Friday, February 13, 2009

FTC Online Privacy Guidelines Faulted

The Federal Trade Commission has finally released it's initial - and long awaited - guidelines designed to ensure the privacy of people whose online information is gathered by marketers. The consensus among consumer and privacy rights groups is the rules don't go nearly far enough.

Business Week reports:

Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.

The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.


Guidelines may be a step in the direction of protecting privacy, but consumer advocacy groups say the government needs to pass legislation that regulates behavioral targeting practices. The FTC "should have told Congress it's time to act and create legislative safeguards," says Jeffrey Chester, founder and executive director of the Washington-based Center for Digital Democracy.

The CDD and other consumer groups also say the FTC doesn't provide sufficient guidance in areas such as the definition of sensitive data. The FTC "encourages industry, consumer, and privacy advocates, and other stakeholders to develop more specific standards to address" sensitive data. But, says Pam Dixon, executive director of the World Privacy Forum, "the industry already has developed [definitions for sensitive data] but they are absolutely inadequate." Protecting health-related information is especially important as the government's proposed stimulus legislation earmarks funds for the management of online health records, Dixon says.


Now, it's up to the Administration of President Barack Obama to appoint a chairman to head the commission, one of the few agencies of its stature that still lacks a head. According to online privacy experts, current FTC Commissioners Leibowitz and Pamela Jones Harbour are top contenders for the job. If the commissioners' warnings hold credence, stricter government regulation of behavioral targeting could be on the way. Says Leibowitz: "We're going to stay very involved in this area. We're all hopeful that self-regulation will work, but some of us are more skeptical."

It appears the FTC is using that good ole' Bank Bailout (TARP) template of, "Regulate yourselves, we trust you to do what's right." One would think this kind of faux regulation had seen its last day after the drubbing conservatism and free market fundamentalism took in the past couple elections, but apparently we just haven't gotten that "regulation thing" down yet.

Pleading, wishing, and hoping that big business does what's best for the consumer is a sure fire recipe for failure. Granted, FTC officials didn't rule out pushing for stricter legislation, warning that if these companies didn't conform on their own to the guidelines they COULD be in FUTURE trouble IF regulations are passed. Wow, if that doesn't send chills of fear down their corporate spines I don't know what will!!

All joking aside, this is still a step in the right direction, and demonstrates a growing understanding among government officials that privacy on the internet is a growing concern and must be adequately addresses.

So, for educational purposes, as this guy knows a lot more about this issue than I do, let me go to a statement I found by Jeff Chester, Exec. Director, Center for Digital Democracy on the new FTC guidelines and the larger issue of online marketing and data collection:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency. But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online. The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding. Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well). Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling. Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks. We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal. Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet. Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT. Behavioral targeting itself has also grown more complex. That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection. Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required. It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area. By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant. The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles. We personally thank them for their commitment to the public interest. Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues. We urge everyone to review their separate statements issued today.

Today’s release of the privacy principles continues the conversation. But meaningful action is required. We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

Stay tuned for President Obama's choice for the next Chairman of the FTC...

No comments: