SAN MATEO, Calif. — While concerns about Internet privacy grab headlines, not everyone is bothered, or even aware, of how their online activities are being tracked.
“On one extreme, there are Web cams in bedrooms, and the other extreme are people who won’t wear a nametag at a conference,” said Anne Toth, Yahoo’s chief privacy officer. “Most people are in the middle. What’s interesting is that consumers need to better understand how [privacy options] operate and where they can exercise their choices.”
Toth spoke at a consumer privacy panel here yesterday at the Tech Policy Summit. In general terms, she said “clear notice and robust choice is the right standard” for consumer privacy.
But others in the audience and on the panel took issue with whether things like opt-in choices to receive information from e-tailers provide enough information or easily convey to consumers what they’re agreeing to.
“Consent is a trap,” said Chris Hoofnagle, Director of Information Privacy Programs at the Berkeley Center for Law & Technology. “It’s more than notices and opt-in and opt-out,” he said, adding that details like how a consumer’s information might be used isn’t always made clear, nor how long it might be kept.
“Do these things protect consumers? I’m not so sure,” he said. “It’s got to the point that the medium itself is poisoned and consumers feel unsure about being tracked online.”
Hoofnagle said advertisers’ thirst for ever more personal information about consumers is misplaced, though that hasn’t stopped them from looking for ways to glean increasing amounts of data.
“It never seems to be enough and I’m not sure there is a magic sweet spot of enough information,” he said. “Even if they had all your information, I think we’ll find that the deeper you go the less you get out of it.”
He also said consumers aren’t necessarily gaining much by opting out, since, for instance, online ad networks have to know who a user is to avoid collecting information on them.
“You can decline that, but you still get tracked, so you’re really getting the worst of both worlds,” he said. “You’re still tracked and you’re not getting the ads,” which he added may have some relevance.
Tracking online behavior
Another point of controversy is the log files that search engines like Google (NASDAQ: GOOG) and Yahoo (NASDAQ: YHOO) retain that track data like users’ search terms and where they go on the Web. The data is typically used in aggregate to help Web companies spot trends, better target ads and relevant content. But they have been used in rare instances to help authorities track individuals suspected of criminal behavior, and according to critics, pose a potential threat to privacy.
Under pressure from privacy advocates and regulators in Europe the past year, however, both Yahoo and Google reduced the time they keep individual identifiable log files. In September, Google dropped its retention time from 18 to 9 months. During yesterday’s conference, Toth touted the fact Yahoo’s retention time is now only 90 days.
Yet some in Congress are pushing for legislation that would require companies to keep these logs available to law officials for at least two years to help track online predators.
Progress has been much clearer on other fronts. Fran Maier, CEO of TRUSTe, reminded the audience that a few years ago, pop-up ads, spy and adware were much more serious issues and a nuisance to consumers than they are today.
“The FTC had hearings and we worked with Yahoo and others,” Maier said. “The worse behaviors of pop-up ads and others to deliver malicious software … those business models have pretty much gone away.”
“If you really take advantage of user trust, that will not be a sustainable business model,” she added. “There are good-faith efforts by advertisers to do the right thing.”
Panelists also kicked around the issue of behavioral targeting, in which a user receives ads based on the Web sites they visit or the content they click on. Maier said TRUSTe isn’t getting a lot of complaints related to behavioral targeting at mainstream Web sites.
“But we get tons about social networks,” she added. “For example, someone pretends to be me and puts up a profile — that happens a lot. In other cases, they scrape information from your profile and some companies use that in ways they are not supposed to.”
“People don’t necessarily know how much that’s happening either,” she warned.