Privacy Groups Aim for FTC to Help Guide Online Privacy Law

Hoping to influence impending online privacy legislation, a host of privacy and consumer advocacy groups today laid out their ideas for handling consumer data used for ad targeting and other purposes. Among their key suggestions: The Federal Trade Commission should establish a behavior tracking registry similar to the do-not-call list. The 10 organizations, including Consumers Union, Electronic Frontier Foundation, U.S. Public Interest Research Group, and The World Privacy Forum, also suggested data employed for online ad targeting should be stored for 24 hours before being destroyed, unless users specifically approve further use of their data.

In letters sent today to the chairmen and ranking members of the House Subcommittee on Communications, Technology and the Internet and House Subcommittee on Commerce, Trade and Consumer Protection, the coalition called for the FTC to create a “Behavioral Tracker Registry.”

“We think that the job really belongs with a neutral party, and the best party for that job is the Federal Trade Commission,” said World Privacy Forum Executive Director Pam Dixon during a conference call this afternoon. The privacy collective is “still working out the details” as to how such a registry might operate, but Dixon said it might have a “model similar to the do-not-call list.”

The coalition also said the FTC should define precisely what constitutes as sensitive information, and suggested the list “should include data about health, finances, ethnicity, race, sexual orientation, personal relationships and political activity.”

Dixon contended that online ad industry trade groups supporting self-regulatory approaches to protect consumers’ online privacy — mainly the Network Advertising Initiative and Interactive Advertising Bureau — have developed definitions that are “too narrow and weak to the point of being completely unworkable and ineffective.”

In the hopes of preserving behavioral ad targeting from government regulation, the ad industry itself came together recently to announce principles for behavioral advertising. Groups including the IAB, Direct Marketing Association, American Association of Advertising Agencies, Association of National Advertisers, and the Better Business Bureau unveiled guidelines in July, notably announcing they would subject their members to monitoring and public disclosure of any non-compliance with the measures.

“These [industry] principles will ensure that consumers receive enhanced notice about online behavioral advertising practices across the Internet, that they are empowered to choose not to have targeted ads delivered to them, and that their Web viewing information is protected,” IAB VP of Public Policy Mike Zaneis told ClickZ News today.

In regards to the debate over whether to require users to opt-in or opt-out of behavioral tracking and targeting, the privacy groups suggested in their letter that site publishers could be allowed to use user data for 24 hours after collection without an opt-in by the user. After 24 hours, they suggest data collectors must destroy the data if users do not approve further use.

Today’s missive also argued that new privacy legislation should disregard the industry’s common distinction between personally identifiable and non-personally identifiable information. “Individuals should be protected even if the information collected about them in behavioral tracking cannot be linked to their names, addresses, or other traditional ‘personally identifiable information,’ as long as they can be distinguished as a particular computer user based on their profile,” it stated.

The FTC indicated as much in its own revised behavioral advertising principles, released in February. The report states, “the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data.”

The privacy groups also suggested that marketers should not be able to collect consumer data through “pretexting,” stating, “a contest that seeks the collection of consumer information in exchange for the chance to win a prize is a pretext.” Of course, online lead generation by marketers — often conducted in conjunction with publishers — has long employed such methods. Lastly, the groups said consumers should have access to personal or behavioral data collected by businesses.

In the midst of healthcare reform proposals and continuing economic concerns, it is unclear how much time Congress will devote to online privacy legislation this year. However, according to Jeff Chester, executive director of coalition group Center for Digital Democracy, Congressional Members and staff requested written input from the privacy groups. When meeting with members of both aforementioned subcommittees in the spring, Chester recalled, “They made it clear they wanted to write legislation with the full participation of the consumer and public interest community…. They asked us to write this document.”

Related reading