s you stay signed in, allows the site to maintain any customization you may have done on their site, and it is used for advertising.

(NOTE: the iLOOKBOTHWAYS website does not drop cookies onto your computer or track you in any way).

What remarketing companies do is look for cookies that flag items you looked at on one site, so that even though you are on a different site, the advertising engine can still create and deliver an ad based on the item you checked out.

In the NYT article, Mr. Magness said that consumers may be unnerved because they may feel that they are being tracked from site to site as they browse the Web. To reassure consumers, Zappos displays a message inside their retargeted ads that reads, “Why am I seeing these ads?” If  users click on it, they are directed to the website of Zappos’ ad engine company Criteo, where the ads are explained.

Once users understand how the ads are selected and made to follow a user, few choose to opt out claims Jean-Baptiste Rudelle, the chief executive of Criteo. Others aren’t convinced.

Joseph Turow, a professor at the Annenberg School for Communication at the University of Pennsylvania, who has conducted consumer surveys about online advertising said “When you begin to give people a sense of how this is happening, they really don’t like it,” and added that he personally had a visceral negative reaction to the ads, even though he understands the technologies behind them. “It seemed so bold,” Professor Turow said. “I was not pleased, frankly.”

The biggest issue may simply be the primitive way these ads stalk a user. Alan Pearlstein, chief executive of Cross Pixel Media, a digital marketing agency says he supports retargeting, but with more subtlety saying “What is the benefit of freaking customers out?”  Pearlstein suggests for example that the ads could offer consumers a discount coupon if they return to an online store. This sentiment was shared by several of the people who commented on the NYT’s article:

I understand how a person could be a bit uncomfortable with the concept of retargeting if they don’t understand what is actually happening…the privacy lobby is just overblowing the issue… there is already clear cut legislation prohibiting the connection of “cookie data” with personally identifiable information (i.e. the cookie can identify a browser profile, but is not allowed to associate profile with a specific person).

Retargeting is a very effective tool. There is an enormous amount of empirical evidence to support this… it represents a very benign targeting methodology which allows for higher advertising prices and helps to maintain the status quo of free premium content on the internet. In my opinion, it is a pretty binary question – pay walls or targeted ads.

I am a strong believer in the importance of privacy online and clear regulation to protect people from the exploitation of their browsing history or personal information…but I find it extremely ironic that someone might complain about being retargeted for an ad yet voluntarily allow for social censorship through the use of services like Foursquare. I guess the notion of a systematized and anonymous advertising method is a lot scarier than letting herds of vague acquaintances know when and where you are buying a coffee or getting a beer.

The reality is retargeting will become de rigueur, and the only issues significant numbers of consumers have with it result from the sloppy, 1st-generation technologies being deployed. Just as early paid search systems were improved upon over time, the same will happen with retargeting, and that will assuage consumers.

When retargeting is bad, it’s because the real issue with this sort of retargeting is not that consumers find it intrusive, but rather that the system behind it is unintelligent….

If this philosophy doesn’t appeal to you, perhaps recommended solutions provided by other comments by on the site will:

There is a very simple solution for people disturbed by this: periodically purge your cookie cache. That means you will have to sign in (not up – just reenter your user name and password) again for all of your favorite pages, but a comprehensive cookie purge is beneficial in other ways as well.

I have a simple and free app that I downloaded years ago which patrols websites and “kills ads dead” …and haven’t had an advertisement pop its head at me in all that time. Why aren’t more people simply washing their screens of any ads, much less ones that follow them around online?

When I asked Google if this was intentional and they replied Yes! they offered me an “opt-out” which I took advantage of and I’ve not been followed around on the internet since – at least not obviously.

If you don’t want these (or any) ads, what can you do? Perhaps the most popular option is to use Adblock Plus, a browser add-on for Firefox users.

Google users may want to go to http://www.google.com/ads/preferences/plugin/ and to opt out, or to manage their ad settings.

Linda