The Federal Trade Commission has weighed in on the online privacy debate with a new set of recommendations concerning how marketers can track consumer behavior on the Web. But the agency’s guidelines have privacy advocacy groups disappointed — as well as some of the FTC’s own commissioners.
The 55-page report (PDF here) aims to lay out some best practices for online advertisers, who can track surfers to target their ads more effectively. According to the FTC, it’s based on comments the agency received from tech companies, industry associations, interest groups and others.
In the report, the FTC maintains its longstanding self-regulatory approach, where companies are asked — but not ordered — to enact meaningful privacy safeguards for online advertising. In some areas, it softened the guidelines to allow advertisers more freedom to use technologies such as tracking cookies.
That has some privacy advocates worried.
“The time for baby steps to protect online privacy has long passed,” Jeff Chester, executive director of the Center for Digital Democracy (CDD), told reporters during a conference call yesterday. Chester said his group plans to ramp up its calls for Congress to enact legislation that would impose specific limitations on behavioral targeting.
With the report, the FTC is aiming to maintain an important balancing act: advertising subsidizes content and services on the Web, and more and better data enable marketers to target users more effectively, which in turn keeps the ad dollars flowing.
But the effort comes on the heels of some high-profile deals — and controversies — in the realm of online advertising that some critics say have helped to erode consumer privacy. In the time since the FTC last examined online privacy, new targeting technologies have appeared that, to some, have given the issue renewed urgency.
One of the most high-profile cases concerned a company called NebuAd, which aimed to bring ISPs into the advertising revenue stream by intercepting people’s Web browsing activities to serve relevant ads.
The FTC has also been taking a closer look at mobile advertising, as consumers are increasingly using smartphones to browse the Web on the go. Chester’s group, along with other consumer advocates, pushed the agency to explore whether new rules on mobile advertising and tracking of mobile online activity are needed to protect consumers.
The agency’s new report also revisits its consideration of the privacy concerns associated with behavioral targeting in late 2007. The FTC was then reviewing Google’s acquisition of advertising giant DoubleClick, which it ultimately approved over the vigorous objections of privacy advocates.
The same day the agency cleared the buyout, it issued a set of self-regulatory guidelines — overarching principles staked around broad themes like transparency and consumer consent, which it hoped companies would adhere to rather than the firmer regulations groups like the CDD were calling for.
Some major tech companies in the thick of the online-privacy debate, including Microsoft and Google, have already called for a baseline federal privacy law that would apply to all industries, online and off. But Chester and others warned that such a law would be “watered down” without explicit privacy provisions for online marketers.
Concern over self-regulation
The most substantive change to the FTC’s self-regulatory principles revised the definition of behavioral advertising. The new report excludes activity on “first-party” sites when that information is not share with an outside firm. That would mean that data collected from a person’s activities on AOL’s sites, for instance, would not be considered behavioral ad targeting if it were not shared with any of AOL’s advertising partners.
It also excluded contextual advertising, where an ad is served up based on a single search query or site visit, from its definition of behavioral advertising.
But for some, the report fell short on a more fundamental level.
“My disappointment in the FTC’s approach here is that there wasn’t more specific renegotiation of the overall model of self-regulation,” said Pam Dixon, executive director of the World Privacy Forum.
The FTC has advocated the self-regulatory approach as a way to hold companies to a uniform standard without enacting burdensome requirements that could choke off innovation in a fast-moving industry.
While the FTC issued the report with the unanimous approval of its four commissioners, two members issued opinions criticizing portions of its findings and the actions of some advertisers.
“Industry needs to do a better job of meaningful, rigorous self-regulation or it will certainly invite legislation by Congress and a more regulatory approach by our commission,” said Commissioner Jon Leibowitz. “Put simply, this could be the last clear chance to show that self-regulation can — and will — effectively protect consumers’ privacy in a dynamic online marketplace.”
Another commissioner, Pamela Jones Harbour, took aim at the report for taking too narrow a focus on the privacy issue.
“Threats to consumer privacy abound — both online and offline — and behavioral advertising represents just one aspect of a multifaceted privacy conundrum surrounding data collection and use,” Harbour said. “I would prefer that the commission take a more comprehensive approach to privacy, and evaluate behavioral advertising within that broader context.”
In response to the report, four major advertisers’ associations announced a joint task force to develop a cohesive self-regulatory framework throughout the industry. The effort includes the American Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association and the Interactive Advertising Bureau, who are working in concert with the Council of Better Business Bureaus.