July 17, 2000
The Politics Of Privacy Protection
Momentum for online privacy regulation is building--and odds are good that the government will step in
|And from our sister publications:|
Send Us Your Feedback
The FTC's action comes at a time when consumers are beginning to worry that online privacy policies--to paraphrase Sam Goldwyn's famous line about verbal contracts--aren't worth the paper they're printed on. In an election year, as politicians sense there are votes to be gained by promising to protect intimate details from online marketers, that may translate into federal action. It may help explain why there are 300 Internet privacy bills floating around Congress, with more expected. Also, a string of hacker attacks and database glitches has raised awareness of just how vulnerable the Internet is. Suddenly, the odds seem good that politicians--both here and overseas--will impose privacy controls on the Internet industry rather than let the industry regulate itself.
July has been a bad month for those who argue for industry self-regulation. Along with Toysmart.com, two other failing Internet companies--Boo.com and CraftShop.com--were discovered trying to sell private customer information such as phone and credit-card numbers, home addresses, and even data on shopping habits. That news prompted Rep. Spencer Bachus, R-Ala., to say he'll introduce legislation that would make it illegal to sell such data to third parties during a bankruptcy. At the same time, an ongoing class-action lawsuit against DoubleClick Inc., aimed at forcing the online advertising company to stop using Web bugs--a widely used and nearly invisible way to track Web surfers--and to let people see and correct the information about them, kept the privacy issue in the forefront. Even America Online came under fire; the online service is the target of a class-action suit that accuses its Netscape subsidiary of using a software program to secretly track downloads of .exe and .zip files. "Netscape is using SmartDownload to eavesdrop," the complaint says.
All these instances are more evidence that in the United States, when it comes to collecting and using customer data, the rule has mostly been: Anything goes. For instance, motor vehicle departments in some states sell drivers' personal data and pictures to businesses. "The default rule in the United States is that when people collect data, except in certain narrow categories, they can use it any way they want," says Maureen Dorney, a partner specializing in intellectual property and technology at the Palo Alto, Calif., law firm Gray Cary Ware & Freidenrich.
The Internet has upped the ante. The flow of data over the Web has made collecting customer information easier and cheaper, and businesses are getting more aggressive about gathering data as market competition gets stiffer and profit margins shrink. Companies analyze clickstreams to measure every move a customer makes, matching that information with sales data and demographics and ultimately pooling terabytes of information into massive data warehouses. Then they use this information to target marketing programs, content, and sales pitches. They share the data with partners; some companies even make money by selling off chunks to others.
Such activities have turned online privacy into an explosive issue, one that many companies may be underestimating. "There are a lot of heads in the sand," says Gary Clayton, founder and CEO of the Privacy Council, a Dallas company created to help businesses improve privacy practices. "Data flows through a company like water flows through pipes. I don't think businesses have really thought about how they manage this data, how it flows throughout the company. They haven't answered the questions: How do you get it, how do you use it, and who has rights to it?"
Other areas of the world that are more strict about the use of customer data are well aware of those limitations. Earlier this month, the European Parliament voted down the so-called "Safe Harbor Agreement," which would have allowed the export of electronic data on European citizens to the United States. The European Union's 1998 Data Protection Directive requires that European consumers be allowed to access and correct their data and specifically agree to sharing it with others. It also forbids the transfer of data on European citizens to countries that don't meet these standards. The Safe Harbor Agreement, announced May 30 after two years of negotiations with the U.S. Department of Commerce, says U.S. companies that agree to comply with voluntary guidelines would gain "safe harbor" from prosecution for importing data on European consumers. The agreement calls on the Commerce Department to keep a list of safe harbor-eligible companies, the FTC to review complaints, and the Department of Transportation and the FTC to police E-commerce Web sites and brick-and-mortar companies for violations.
The compromise agreement was expected to pass the European Parliament with little opposition until the Committee on Citizens' Freedoms and Rights, Justice, and Home Affairs issued a report in June questioning the FTC's enforcement abilities as "purely discretionary and in practice exercised only occasionally." Instead, the report called for an independent enforcement body like the one in the EU and asked that a provision be included to provide financial compensation to European citizens whose rights were violated.
The Internet privacy debate isn't new, but this year has seen some dramatic developments. In February, DoubleClick faced an organized protest from the Center for Democracy and Technology, which said the online marketing giant was using its relationships with other Internet companies to track the online activities of individuals and then tie them to those individuals' offline activities. That led to an FTC inquiry of DoubleClick's practices. At the same time, DoubleClick admitted it was a defendant in several class-action lawsuits. Also in February, Amazon.com Inc. disclosed that it and its Alexa Internet software subsidiary were facing two privacy-invasion lawsuits and an FTC inquiry.
Illustration by Jay Parnell
- BYOD into the Cloud: The Next Phase of Enterprise Mobility -
- Digital Disruption - E2 Conference Boston
- The Language of UX: Beyond Buzzwords -
- Get practical strategies to build a solid plan for profitability and success - Mobile Commerce World - Mobile Commerce World
- The E2 Social Business Leaders - E2 Conference Boston - E2 Conference Boston
- The Critical Importance of High Performance Data Integration for Big Data Analytics
- Mobile DevOps: Achieving continuous delivery with multiple front ends and complex backends in Banking, Financial Services, and Insurance
- Why is Information Governance So Important for Modern Analytics?
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Cloud Security: It’s Not Just for IT Anymore
This Week's Issue
Free Print SubscriptionSubscribe
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue