Online advertisers, responding to charges leveled by privacy advocates this week, Thursday unveiled its guidelines for collecting personal information from Internet users.
The Network Advertising Institute, made up of advertisers like DoubleClick, 24/7 Media, Adforce and Engage, sent the contents of its controversial “opt-out” Web site to regulators at the Federal Trade Commission Thursday afternoon for approval.
The Web site is part of the organization’s NAI Self-Regulatory Principles Compliance Program and under the auditing purview of accounting firm Arthur Andersen, LLP.
The organization came under fire this week after missing a self-imposed Jan. 30 deadline that spelled out its self-governance program, audited by a third party.
The Web site will be online as soon as it is signed off by the FTC, said Jeff Connaughton, a spokesperson for the NAI, which he expects should be sometime in February.
A sticking point with privacy advocates is the opt-out nature of the information-harvesting program itself.
Consumers who do not want their information collected can go to the pending Web site and have a cookie file placed in their computer, which tells NAI member ad serving programs not to collect the information from that user.
But a cookie designed to block out cookies is self-defeating, since it requires that cookie in everyone’s computer, privacy advocates maintain. Many people concerned about privacy routinely delete cookies from thier machines, because cookies are usually used for tracking.
It’s a duplicated effort, said Andrew Shen from the Electronic Privacy Information Center, a privacy advocate organization that has been following the NAI’s efforts.
“The guidelines notably permit companies to merge personally identifiable information (PII) with non-PII on a going-forward basis under an opt-out, thus recreating the situation that created controversy in the first place,” Shen said. “Many consumers will submit personal information and will have insufficient awareness or control of whether it will be merged with profile data.”
Connaughton believes the double-security protection steps companies like DoubleClick will take are more than enough to give consumers a chance to avoid giving out personal information.
“If you’re going to merge PII with what we call previously collected, non-PII, if there was any previously collected information that was going to be merged at that time, the Principles require that you first get affirmative, or opt-in, consent from the user.”
The opt-in requirements comes, Connaughton said, from NAI’s talks with the FTC last year, after privacy groups raised fears of online advertisers collecting personal, as well as anonymous, demographic information.
The FTC later cleared the companies of any wrongdoing, with the NAI promising member companies would regulate themselves to protect consumer information.
The NAI said until the Web site goes live next month, companies like DoubleClick will continue collecting anonymous information without the opt-in or -out features. When the site is up, Connaughton said, members are then contractually obligated to abide by the terms of the self-regulatory principles.
Although the NAI companies would prefer only industry self regulation, the FTC in May, 2000, recommended to Congress that it enact legislation protecting online privacy rights.