About Adam K Levin | Contact | Videos

FTC “Do Not Track” Proposal: Q&A With A Privacy AdvocateBlogPrivacy


Share
"Spy", via VikaValter, ThinkStock.

“Spy”, via VikaValter, ThinkStock.

Earlier this month the Federal Trade Commission formally announced a new world order that would provide more privacy options for Internet users.

The cornerstone of that proposal is a universal “Do Not Track” mechanism that would allow web consumers to block access to online marketers. The proposal is viewed by privacy groups as similar to the FTC’s 2004’s “Do Not Call” registry, which gave consumers the option to block unwanted telemarketing calls to their homes.

This week, I had the opportunity to sit down with my colleague Eduard Goodman, Chief Privacy Officer at Identity Theft 911, to discuss the impact, pro and con, from the proposed “Do Not Track” list.

So, what’s the concept here?

Conceptually, it is very similar to the “Do Not Call” list. Consumers could be given the option to not have their online behavior tracked for marketing purposes. If it goes through, “Do Not Track” would likely block things like banner ads, pop-up ads – basically any online advertising mechanism that could track your browsing behavior and use it for marketing purposes. Limiting cookies, “history sniffing” programs and the like. It might also lead to consumers blocking ads on social networking applications like Facebook.

What about the practical side?

The key question from a practical point of view is this: how do you accomplish a “Do Not Track” program? With the “Do Not Phone” list, it was pretty cut and dried – consumers simply registered their phone numbers on a list. But on the Internet, all bets are off. How will you block online marketers? By IP addresses? That doesn’t seem very practical.

What does the FTC have to say about the “implementation” issue?

Right now, the FTC is suggesting, for lack of a better word, a browser “plug in” on big Internet modules like Firefox, Safari or Explorer. Under that implementation, individual users would set the rules, allowing them to shape what they want and to whom they want to talk online. I don’t think the FTC views it as an “all or nothing” proposition – it just wants to give more privacy options to web consumers. But that said, it’s surprising that the FTC has been working at this policy for at least a year, yet there’s still a real lack of clarity.

What are the big guys saying about the proposal?

There are still comments coming in, but in one of the roundtables I checked into, a Google executive made a valid point. He said that, in all of the studies he’d seen, there already were mechanisms in place that enabled consumers to customize their online advertising experiences. That’s actually true. On Firefox, for instance, there’s a simple “two-click” process to clear your privacy settings. It’s very easily accomplished. There have been plenty of good comments looking to the FTC to clarify what they’re doing.

What’s driving the “Do Not Track” initiative?

The FTC, mostly. It’s ironic, but consumers are largely unaware that all of this “Do Not Track” chatter is going on. It’s the FTC that’s saying “we want transparency” and “we want choice.” They’re telling the big online marketers, “ You need to start living in a fishbowl and show us what you’re doing.” That’s a big point. Nobody, even the U.S. government, knows exactly who is tracking online consumers and how they’re doing it. But that makes the FTC’s case even stronger in its mind – it goes against the core privacy principles that the FTC lives by – consent and choice. But you have to give the FTC its due – they’ve been following this issue on the enforcement side for a decade now and do know what’s going on.

Beyond the FTC, is there anyone else pushing the “Do Not Track” policy?

Oh, sure. You’ve got plenty of non-profit groups like the Electronic Frontier Foundation contributing to public awareness. Private advocacy groups are also out there getting the message out. Interestingly, you also see legitimate businesses pushing the “Do Not Track” list. The people I talk to say they would rather be regulated and have these privacy policies in place than get smeared by the frauds and scam artists who don’t play by the rules. I’m not saying these businesses are pushing the privacy issue directly, but they know that they should adopt some best practices.

Are consumers demanding a “Do Not Track” list?

No, not really. I think consumers clearly understood the “Do Not Call” list. There was an alarm going off on that one – people didn’t want to be bothered by phone calls at the dinner table. But there is no similar alarm sounding on the Internet and “Do Not Track.” But I do think that if consumers knew they might be giving up convenience for security, they’d have more to say.

There is a law of unintended consequences for consumers. In the short history of the Internet, the reality has always been this: if users approve access to their data for a fixed amount of time, then web companies will provide access to the Internet for free. So the Internet has really never been “free.” It’s always been paid for by trading personal data for access to markets and information online – it’s a commodity and can be monetized as information. That’s a problem and we need a course correction. There is, after all, no free lunch. What needs to change is that trade-off.

When can we expect a final decision?

It depends on what happens in Congress. Politicians on both sides of the aisle are becoming much more interested in the issue of web privacy – when Facebook changed its privacy rules, a great deal of heat came down on Washington. So Congress knows there is a privacy problem and that could drive the process faster. What would help is the FTC coming up with something that would be easy for Congress to pass. That’s a tricky proposition so we won’t be seeing anything in 2010 for sure. 2011 is a good possibility, but the FTC is still talking about it, as will Congress. So don’t hold your breath.

Another potential driver is the mainstream media. If they start to get the word out, that would increase public awareness – which is critical for “Do Not Track” – and that would put additional pressure on politicians to act.

Final thoughts?

The key to successfully implementing a “Do Not Track” list is thorough education. I think the big Internet companies already know what’s at stake – but the public doesn’t. Consumers need to know that the Internet, despite the conventional wisdom, isn’t free. So if they “opt out” of banner ads and other web marketing messages, they may find that using the Internet really does have a price tag attached to it. And it could be a substantial one.

Many thanks to my colleague and fellow privacy advocate, Eduard Goodman, Chief Privacy Officer at Identity Theft 911.  Privacy awareness is the first step in protecting yourself online. To find out more about the FTC’s Do Not Track Legislation — and to get involved, visit the FTC’s website here.

Originally posted at Credit.com