The following editorial first appeared in the San Jose Mercury News:
Privacy groups and some members of Congress are up in arms, and rightfully so, over a new study revealing that many online advertising companies continue to follow people’s Web activity, even after users believe they have opted out of tracking.
Consumers have legitimate worries about the information that’s being collected and used online. It’s time for the Internet industry to come to a collective agreement about the privacy protections it will guarantee.
Six months ago we warned that if innovators did not find a way to police online tracking, Congress would feel compelled to regulate the industry. Washington does not have a good track record when it comes to imposing rules on technology; too often it has either slowed Silicon Valley innovation or done significant damage to tech firms’ bottom line. But there is little confidence the industry will do the right thing, either.
One of the leading proponents of a “Do Not Track” law is Rep. Jackie Speier, a California Democrat who calls the notion of industry self-regulation “a joke.” And the executive director of the Center for Digital Democracy, Jeff Chester, told the San Jose Mercury News that self-regulation “is deliberately designed to not be effective. It’s designed to give the appearance of protecting privacy, while actually enabling data collection to proceed full force.”
To battle that perception, which was buoyed by last week’s report, consumer advocates and Internet companies must agree quickly on what, if any, data collection remains permissible even after a consumer opts out of tracking. The agreement should clearly bar companies from selling information about users to third parties. Both sides must acknowledge that consumers should be able to halt ads that are targeted based on the sites they surf and their demographic. And consumers should have some recourse when these rules are broken.
It’s less clear whether Web firms should be prevented from collecting data to prove to advertisers their ads have been delivered. Internet companies need the capacity to perform reasonable business functions that don’t intrude on consumer privacy.
The ultimate goal should be a one-click option for consumers that protects their privacy without the need to install complex software or read the fine print of a wordy disclosure statement.
Consumers know that Internet companies legitimately earn vast amounts of revenue from advertising and data collection. Many don’t mind sharing their information if it means they can continue to view websites for free, and they may prefer seeing ads targeted to their specific interests. This kind of agreement won’t kill the industry.
The Do Not Call registry, enacted in 2005, shows that Congress can act when consumers’ privacy is in jeopardy. The Internet industry must move quickly to assure lawmakers and the public that it is capable of responding to these legitimate consumer concerns.