Internet Privacy Laws: New Privacy Legislation and the "Do Not Track" List

Internet Privacy - "Do not track" list - privacy legislation
Ecommerce and Personalization

Ecommerce personalizes the shopping experience, blurring the boundaries between marketing and sales in ways the marketplace has never seen before.
Log back on to the website where you bought that widget just two weeks ago. Chances are the site greets you by name (Welcome back ...). It may offer you a list of recommendations (Customers who like green widgets also enjoy red gizmos). You may also find an electronic shopping cart with a purple thingamajig you were contemplating buying left over from your previous visit. When your best friend logs on to the site, he or she will see the same set of features populated with different content.
These features are examples of personalized content, expressly targeted at you. The web page you're looking at has been dynamically generated based upon your preferences. Some of the time, you've been queried directly about your preferences - but much of the time your preferences have been inferred from information the website gathers as it tracks your clickstream behavior through its pages, noting where, when and how you click on hyperlinks. These behavioral data points are then analyzed with sophisticated statistical programs to tease out associations.

Cookies and Surveillance Technologies

The technology through which personalized content is created and served up deploys "cookies" - also called "marketing cookies," "web cookies," "browser cookies," or "HTTP cookies:" tiny text files the website embeds in your browser. The browser sends the text file back to the website's server each time you access the site. Cookies have a wide variety of uses: among other things, they can contain userid and password information for authentication, they can identify the actions, proclivities, and habits of site users as preferences, and they can save shopping cart contents.

Cookies are not the only surveillance technology being used to monitor consumer behavior on the Internet. More sophisticated objects called web beacons are embedded in HTML pages as tiny images; each time the page is accessed by a user, a request is sent to the server on which the image is stored allowing the server to monitor accesses to the web page. Web beacons can be used to track user interests in a very sophisticated manner as they follow users to sites where users post comments on movies, say, or political preferences. Web beacon and other web bug technologies have been used by Microsoft, Barnes and Noble, FedEx, Yahoo! and Quicken among other companies; indeed a recent Wall Street Journal found the use of these technologies to be commonplace among the nation's top 50 websites, which installed on average 64 web bugs onto visitors' computers without disclosing the practice.

"Do Not Track" Registry

In 2007 nine nonprofits including the Center for Democracy and Technology, the Consumer Federation of America and the World Privacy Forum submitted a proposal to the Federal Trade Commission (FTC), the federal agency charged with regulating ecommerce, that would create a "Do Not Track" registry modeled after the popular "Do Not Call" list also maintained by the FTC. When consumers who did not want to receive telephone calls from telemarketers had their names put on the list, telemarketers were barred from contacting them. The "Do Not Track" list would work similarly. The proposal was not followed up on.

In recent months, the idea of a "Do Not Track" registry has begun generating traction once again. In July 2010, FTC chairman Jon Leibowitz told a Senate panel that the agency was actively exploring ways to implement the registry. Meanwhile, legislation called the Boucher-Sterns bill has also been introduced in the House of Representatives, a Privacy Law that would compel companies to disclose the purposes to which they put the user data they collect and to obtain those users' express consent before sharing that information with third parties. Oversight and enforcement of the new law would fall to the FCC.

Why the Boucher-Sterns Bill and the "Do Not Track" Registry Are Bad Ideas for Businesses

If you operate a business with an Internet component, both the Boucher-Sterns bill and the "Do Not Track" registry may represent major challenges to your best business practices. Consult with an Internet Privacy Lawyer or an Internet Lawyer specializing in consumer practices to learn more about how what these policies may impact your company.

Proponents of the Boucher-Sterns bill and the "Do Not Track" registry claim these privacy policies would provide a tighter protection of users' online privacy rights. But would they really? Here are two compelling reasons why they may not.

Users Already Have Access To Privacy Tools

The expense involved in implementing the "Do Not Track" registry and provisions of the Boucher-Sterns bill would be enormous - and unnecessary given the fact that users already have access to privacy protections through the software they use to browse the Internet

The most recent versions of all major browsers allow users to decide whether or not to accept cookies in the first place, and if they accept cookies, for what length of time. Additionally, the most recent versions of both Firefox and Google's Chrome browser contain plugins that allow users to opt out of other tracking technologies - and other browsers will no doubt follow suit. Users with privacy concerns would be well advised to make use of existing technologies and use common sense in sharing information online.

Advertising Underwrites "Free" Internet Content

While privacy concerns are very real issues, it must be kept in mind that the vast majority of Internet users enjoy the personalization features that cookie technology makes possible - it's one of the reasons why ecommerce is growing exponentially.

Both the Boucher-Sterns bill and the "Do Not Track" registry have the potential to shrink the audience for online advertising which means that websites will have to scramble for other revenue sources. The only other business model for monetizing websites that's been developed so far involves charging users for access to content. Advertising revenues are what allow popular social networking sites like Facebook and Twitter to offer their services for free; with a smaller advertising base, such sites might have to start charging membership fees.

User information is essentially anonymous data: it cannot be used to identify any one user personally. Instead, the data is used to target online advertising more efficiently - and online advertising is what pays for the wide variety of online content and services that Internet users are accustomed to getting for free. But of course, nothing is ever free. One way, then, to conceptualize user data might to think of it as a type of currency: users are not paying in cash to access their favorite websites, they're paying in data.
Internet Attorney