WASHINGTON — Top attorneys for Microsoft and Google today reiterated their companies’ support for tougher government rules to protect consumer privacy. But when it comes to the details, some watchdog groups say they are concerned that Web firms will continue to fight against specific provisions that would limit the ways they can collect and use people’s information to serve more targeted ads.
Today’s panel discussion, held here at the Computers, Freedom and Privacy conference, revisited a longstanding policy debate over the government’s role in online privacy. The talk ran along some familiar plotlines, with Jeff Chester of the Center for Digital Democracy thundering about the detailed personal profiles being assembled by advertising companies who are using neuroscience to manipulate consumer behavior, while industry representatives assured the audience that their data-collection practices are benign, not to mention essential to providing free content and services on the Internet.
But this wasn’t just an idle debate. Rep. Rick Boucher, the Virginia Democrat who chairs a House subcommittee on the Internet, is developing legislation that could seek to impose sweeping restrictions on behavioral targeting. A few blocks up Pennsylvania Avenue at the Federal Trade Commission, the principal regulatory agency with authority over online advertising, newly minted Chairman Jon Leibowitz has spoken often about the need for industry to get serious about privacy.
“The FTC’s central concern here is transparency, consumer control,” said Jessica Rich, assistant director of the agency’s privacy and identity protection division. “We don’t think consumers really know what’s happening with their data.”
As a general practice, the industry has promoted consumer education and self-regulation for online advertising. But Mike Hintze, Microsoft’s associate general counsel, admitted that Web sites could do more to clarify how they collect consumer data, and create a more streamlined path for opting out of behavioral targeting across the Internet.
“It’s difficult today for people to understand what’s going on and how they can opt out,” he said. “Absolutely we all need to do more around consumer education.”
The Network Advertising Initiative, a coalition of more than two dozen ad networks, has made some progress toward that goal. The NAI’s home page features a prominent button that lets users opt out of data collection across the participating ad networks.
But online advertising remains a largely unregulated arena, and the top Web firms have warmed up to the idea of a baseline privacy law that would set some parameters regarding data collection.
“Self-regulation has a very important role,” Hintze said. “We’ve also been very supportive of federal privacy legislation.”
He added, “We think self-regulation and legislation can work well together.”
Google’s Jane Horvath was quick to agree. “We do support an omnibus privacy statute,” she said, adding that the type of legislation Google envisions would apply to all advertising media, not just the Internet.
And like all battles on the Hill, the devil will be in the details.
“I’m happy to hear that my industry colleagues agree that regulation is important,” said Amina Fazullah, a staff attorney with U.S. PIRG. “I have a feeling that they probably don’t agree with me on how strong that legislation should be.”
One of the core issues will surface in that debate will concern whether consumers should be expected to opt out of data-collection practices, or if advertisers should be required to obtain explicit opt-in consent to collect information about users’ browsing habits.
Boucher and Leibowitz have both expressed support for the opt-in model that privacy advocates have long championed.
But Web firms argue that moving to opt-in consent could be a severe drain on the Internet economy.
“Targeted ads are orders of magnitude more effective and therefore bring in more revenue,” Hintze said. He said Microsoft estimates that targeted ads yield anywhere from four times to 10 times the revenue as their non-targeted counterparts.
When it comes to online advertising, Hintze said there is one small but vocal group of Web users that is highly concerned with privacy issues, and another that is enthusiastic about tailored ads. In between the two extremes, there is a vast majority of Web users who are generally apathetic about the issue and don’t tinker with their privacy settings. The move to an opt-in regime would exclude those users from all types of behavioral targeting, even though most of them wouldn’t likely object to it.
Codifying a definition of “opt-in” in a privacy bill will certainly be a contentious issue. One of the most contentious issues on the privacy front involves a technology called deep-packet inspection (DPI), which some ISPs have been tinkering with to serve ads by examining the contents of the traffic passing on their networks.
Boucher and other representatives have expressed concern about the practice, which has been only rarely used in the United States. At the same time, Hintze noted that the opt-in stipulation wouldn’t necessarily preclude DPI if ISPs included it in the terms of service users agree to when they subscribe.
“The ISPs have taken the position that that’s an opt-in model,” he said.