A new set of government guidelines doesn't go far enough to ensure the privacy of people whose online information is gathered by marketers, consumer groups say.
On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.
The report also urges sites to keep collected data 'as long as is necessary to fulfill a legitimate business or law enforcement need,' inform users of any changes made to privacy policies, and only collect sensitive personal data"”such as financial and health records"”in cases where the user opts in.
Calls for tougher laws
Efforts to govern behavioral targeting reflect society's love-hate relationship with marketing messages tailored specifically to a person's activities online. Research shows that consumers generally prefer to see messages about brands with which they're familiar. Advertisers know how to deliver those messages based on their knowledge of how consumers behave online"”sites they visit, how often, for how long, and what they do while there. At the same time, many consumers are leery of tools that in their view help marketers pry into their personal lives.
Guidelines may be a step in the direction of protecting privacy, but consumer advocacy groups say the government needs to pass legislation that regulates behavioral targeting practices. The FTC 'should have told Congress it's time to act and create legislative safeguards,' says Jeffrey Chester, founder and executive director of the Washington-based Center for Digital Democracy.
The CDD and other consumer groups also say the FTC doesn't provide sufficient guidance in areas such as the definition of sensitive data. The FTC 'encourages industry, consumer, and privacy advocates, and other stakeholders to develop more specific standards to address' sensitive data. But, says Pam Dixon, executive director of the World Privacy Forum, 'the industry already has developed [definitions for sensitive data] but they are absolutely inadequate.' Protecting health-related information is especially important as the government's proposed stimulus legislation earmarks funds for the management of online health records, Dixon says.
A warning to industry
FTC officials did not rule out pushing for stricter legislation. In a statement released the same day as the report, FTC Commissioner Jon Leibowitz warned that if industry can't conform to these new standards on its own, that would 'certainly invite legislation by Congress and a more regulatory approach by our commission.' The document released on Feb. 12 is a revision of principles the agency proposed in December 2007, which received more than 60 comments from industry and consumer groups, individuals, and business.
Several online publishers have already experimented with some of these methods. Online retailer eBay (EBAY), for example, has started to include an 'about' link above all display ads on its site. The link opens a window that explains which ad network placed the ad, what type of information the network is using, as well as a checkbox that lets users opt out of targeted ads.
Scott Shipman, eBay's global privacy leader, says the company began developing the feature early in 2007 in response to growing privacy concerns by the FTC and others.