Consumers fed up with having their online activities surreptitiously tracked, recorded and profiled by online marketers and advertising networks have a new ally.
A group of nine privacy advocacy organizations this week submitted a proposal to the US Federal Trade Commission asking it to consider implementing a Do Not Track list to protect people from having their online activities unknowingly tracked and used by marketers. The group also wants the formal definition of the term "personally identifiable information" updated, and it said Internet advertisers should be forced to provide more robust disclosures on any behavioral tracking they are doing.
The groups involved in the effort are the Center for Democracy and Technology, Consumer Action, the Consumer Federation of America, the Electronic Frontier Foundation, Privacy Activism, Public Information Research Inc., Privacy Journal, the Privacy Rights Clearinghouse and the World Privacy Forum.
At a news conference this morning, Ari Schwartz, deputy director of the Center for Democracy and Technology, said the Do Not Track list is similar in concept to the FTC's Do Not Call list. It would give people the ability to opt out of behavior-based online ad campaigns, he said.
Basically, a Do Not Track list would require companies that undertake consumer behavioral tracking for advertising purposes to register their tracking servers with the FTC. Consumers could then download that information and use it to block servers on the FTC list from planting persistent tracking tools on their systems.
To get such a system to work, consumers might have to download a browser upgrade or plug-ins. Developers of browser applications, in fact, would be encouraged to create plug-ins to allow users to easily download and implement the Do Not Track list on their computers, Schwartz said.
"Consumers would be turning over no information" to the FTC, Schwartz. All they would need to do is download the list of domains from the FTC list and use that to block the tracking of their online behavior, he said, adding that consumers could get regular updates of new domains added to the list. Advertisers, however, would not be blocked from serving up ads to consumers. Only the tracking of activities would be blocked.
The proposed plan is designed to make it as easy for consumers to opt out of online tracking as it was for those on the Do Not Call list to opt out of unwanted telephone calls, Mark Cooper, director of research at the Consumer Federation of America, said at this morning's news conference.
"The consumer needs to have a clear and consumer-friendly opportunity to opt out of being tracked," Cooper said. "We need a basic set of protections that consumers can count on," along with enforcement of those protections, he said.
The impetus for the recommendations are twofold, said Pam Dixon, executive director of the World Privacy Forum: First, the FTC is holding hearings on behavioral advertising and the privacy groups' recommendations highlight several issues that should be part of the discussions, she said this morning. Second, efforts by online marketers to regulate themselves via the Network Advertising Initiative (NAI) in recent years have failed to provide consumers with privacy protections.
"The industry has had seven years to prove they can manage online opt-outs. It is time to move toward something structured like the Do Not Call list to address the problems we are seeing, and have now seen for seven years," Dixon said.
Although the NAI has been giving consumers a way to opt out of targeted behavior-based online advertising, its approach is outdated and based on a narrow view of what constitutes personally identifiable information in the online world. Under the NAI approach, consumers who want to opt out of targeted advertising campaigns have to first download a general opt-out NAI cookie, which replaces a network advertiser's unique online preference marketing cookie. The tool is confusing to consumers and does little to protect against newer tracking tools and cookies, she said.
"What's needed instead is a much broader vision of what constitutes personally identifiable information," as well as a recognition of the myriad new ways in which online activities can be tracked, stored and profiled, she said.
The NAI did not immediately respond to a request for comment.
Online marketers should also give consumers a clear picture of what exactly is being collected, how it is being collected and why, she said. And consumers should be able to review the information collected about them.
Enforcing the protections offered by such a list can be challenging, Dixon conceded. It's not easy for average consumers to know if they are being tracked -- even after they have subscribed to any Do Not Track list, she said. Complicating matters is the fact that tracking activities can be carried with servers located outside the U.S.
"Right now, we are in a situation where we think the FTC needs to take over this list so that there can be appropriate enforcement and enough gravitas" behind the effort, Dixon said.