Should governments do more to protect online privacy?
The Economist magazine is hosting an online debate on whether governments should do more to protect online privacy. The series can be found here. Marc Rotenberg, President and Executive Director of Electronic Privacy Information Center (EPIC) is squaring off against Jim Harper, Director of Information Policy Studies at the Cato Institute. Today, Jules Polonetsky, Co-Chair and Director of the Future of Privacy Forum (the privacy think tank that I founded and co-chair with Jules) made this contribution to the debate:
The struggle over business use of our personal digital data has now been raging for decades. Each new technological advance has kicked off a frenzy of new concerns about the risks created by new types of data collection and use. Cookies, behavioural ads, RFID tags, social networks and mobile geolocation are ubiquitous and essential to many consumer products and business models. Yet many data regulators and policymakers around the world maintain that the common ways they are used violate current privacy laws. Others are pressing for new laws to constrain the collection and use practices that are in question.
American data and tech companies are focused on new bills proposed in Congress, as the latest battle in the long inside-the-Beltway privacy war continues. Washington insiders have been following the manoeuvring between competing privacy proposals on the House side and are awaiting an impending report from the Federal Trade Commission that could indicate whether the agency has decided to call for legislation. All year long, businesses have struggled to defend revenue models like behavioural advertising that are primarily based on using the history of users' web activity to show them ads. For nearly a decade, kicked off by DoubleClick's plans to link catalogue purchases to online web-surfing profiles, these practices and related data uses have been the subject of withering criticism from advocates, regulators and often the media. Recent privacy missteps such as Google's collection of personal data through its Street View software and the flap over Facebook's privacy changes have put privacy issues under an even more intense spotlight.
In Europe, companies are considering the impact of the updated Telecoms Directive, which calls for express consent before a user is served a cookie. In addition, a new consensus opinion from the European privacy regulators has declared that behavioural advertising relies on personal information and thus must also require a level of express consent that users do not get today.
The industry claim is that the use of online marketing data supports free content and provides users with a more relevant online experience. Privacy advocates and regulators insist that such data use should be barred unless users expressly opt in to targeting or tracking. The brickbats continue to fly.
How can businesses turn the corner in this struggle? Adopting the restrictive data-use perspective would end the ad-supported free web-publishing model as it exists today. Fully locking down Facebook privacy settings would put an end to the unexpected but invaluable social opportunities that continue to spring up. But accepting the status quo where users are uneasy about behavioural targeting or uncertain about their social media settings is also not an option.
The debate may soon be cut short by the advance of technical solutions that give users more insight and control over online data use. Venture capitalists have taken note of the increased consumer interest in online privacy and have started funding companies offering privacy tools like Abine, Ghostery and TRUSTe. Datran Media has created a tool that can be used by users to centrally manage opt-out preferences and profiles across many ad networks. And although the browser companies have long offered cookie-handling options, Microsoft's Internet Explorer's new InPrivate Filtering setting will now blacklist any interaction between a user and potential tracking sites. This feature is currently off by default, but will privacy competition with Chrome and Firefox lead to it being more widely promoted in future IE versions? And will Chrome or Firefox up the ante?
What are businesses to do?
Solving the privacy dilemma online may be as simple as companies just acknowledging the truth, telling users more directly that "we are here to help connect you to other people and to help sell you things you may like". Today, most users do not find their online experience noticeably enhanced by the passive tracking that is widespread across websites. But they do value the personalisation provided by the likes of Netflix and Amazon. The difference is that these companies have made data use and personalisation a key part of the consumer experience. By shouting from the home page "we are using your information to help you find things you may want to buy", businesses may find that they solve privacy concerns while meeting business needs.
The use of ad labels and icons, such as the one that the Future of Privacy Forum has consumer tested and leading industry groups have adopted, is a serious step in this direction.
If businesses do not provide users with the transparency and control they want, users may not wait for new laws. They may simply take advantage of the tools that are increasingly available to just take control themselves.
