Privacy advocates are gearing up for 2001, calling attention to what they see as a lapse in the government’s duty to protect user’s data.
A press conference Tuesday, led by executives of the Electronic Privacy Information Center and Junkbusters Corp, called for Congress and the Federal Trade Commission to produce an industry standard for online privacy.
Marc Rotenberg, EPIC executive director, said a standard would clear up a lot of current and future privacy issues and points to several separate privacy bills making their way across the Senate floor and the regulation practices at the FTC.
“This is one more instance where we need some framework for privacy legislation in place before some of these new services are unveiled. What we’re going to have instead, of course, is some kind of protest or advocacy campaign to stop this. We think that the better approach is to have the privacy rights established at the beginning, not the end.”
Rotenberg and Jason Catlett, president of Junkbusters, both think the bill just reintroduced Tuesday by Sen. John Edwards (D-NC), the Spyware Control and Privacy Protection Act, is a step in the right direction for user privacy. The Act would protect Internet users from companies that imbed “cookies” in its downloadable software and use the personal information for its own marketing efforts or to sell the information.
But another privacy bill making its way across the Senate floor is the one co-sponsored by Anna Eshoo (D-CA) and Chris Cannon (R-UT), the Consumer Internet Privacy Enhancement Act. Rotenberg said the bill would give too much self-regulatory power to a company in order to avoid prosecution.
The bill’s wording has advocates worried, especially in light of recent developments with network advertisers like DoubleClick.
Six months ago, the banner ad company was able to convince the FTC it would put together a self-regulatory process in motion that would allay the fears of many who considered the company a pool for personal information.
Internet users who visited a site with a DoubleClick banner advertisement on it had their personal information and surfing tendencies stored on a cookie, a file on the user’s computer that stores information that can be retrieved by DoubleClick’s Web server. As long as the information was kept anonymous, officials said, there was no privacy concern.
But then DoubleClick considered combining the anonymous information it kept on online traffic with the users name and addresses, using the database of a company it bought out in 1999, Abacus Direct, to connect the two.
It touched off a firestorm of protest, prompting the FTC to intervene. DoubleClick was eventually cleared of any wrongdoing, and lawyers for the Network Advertising Institute promised to institute an “opt out” cookie for users who didn’t want to be tracked, saying they would audit themselves through a third party.
The NAI is made up of companies like 24/7 Media, AdForce, NetGravity, Real Media and DoubleClick.
But Catlett and other advocates maintain the organizations own audit has never been published.
“In an exercise that we’ve seen many times before, the NAI put together a short regulatory proposal that said they would abide by a sort of weak set of guidelines and would have itself audited to make sure the privacy guidelines were met,” Catlett said. “The deadline for that audit fell on the weekend and it has not been posted on the networkadvertising.org site.
Advocates also decry the use of an opt out cookie, saying it defeats the purpose of privacy by placing a cookie in the user’s computer to prohibit DoubleClick cookies.