No Easy Answers For Data Privacy - Page 2

Page 2 of 2

Marc Rotenberg, executive director of the Electronic Privacy Information Center, offered the famous example of Ralph Nader's crusade to enact laws requiring automakers to include seat belts in cars in the 1960s. Testifying before Congress, one automobile executive said he had become accustomed to reaching out his right arm to brace the passenger when he sensed he might be headed for an accident, Rotenberg said, recounting Nader's description. Other attendees of that hearing nodded in agreement as the executive demonstrated the motion, and concurred when asked by the legislators if they were using similar education methods to protect their families on the road.

"I think we're having a similar discussion this morning," Rotenberg said. "I think we do not yet understand the responsibility that properly falls on America business when it collects and uses personal information about American consumers."

The Web companies, as they roll out new educational campaigns, are acknowledging that the old model of a privacy policy is not an effective way to inform all consumers about how their data are being used. In its FTC filing, AOL said that different people have different levels of interest in what companies are doing with the data they collect. In that sense, a detailed, highly technical policy is useful for some consumers, while for others, a superficial understanding of cookies and IP addresses is enough.

But those companies get it from both sides. To the critics, campaigns like AOL's penguin are reductive, sweeping aside a serious issue with cute animation and brash oversimplifications.

Then the privacy policies fall short, too, on the count of false advertising. Joe Turow, a communication professor at the Annenberg School at the University of Pennsylvania who moderated the panel, offered data from several studies he has participated in that found that a majority of people believe that a privacy policy means that companies don't share the consumer data they collect.

Creating a false sense of protection gets into a murky legal territory, said Peter Swire, a law professor at Ohio State University.

"We know in consumer protection law that when people advertise 'free' that that's a big deal and there needs to be care around that," Swire said. "What Joe's study showed is that the term 'privacy policy' is a lot like the word 'free.' To people it means that you're promising privacy, and if that's what consumers are seeing -- [even if] that's not necessarily what some of the privacy policies are saying -- that's a big deal going forward for industry to address. That response from industry hasn't happened yet."

For all the aspersions of consumer deception and legal ambiguity, there still remains the fact that targeted ads are good for business. Then, too, most people prefer to see relevant ads over what some describe as "ad spam."

For those who are adamant about keeping themselves invisible to the data aggregators, the technical solutions are still imperfect. The Network Advertising Initiative, a consortium of ad companies that includes AOL's Tacoda and Google's DoubleClick, offers on its Web site a one-click opt-out to avoid having advertising cookies placed from Web sites in the participating networks. The only problem is that to opt out of cookies requires a cookie to be placed on the user's computer. Then, antispyware software that regularly clears cookies, as many users manually do themselves, will clear away the opt-out cookie with all the others.

Polonetsky said that engineers at Tacoda had developed a technical work around using a computer's cache to remember a user's privacy preferences without relying on a cookie, and that AOL was trying to convince Microsoft to include the feature in its Internet Explorer browser.

In the meantime, Rotenberg worries that the bargain of offering a limited amount of data in exchange for free Web content and services -- an easy sell for many consumers -- is leading down a slipper slope. As the business model of the traditional entertainment company collapses under the weight of free online content, "the money will reside with companies like Google and Yahoo that are sitting on all this valuable consumer data," Rotenberg predicted.

"And it won't just be used for advertising. It will be used for employment determination and insurance determination and any other interest that business will express for the production of this data," he said. "People are going to look back and they're going to say, 'My goodness, how were they allowed to acquire all this information?' and 'Why weren't there any laws in place?' and 'Why didn't consumer know what they were giving up?' And it's going to be because we all went through this period of consumer education."

Where education has fallen short, one of the academic panelists argued, is in the generalized assumptions it makes about people's understanding of the basic workings of the Internet. Ezter Hargittai, a professor at Northwestern University who has spent a decade studying online user skill, said that while young people tend to have a stronger proficiency in navigating applications on the Web, their understanding of the processes at work under the surface is comparatively poor. Nevertheless, many teachers are reluctant to offer media instructions for the assumption that their students know more about the subject than they do.

Further, the people who make privacy policies and study privacy issues -- the technical elite -- tend to project onto others what they know, which Hargittai said leads to an inflated expectation of user skill level and understanding.

"Can privacy education help consumers?" Hargittai asked, indulging in a rhetorical exercise that captured the spirit of the panel. "We better hope so, but it's not clear if it can. We are going to need to put a lot of effort into it, because we don't have any solutions for it yet."