A couple of years ago the FTC proposed a “Do Not Track” button. Recently, the Administration got a couple of very big Internet companies to agree to implement it. The idea is really simple: add an easy way for consumers to opt out of web tracking systems. In practice, it’s a little less simple … open your browser preferences, select the privacy tab and look for a checkbox that says something like: “Tell websites I do not want to be tracked.”
Having done so, a reasonable person might assume that they were now free to browse the world wide web without leaving a trail of breadcrumbs for web profilers, unsavory advertisers and custom content providers. Not exactly.
As is often said, “The road to hell is paved with good intentions.” According to the Wall Street Journal, “The new do-not-track button isn’t going to stop all Web tracking. The companies have agreed to stop using the data about people’s Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as ‘market research’ and ‘product development’ and can still be obtained by law enforcement officers.” Seriously?
First, let’s look at the Administration’s framework for The Consumer Privacy Bill of Rights:
- Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
- Transparency: Consumers have a right to easily understandable information about privacy and security practices.
- Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security: Consumers have a right to secure and responsible handling of personal data.
- Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.
- Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
At first glance, some of these ideas such as Individual Control, Transparency, and Security are good. Others such as Respect for Context, Focused Collection sound good, but will be very, very hard to reduce to practice.
Does the United States need a Consumer Privacy Bill of Rights? Absolutely! We need to figure out how to govern our budding digital democracy. Is this the right way to approach it? Probably not.
FTC Commissioner J. Thomas Rosch has posted a .pdf you should read entitled, THE DISSENT: WHY ONE FTC COMMISSIONER THINKS DO NOT TRACK IS OFF-TRACK Rosch: Concepts to Guard Online Privacy Have not Been Properly Vetted – here are some of the relevant paragraphs:
First, there are a number of consequences if a consumer adopts a do-not-track mechanism. To begin with, a consumer may sacrifice being served relevant advertising. On a related note, there is academic research suggesting that in order to compensate for the loss of the ability to track consumer behavior and the associated ability to serve relevant advertising, advertisers may need to turn to advertising that is more “obtrusive” in order to attract consumers’ attention.
Consumers may also lose the free content they have taken for granted. Not only could consumers potentially lose access to free content on specific websites, I fear that the aggregate effect of widespread adoption by consumers of overly broad do-not-track mechanisms might be the reduction of free content, free applications and innovation across the entire Internet economy. Beyond that, consumers may forgo the reported ability to earn commissions from “selling” the right to track their behavior or allow the use of their personal information.
I also wonder whether an overly broad do-not-track mechanism would deprive consumers of some beneficial tracking, such as tracking performed to prevent fraud, to avoid being served the same advertising, or to conduct analytics that foster innovation. Concerns have been raised that do-not-track mechanisms also may have the unintended consequence of blocking tailored content, in addition to advertising.
Commissioner Rosch is spot on. Sadly, he’s not getting much traction with his reasoned approach to the issue. Our elected officials see privacy as the “gift that keeps on giving.” You can scare the hell out of people, then launch a campaign focusing on shutting down the evil Internet people. It’s truly the perfect issue for those who prey on the fearful.
What can we do? First, contact your elected officials. We live in a republic. Our elected officials speak for us and make our laws. They need to understand how you feel about privacy. What do you want? Tell them.
What if you don’t know what you want? Admitting that takes courage and, by the way, it is the right answer. This is new territory. We have never been here before. It is impossible to imagine all of the things people will do with data in the age of Big Data, but knee-jerk political reactions and fear mongering is not a reasonable course of action. Like so many things in our modern world, this very important issue cannot be solved with sound bite politics. Privacy, data collection and what data can and should be used for is “the” issue of the Information Age. It would be great if we could all give it the respect it deserves and start a Socratic, earnest, serious dialog. Information is the currency of the Information Age, we should treat it that way.