Some good news on the regulatory front: Privacy advocates plan to file a complaint with federal regulators against tracking and profiling practices used by Google, Yahoo, Microsoft and other Internet companies to auction off ads targeted at individual consumers in the fractions of a second before a Web page loads.
The complaint being filed is by the Center for Digital Democracy, U.S. PIRG, and the World Privacy Forum, charging that a "massive and stealth data collection apparatus threatens user privacy," and asks regulators to compel companies to obtain express consent from consumers before serving up "behavioral" ads based on their online history.
Internet companies will be asked to acknowledge that the data they collect about a person's online movements through software "cookies" embedded in a Web browser allows advertisers to know details about them, even if those cookies don't have a person's name attached.
As I said in a post last week, people want, if enabled, to protect their privacy and control their data. BUT, not if it’s made difficult, confusing, or time consuming. And this is why new rules, laws are so desperately needed for cyberspace...we need "systems" that will allow users to control their information in an easy, logical, and practical way.
The good news is it takes very little to create such "systems" that enable us to make better life choices, for ourselves as individuals, and for the society as a whole. The fight is rarely in the practicality of the laws, or system itself, but rather in the corporate interests that are fighting change...because that change might undercut their profits.
When it comes to privacy, it’s the HUGE money that can be made off our data. If we are given an easy to use and understand "system" (i.e. laws) that allows us to protect our data, share it only through opting in, then we will. If it’s like solving a Rubik’s Cube to do so, we won't.
So if we value privacy as a social good (which it is), and a fundamental liberty and right, then we MUST put rules and laws in place that protect it as such.
We are told by the same interests that profit off our information that privacy is dead, and people don't care about it anymore. Well, that's easy to say when you are the ones developing the complicated and difficult to find privacy settings consumers have to deal with.
As privacy expert Bruce Schneier recently wrote, "People, including the younger generation, still care about privacy. Yes, they're far more public on the Internet than their parents: writing personal details on Facebook, posting embarrassing photos on Flickr and having intimate conversations on Twitter. But they take steps to protect their privacy and vociferously complain when they feel it violated. They're not technically sophisticated about privacy and make mistakes all the time, but that's mostly the fault of companies and Web sites that try to manipulate them for financial gain.
Here's the problem: The very companies whose CEOs eulogize privacy make their money by controlling vast amounts of their users' information. Whether through targeted advertising, cross-selling or simply convincing their users to spend more time on their site and sign up their friends, more information shared in more ways, more publicly means more profits. This means these companies are motivated to continually ratchet down the privacy of their services, while at the same time pronouncing privacy erosions as inevitable and giving users the illusion of control.
There's no malice on anyone's part here; it's just market forces in action. If we believe privacy is a social good, something necessary for democracy, liberty and human dignity, then we can't rely on market forces to maintain it. Broad legislation protecting personal privacy, by giving people control over their personal data is the only solution.
With that, let's get to the article in the San Jose Mercury News regarding this new effort to establish some privacy rules of the road.
Mike Swift writes:
"This idea that a cookie is nonpersonal information no longer really applies in this digital age. You don't need to know a person's name to know a person - to understand their likes and their dislikes, the contents of what they read, what they put in their shopping cart. It's really personal now," Jeff Chester, executive director of the digital center, said in an interview. "There's a balance that needs to be set here," he added of the groups'complaint against so-called "real-time" and "behavioral" advertising. "We want online advertising to flourish, but there has to be some rules."
Behavioral advertising refers to the practice of tracking an individual's online movements and using the portrait that emerges to target advertising.
Google launched what it dubbed "interest-based advertising" about a year ago, saying it would make advertising more relevant and interesting by tracking users and categorizing their interests in topics such as sports, gardening, cars and pets. More recently, Google, Yahoo and other advertisers have built their capacity to provide "real-time" ads — adding the element of immediacy by targeting ads that take into account a person's up-to-the-minute behavior. Such real-time ads can be targeted in the 50 milliseconds or less between the time a person clicks on a Web site and the time the page appears.
The gist of the disagreement is that privacy advocates say Internet companies should obtain prior consent from users for behavioral advertising, while Yahoo, Google and other companies say the right policy is to allow consumers to opt out if they don't want to be tracked online.
Besides Google and Yahoo, the FTC complaint also names smaller online advertisers such as AppNexus, MediaMath, Rubicon Project and Rocket Fuel. Chester said he and other privacy advocates are particularly concerned that some online marketers are developing the ability to combine a person's Internet history with personal data from their offline life — such as the consumer's race, gender, profession and income — to fine-tune online ad targeting.
An article in News Factor ads some context and details to this issue.
Technologies that enable the real-time profiling, targeting and auctioning of consumer data are becoming commonplace as companies incorporate an array of outside data sources for sale online, warned PIRG's Ed Mierzwinski. "In just the last few years, a growing and barely regulated network of sellers and marketers has gained massive information advantages over consumers," he said. "Consumers will be most shocked to learn that companies are instantaneously combining the details of their online lives with information from previously unconnected offline databases without their knowledge, let alone consent," Mierzwinski said.
Ad targeting involves many sensitive areas that require scrutiny -- including medications and health services, the FTC complaint asserted. "For example, Google's DoubleClick Ad Exchange permits the targeting of a wide range of health and financial behaviors," the filers observed.
"These include arthritis, diabetes, GERD and digestive disorders, migraines, sleep disorders, pain management, credit cards, loans and insurance." According to Privacy Choice, any site in Google's vast AdSense network may carry ads placed by third-party ad companies, which Google calls "certified ad networks," the filing noted. "This is an important privacy development, as it means that more than 80 new companies may now use or collect user behavioral information through Google ad tags that are already installed on millions of web pages."
What's more, the groups believe that consumers ought to receive fair financial compensation for the use of their data. Additionally, they want the FTC to prepare a report that informs consumers and policy-makers in Congress about the privacy risks and consumer-protection issues involved.