Thursday, May 12, 2011

Another "Do Not Track" Bill Proposed in Senate

For all intents and purposes, it appears "do not track" is the privacy story of the past few months. For good reason, there has been a virtual explosion in data collection, data analysis and use of behavioral marketing on the internet without the requisite privacy protections to go along with it.  The fact is, billions of dollars at stake, and your private information is the currency.

Before I discuss the latest legislation advocating for a "Do Not Track" mechanism on web browsers from Senator Jay Rockefeller, let me provide some back-story first. We know for a fact, and they have been sued for it, companies like Google, Yahoo, Microsoft and other Internet companies track and profile users and then auction off ads targeted at individual consumers in the fractions of a second before a Web page loads.

That in itself, may not be all that threatening to most. But it raises some interesting questions: What kind of control should we have over our own data? And, what kind of tools should be available for us to protect it? What about ownership of our data? Should we be compensated for the billions of dollars being made by corporations from their tracking of us? And of course, what of the government's access to this new world of data storage?

The argument from privacy advocates has largely been that this massive and stealth data collection apparatus threatens user privacy and regulators should compel (not hope that) companies to obtain express consent from consumers before serving up "behavioral" ads based on their online history.

For instance, in the Kerry-McCain legislation (that supposedly compliments Rockefeller's bill), Internet companies would be asked to acknowledge that the data they collect about a person's online movements through software "cookies" embedded in a Web browser allows advertisers to know details about them, even if those cookies don't have a person's name attached. More generally, particularly on the issue of privacy on the Internet, the fact that we have next to no privacy standards as related to these technological innovations and trends is disturbing, and more than enough of a reason for legislation like that being offered by Rockefeller (and in California in the form of SB 761) and others.

Rockefeller's bill would create a “universal obligation for all online companies” to not track people who set a browser flag or cookie saying they don’t want to be tracked. The Do Not Track flag is a rather simple concept that's already been built into Firefox and IE9. If users choose to turn on the option, every time they visit a web page the browser will send a message to the site, saying “do not track.”

In explaining the bills need, Rockefeller stated “Consumers have a right to know when and how their personal and sensitive information is being used online — and most importantly to be able to say ‘no thanks’ when companies seek to gather that information without their approval. This bill will offer a simple, straightforward way for people to stop companies from tracking their every move on the internet.”

The bill would also empower the FTC to go after companies that disobey the flag. Companies can collect info needed for their service to work from users who set the flag, but must destroy it or anonymize it once it’s no longer needed.

As detailed by Ryan Singel of Wired Magazine, "The likely winner if such a bill passes is oddly Facebook, since the company targets its ads based on the information that users explicitly provide it, which puts it beyond the bill’s reach. Google faces the most risk, since, depending on the bill’s wording, it could apply not only to its far-reaching advertising network, but also to its collection of user’s search terms."

As you might guess, web firms generally oppose “do not track” rules - arguing that companies can create their own tools to help users manage tracking. Of course, this whole "voluntary" compliance argument made by corporate interests seeking to maximize profits at all costs simply doesn't hold water.

E-Week has more on this legislation and the reaction from some privacy advocates:

The Consumers Union, the Electronic Frontier Foundation, Consumer Action, the Center for Digital Democracy and the American Civil Liberties Union all spoke in favor of the bill during a May 9 conference call. The bill offered "crucial civil liberties protection for the 21st century," Chris Calabrese, legislative counsel at the ACLU, said on the call.

"This legislation would give Americans the right and the right tools to browse the Internet without their every click being tracked," Consumer Protection Director Susan Grant said.


While it was heartening to see the industry coming out with its own solutions, there was no requirement or enforcing companies from complying with user preferences, said Ioana Rusu, regulatory counsel for Consumers Union. Rusu claimed that giving the agency and states’ attorneys general the authority to impose civil penalties against the companies that violate the rules was very important.

“This bill will put regulatory support behind these industry initiatives and make sure that online providers listen to the many consumers who want to clearly say ‘no’ to online tracking,” said Rusu.

The Rockefeller bill “complements” the online privacy bill introduced by U.S. Sens. John Kerry (D.-Mass.) and John McCain (R.-Ariz.) in April, Rusu said. The Kerry-McCain bill would require companies to inform users up-front what data was being collected and to provide a clear way to opt out of the collection. Consumer groups and privacy advocates criticized the fact that the Kerry-McCain bill did not explicitly address “do not track” and gave the Commerce Department too much power over regulating consumer online privacy.

The Rockefeller bill is expected to be discussed as an amendment

Rockefeller included mobile phones in the bill and the provisions would apply to mobile phone network operators as well as Websites and online advertising networks. The mobile phone provisions are important in light of recent reports that Apple and Google are tracking user locations using the user’s smartphone, according to Jamie Court, president of Consumer Watchdog.

Click here to read more.

It should be noted, that the most far reaching "Do Not Track" (DNT) and financial privacy legislation being proposed comes from Congresswoman, Jackie Speier. Her bill would essentially allow Internet users to opt-out from "cookies, sniffing, scraping, or any other new and creative methods developed by those looking to profit through these activities." The "DNT" legislation would allow the Federal Trade Commission to force online advertisers to respect the wishes of users who do not want to be tracked for marketing purposes.

Likewise, in California, SB 761 is modeled after the Speier bill, thus also offering consumers a "Do Not Track Me" mechanism, something the bill's sponsor describe as "one of the most powerful tools available to protect consumers' privacy." The mechanism will allow anyone online to send Websites the message that they do not want their online activity monitored.

Certainly one strong point of the legislation is that it is in line with public opinion, which a poll by Consumer Watchdog last summer found 80% of Americans support a Do Not Track option. In addition, a recent USA Today/Gallup poll found that most Americans are worried about their privacy and security when they use Facebook and Google.

Interestingly, though expected, the European Union is going even further by making the mechanism and opt-in, rather than opt-out. Let's face it, opt-out options are often confusing, and buried a few clicks away often in fine print (though 'Do Not Track" mechanisms will be easier to locate...which is a good thing). But for me, opt-in is superior not just due to "convenience". It goes deeper than that, its about having control over YOUR information. AS I have written here before, "If someone wants to borrow something of mine, like my car, I don't have to find a way to opt-out of doing so after they've taken it on a spin, they have to come to me first. The same should be true of what I do in my private time, on the net, or in my home (think smart meter)."

I'll continue to cover the details, and the progress, of these, and related bills.

No comments: