By now most anyone that has come to this blog knows, at least in general terms, what is called behavioral targeting. This massive, growing multi-billion dollar industry is built on the tracking of you on the internet - and EVERYTHING you do on it...and then compiling, storing and selling that data to third party advertisers (while being accessed by government when requested...which we know is a lot)
This rise in behavioral tracking has made it possible for consumer information to be potentially misused, increases the threat of identity theft, and is a fundamental violation of privacy. Often times, such behavioral tracking is particularly targeted at vulnerable consumers for high-price loans, bogus health cures and other potentially harmful products and services. To date, to what extent "Do Not Track" rights exist, it has been a voluntary request from industry - which borders on pointless.
But even if a click of a mouse or a touch of a button can thwart Internet tracking devices, there is no guarantee that companies won’t still manage to gather data on Web behavior. Compliance is voluntary on the part of consumers, Internet advertisers and commerce sites.
"The real question is how much influence companies like Google, Microsoft, Yahoo and Facebook will have in their inevitable attempt to water down the rules that are implemented and render them essentially meaningless,” John M. Simpson, privacy project director for Consumer Watchdog, said in response to the administration’s plan. "A concern is that the administration’s privacy effort is being run out of the Commerce Department.”
The next step will be for the Commerce Department to gather Internet companies and consumer advocates to develop enforceable codes of conduct aligned with a “Consumer Privacy Bill of Rights” released as part of the administration’s plan on Wednesday. The bill of rights sets standards for the use of personal data, including individual control, transparency, security, access, accuracy and accountability.
In principle, the proposal does look good...so what I'll be watching for is just how watered down this legislation becomes over time...and that we don't forget some of the key protections necessary, as recently outlined by a coalition of consumer groups, including:
· Sensitive information should not be collected or used for behavioral tracking or targeting.
· No behavioral data should be collected or used from anyone under age 18 to the extent that age can be inferred.
· Web sites and ad networks shouldn’t be able to collect or use behavioral data for more than 24 hours without getting the individual’s affirmative consent.
· Behavioral data shouldn’t be used to unfairly discriminate against people or in any way that would affect an individual's credit, education, employment, insurance, or access to government benefits.
This would also include: No sensitive information (like health or financial information) should be used for behavioral tracking, no one under 18 should be behaviorally tracked, Web sites and ad networks shouldn’t be able to keep behavioral data for more than a day without getting an OK from the individual they’re tracking, and behavioral data can’t be used for discriminatory purposes.
On paper, then, it looks fine as a work in progress, though Stephens does acknowledge that at least one provision – the “Respect for Context” clause, which says companies “will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data” – seems somewhat subjective and open for interpretation. As such, consumers concerned about their privacy will have to wait and see how this vague language of the bill of rights will translate into actionable regulation.
“The way it is right now … it’s historically been self-enforcing,” says Rainey Reitman, activism director for the digital rights advocacy group the Electronic Frontier Foundation. “The White House statement today changes that, so it will be under the umbrella of FTC enforcement.”
"We are glad that the FTC and the advertising industry will breathe new life into the Do Not Track rules," she said. "This is a welcome first step toward providing a single simple tool to opt out of being tracked online. We are encouraged that we're on the right track. But we are not ready to rest."
“Whether using a search engine, watching an online video, creating content on a social network, receiving an email, or playing an interactive video game, we are being digitally shadowed online....Our travels through the digital media are being monitored, and digital dossiers on us are being created—and even bought and sold.”
“Americans shouldn’t have to trade away their privacy and accept online profiling and tracking as the price they must pay in order to access the Internet and other digital media,” Chester declared, adding that far from being an impediment to continued growth in the online sector, meaningful privacy safeguards will actually stimulate the digital economy.
“The uncertainty over the loss of privacy and other consumer harms will continue to undermine confidence in the online advertising business,” he explained. “That’s why the online ad industry will actually greatly benefit from privacy regulation. Given a new regulatory regime protecting privacy, industry leaders and entrepreneurs will develop new forms of marketing services where data collection and profiling are done in an above-board, consumer-friendly fashion.”
Privacy is a fundamental right in the United States. For four decades, the foundation of U.S. privacy policies has been based on Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.
Those principles ensure that individuals are able to control their personal information, help to protect human dignity, hold accountable organizations that collect personal data, promote good business practices, and limit the risk of identity theft. Developments in the digital age urgently require the application of Fair Information Practices to new business practices. Today, electronic information from consumers is collected, compiled, and sold; all done without reasonable safeguards.
Consumers are increasingly relying on the Internet and other digital services for a wide range of transactions and services, many of which involve their most sensitive affairs, including health, financial, and other personal matters. At the same time many companies are now engaging in behavioral advertising, which involves the surreptitious tracking and targeting of consumers.
Click by click, consumers’ online activities – the searches they make, the Web pages they visit, the content they view, the videos they watch and their other interactions on social networking sites, the content of emails they send and receive, how they spend money online, their physical locations using mobile Web devices, and other data – are logged into an expanding profile and analyzed in order to target them with more "relevant" advertising.
This is different from the "targeting" used in contextual advertising, in which ads are generated by a search that someone is conducting or a page the person is viewing at that moment. Behavioral tracking and targeting can combine a history of online activity across the Web with data derived offline to create even more detailed profiles. The data that is collected through behavioral tracking can, in some cases, reveal the identity of the person, but even when it does not, the tracking of individuals and the trade of personal or behavioral data raise many concerns.