I've talked a lot about the explosion in data collection, data analysis and use of behavioral marketing on this blog. For good reason, when there's billions of dollars at stake, and your private information is the currency, there's plenty of reasons to place a big "consumer beware" sign anywhere you are doing something ostensibly "private".
We know for a fact, and they have been sued for it, companies like Google, Yahoo, Microsoft and other Internet companies track and profile users and then auction off ads targeted at individual consumers in the fractions of a second before a Web page loads. That in itself, may not be all that threatening to most. But it raises some interesting questions: What kind of control should we have over our own data? And, what kind of tools should be available for us to protect it? What about ownership of our data? Should we be compensated for the billions of dollars being made by corporations from their tracking of us? And of course, what of the government's access to this new world of data storage?
For instance, Internet companies would be asked to acknowledge that the data they collect about a person's online movements through software "cookies" embedded in a Web browser allows advertisers to know details about them, even if those cookies don't have a person's name attached. More generally, particularly on the issue of privacy on the Internet, the fact that we have next to no privacy standards as related to these technological innovations and trends is disturbing, and more than enough of a reason for some of the bills being offered here. So now the question becomes whether they're sufficient. Word is still out on that question.
A major infrastructure has emerged to expand and promote the interests of this sector, including online advertising networks, digital marketing specialists, and trade lobbying groups.
- Will online advertising evolve so that everyone's privacy is truly protected?
- Will there be only a few gatekeepers determining what editorial content should be supported in order to better serve the interests of advertising, or will we see a vibrant commercial and non-commercial marketplace for news, information, and other content necessary for a civil society?
- Who will hold the online advertising industry accountable to the public, making its decisions transparent and part of the policy debate?
- Will the more harmful aspects of interactive marketing - such as threats to public health - be effectively addressed?
EPIC has been an advocate of privacy protection for consumers since it was formed in 1994, when the Web was just a baby. EPIC argues in its comment that businesses should be required to adopt clearer privacy policies regarding information they collect on consumers because policies vary widely, are obtuse (sometimes purposely) and frequently change. The group complains that the FTC “mistakenly endorses self-regulation and ‘notice and choice’” of a company’s practices. Furthermore, EPIC says the FTC can already investigate deceptive business practices that invade privacy under Section 5 of the statute under which it operates, but that it doesn't. The FTC "fails to explain why it has not used its current Section 5 authority to better safeguard the interests of consumers," EPIC states.
To be sure, Internet businesses have good intentions and can point to instances where they have built “privacy by design” into their digital goods and services. Microsoft, for instance, told the FTC it already deletes the IPFirefox 4 has one, too). But Microsoft has made its share of privacy mistakes, such as assisting law enforcement and intelligence agencies in obtaining private user data, failing to encrypt the cloud-stored data of its Live@edu users and reportedly using ads as a cover for data mining.
Microsoft is not the only Internet business with a privacy protection problem, though. EPIC petitioned the FTC in 2009 to investigate Google over security breaches in its cloud computing service. And Facebook, despite numerous complaints about its envelope-pushing data mining practices at the expense of privacy, urged the FTC to provide privacy protection without imposing “restrictions [that] could limit Facebook's ability to innovate.” You’ll have to do better than that Zuck.
The bill would apply to a broad swath of data about consumers, including not only names and phone numbers but also email addresses, if they include names, customer numbers held in cookies and unique device identifiers.
In its current form, the bill requires companies to obtain users' explicit opt-in consent before collecting "sensitive" data, defined expansively as personal information that "if lost, compromised, or disclosed without authorization could result in harm to an individual."
The bill, which currently names Sen. John McCain (R-Ariz.) as co-sponsor, apparently remains a work-in-progress. But some provisions in the current version are virtually certain to be opposed by privacy advocates. For instance, the measure would preempt many state laws. Additionally, consumers wouldn't be allowed to file private lawsuits to enforce the bill.
If the Internet is to remain an interactive, personal experience, then some amount of is vital. The questions are: how much, and what for, and who by, and with what kind of opt-in or opt-out mechanisms for consumers?
In other words, more concerning than any single threat posed by any single technology – including on the Internet – is this larger pattern indicating that privacy as both a right and an idea is under siege. As young people grow up with so much of their information so public and accessible to all, including government, I fear their sense, appreciation and understanding of privacy will continue to fade away. The consequences of such a loss would be profound.