As The Cookies Crumble

A new survey reports that popular Web sites are more cognizant of consumer privacy, share less visitor information, and have reduced their dependency on third-party browser cookies.
Web sites are collecting less information about consumers and are showing increased respect for their privacy. That's the findings of a survey released today by the Progress & Freedom Foundation, a Washington nonprofit organization. The report examined the 85 most popular U.S. Web sites (excluding sites for children, adult entertainment, and business-to-business), and a random sample of about 300 sites (each of which had at least 39,000 unique monthly visitors). The survey, based on information collected by Ernst & Young in December, intentionally echoed a May 2000 Federal Trade Commission report.

One dramatic shift was the declining use of third-party cookies. At the most popular sites, only 48% use third-party cookies, compared with 78% in the FTC report. The drop was even greater in the random-sample site group: 25% use third-party cookies now, down from 57% two years ago.

Consumers also have more control over how their information is shared. At 93% of the most popular sites, consumers choose whether their information is shared with third parties, up from 77% since the FTC study. And the consumer information that's collected is less detailed. At the most popular Web sites that collect personal information other than E-mail, the percentage dropped from 96% to 84%.

Those developments demonstrate that companies are recognizing consumers' privacy concerns; three-quarters of consumers worry that companies they patronize will provide confidential information to other companies without permission, according to a survey of 1,529 U.S. consumers conducted by Harris Interactive in November. Some of those changes are government-driven, as the FTC increasingly scrutinizes privacy issues, says Mark Schreiber, a partner at Boston law firm Palmer and Dodge, who's unsurprised by the survey results. "We've done a lot more work with companies revising privacy policies," says Schreiber, who also co-chairs his firm's privacy group.

Complicating matters, European Union data-privacy laws can have far-reaching implications for multinational U.S. businesses. Countries have different requirements for obtaining consumer consent for E-mail solicitation--consumers opt out for U.K. companies, but must opt in for Germany. Also, E.U. laws require consumers' consent to transfer their data outside of the European Union, so multinational companies that don't obtain that consent are creating customer lists with limited use. If they do flaunt authority and transfer customer information to U.S. servers without consent, it's a dangerous game of Russian roulette, Schreiber says. In addition to government fines, companies that get caught also risk a tarnished image in consumers' eyes, he says. "They don't want to have adverse publicity saying they're using solicitation information in an improper way."