Marketers of all types have had to deal with a number of new rules regarding customer contact in recent years. Now, online marketers might have to deal with a “do not track” list if the Federal Trade Commission gets its way.
A preliminary staff report from the agency provides a framework to balance consumers’ rights to privacy with online marketing innovations that use information to develop new products and services.
The report suggested implementation of a “do not track” mechanism so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities. This mechanism, FTC said, is likely to be a persistent setting on consumers’ Internet browsers.
“Technological and business ingenuity have spawned a whole new online culture and vocabulary—e-mail, IMs, apps and blogs—that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well,” said agency chairman Jon Leibowitz.
However, the FTC added, efforts at self-regulation have been too slow to come about and have failed “to provide adequate and meaningful protection.”
For example, the agency declared that although many companies use privacy policies to explain their information practices, the policies have become long, legalistic disclosures that consumers usually don’t read and don’t understand if they do. Current privacy policies force consumers to bear too much burden in protecting their privacy.
The report recommends companies need to adopt a “privacy by design” model and build such protections into their everyday business practices.
These practices include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
Consumers should be allowed to choose if they want their data collected and shared at the time and in the context in which they are making their decisions, instead of having to try and find and then read lengthy disclosure statements.
On the other hand, companies should not have to seek consent for what the FTC termed certain commonly accepted practices.
It is “reasonable for companies to engage in certain practices—namely, product and service fulfillment, internal operations such as improving services offered, fraud prevention, legal compliance and first-party marketing,” the report states. “By clarifying those practices for which consumer consent is unnecessary, companies will be able to streamline their communications with consumers, reducing the burden and confusion on consumers and businesses alike.”
The Consumer Federation of America has come out in favor of a do not track tool. While “behavioral tracking” is designed to allow marketers to tailor ads to an individual consumer based on a profile, this information can also be used to make assumptions about people for other purposes, such as employment, housing, insurance and financial services. It can also be used for lawsuits and government surveillance. “There are no limits to what types of information can be collected, how long it can be retained, with whom it can be shared, or how it can be used,” CFA director of consumer protection Susan Grant testified before a House subcommittee.
Surveys have shown that many consumers simply do not want to be followed around on the Internet, even if that would result in seeing ads that are more relevant to their interests, she said.
The CFA is similar to the FTC in calling for a browser-based “do not track” mechanism. Consumers would be able to adjust the settings to accept tracking by certain entities if they wished.
Self-regulation is not adequate, according to Grant. “There is no requirement that companies participate in them, there is no oversight or transparency, and there is no enforcement,” she explained. Furthermore, the opt-out mechanisms that industry-led programs use are based on cookies, which do not work for some tracking methods and fail to provide persistent protection from unwanted tracking since cookies can be deleted for a variety of reasons.
Lisa Sotto, an attorney who heads up the privacy and information management practice at Hunton & Williams LLP, called the “do not track” mechanism a viable option.
The FTC believes that such an option would simplify consumer choice. “The report gives the industry a strong sense of where there is likely to be future FTC enforcement.”
Sotto added there are other things businesses need to be aware of in the FTC report.
“People have said that privacy notices are dead. Privacy notices are not dead at all. The FTC’s position is that privacy policies are here to stay, but they must be more effective—they need to be shorter, clearer and just in time. The FTC wants notices to be provided at the time data is collected so consumers can make informed choices.”
She adds, “Data brokers will continue to be in the spotlight, and the FTC views access to data maintained by data brokers and others as crucial to accountability. The FTC will also continue its vigorous enforcement efforts, cooperating with other regulators, both domestic and international, in taking action.”
Meanwhile, the Department of Commerce has also come out with a report regarding privacy. Sotto said, “There has been a real hunger for rules of the road when it comes to domestic privacy issues and this would put a road map in place.”
In its report, Commerce calls for what would be akin to a “Privacy Bill of Rights” for online consumers. The agency said this is “a clear set of principles concerning how online companies collect and use personal information for commercial purposes. These principles would be recognized by the U.S. government and serve as a foundation for online consumer data privacy. They would build on existing Fair Information Practice Principles that are widely accepted among privacy experts as core obligations.”
This Privacy Bill of Rights, Commerce continued, “should prompt companies to be more transparent about their use of consumer information, to provide greater detail about why data is collected and how it is used, to put clearer limits on the use of data, and to increase their use of audits and other ways to bolster accountability.”
The agency also calls for an enforceable code of conduct. Sotto said, “This proposal reinforces the message from regulators that self-regulation is not getting the job done, that the government has to play a role, and that there must be a mechanism to enforce accountability.”
