The year 2011 could be when government cracks down on online advertising – particularly behavioral advertising – in a meaningful way. Thus far, lawmakers and regulators have merely introduced a slow-moving privacy bill and written extensive reports, centered on issues like behavioral ad targeting, consumer data tracking, data security, and children’s data privacy.
With the Federal Trade Commission recently floating its do-not-track concept, and additional legislators piling on with new privacy bill proposal plans, many signs point to passed privacy legislation coupled with increased enforcement capabilities for the FTC when it comes to penalizing violators of potential laws. Consider the coming period the final test for self-regulators as they struggle to appease authorities calling for more transparency and notice around data tracking, collection, and use online.
Here’s what went down in 2010 and what can be expected in the coming year:
Regulators Toughen Stance: The FTC and Do-not-Track
Nearly two years after then-FTC Commissioner Jon Leibowitz foretold “a day of reckoning” for online advertisers, the agency he now leads as chairman dropped a bomb on the industry in December by unveiling a proposal for a do-not-track program for online advertising. The FTC said that the industry’s self-regulatory initiative – developed in direct response to the FTC’s own behavioral advertising guidelines and kicked into higher gear after Leibowitz made his forceful statement – had been ineffective and too slow in coming to fruition.
The FTC’s answer: A do-not-track mechanism using a persistent cookie-like browser setting to notify third-party ad tracking and targeting firms that a consumer does not want to be tracked or receive targeted ads. The commission has requested that interested parties comment on the proposal by January 31, and ClickZ is helping by compiling serious comments from readers to present to the FTC. A final report taking those comments into consideration is due out sometime in 2011, according to the FTC.
There remain questions regarding the feasibility of do-not-track. And, despite clarification from the FTC regarding the types of tracking it aims to police (See ClickZ’s Q&A with the FTC’s Chief Technologist Ed Felten), do-not-track is still a nascent concept in terms of exactly what types of companies and what types of tracking it might encompass.
Meanwhile, the U.S. Department of Commerce in December released its report on commercial data privacy. The DOC’s report indicates support for voluntary self-regulatory programs. It also calls for the establishment of a new division of the department to deal solely with commercial data privacy, and pushes to ensure that privacy codes are feasible across the globe.
After years of small steps towards a government-led behavioral advertising crackdown, the three little words, “do-not-track” seem to have inspired industry execs – and not just self-regulatory leaders and ad tech firm CEOs – to finally to take notice of the government’s heightened attention to their business practices.
Privacy Law Gains Momentum
As powerful congressman poked their noses into Facebook privacy, key House subcommittees held at least three hearings to discuss online consumer data privacy issues in 2010. Perhaps the most significant hearing was one held in July to discuss a freshly introduced bill sponsored by Rep. Bobby Rush. Both privacy advocates and industry observers saw the bill as a positive step, unlike another highly anticipated draft proposal from Rep. Rick Boucher that had been floating around Capitol Hill since May. Both lawmakers had led the march towards comprehensive privacy legislation, and the introduction of an actual bill solidified the movement.
The FTC’s call for a do-not-track program – not to mention a contentious series of articles on data privacy issues from The Wall Street Journal – propelled legislators to take action or speak out on online privacy in 2010. As a House subcommittee met for the last time in early December to discuss the feasibility of a do-not-track mechanism for the Web, Senator John Kerry indicated he will propose a bill relating to online privacy. This could be the Senate counterpart to Rush’s bill.
During the hearing, Rep. Ed Markey also announced his intention to propose legislation featuring a do-not-track requirement specifically to protect children’s privacy. Markey, and his House Bi-Partisan Privacy Caucus co-chair Rep. Joe Barton, sent a letter in October to Facebook CEO Mark Zuckerberg asking his firm to respond to a series of questions regarding an alleged privacy breach reported in The Wall Street Journal.
When Facebook responded, Barton said he planned to continue pressure on companies like Facebook in 2011
Self Regulation’s Last Stand
The coalition of advertising industry trade groups set up to develop a robust self-regulatory program patterned after the FTC’s behavioral ad guidelines may not have been entirely shocked by the do-not-track proposal. However, the call for do-not-track was indeed clarion. In its report announcing the proposal, the FTC was essentially telling the coalition – officially known as the Digital Advertising Alliance – it wasn’t moving fast enough.
Yet, by that time, the alliance had already begun beta testing its ad choice program in display ads, signing on the largest digital media buying firms. Those firms have also taken an active role in supporting and implementing the self-regulatory program, symbolized by a blue icon appearing in online ads. The system works by allowing users to click the icons to learn more about how the ads are targeted and to opt-out from being targeted. One discrepancy that could emerge between the self-regulatory program and the FTC’s requirements involves the ability to opt-out all together from tracking by third-party ad and data firms, rather than opting-out from ad targeting alone.
Though legislators have taken action by holding hearings and introducing a privacy bill, and regulators have disseminated lengthy reports on the need for more consumer data usage transparency and privacy protection, the industry is ahead of government when it comes to actually developing tangible solutions. The question remains whether the alliance’s program, or browser-based methods providing more control over third-party tracking and targeting planned for Microsoft’s Internet Explorer and, reportedly, Mozilla’s Firefox, will satisfy lawmakers and regulators.
It takes two to tango, though, and without government prodding, the industry may not have come so far in its self-policing. Expect a full dance card for both in 2011.