In early 2011, US Senators John Kerry and John McCain proposed online privacy legislation that for the first time would give web users the right to demand they not be tracked online. That legislation—the Commercial Privacy Bill of Rights Act of 2011—would allow consumers to prevent websites from tracking and selling their online behavior by essentially opting out of such activities. The bill has thus far gone nowhere, and has just a four percent chance of being enacted, according to Govtrack.us, but that doesn’t mean it isn’t having an impact. Scott Barlow, vice president and general counsel for ValueClick, Inc., the largest independent online advertising network, explains the obstacles associated with online privacy.
The Internet is a nascent industry. Seventeen years ago, there was no Internet. Today, the industry is growing by 15 percent to 20 percent per year, and it’s is still evolving. Legislators have been playing catch-up.
Privacy has always been an issue. People visit websites in the comfort of their own homes. Because of that, there’s a false sense of security. You’re in your own house, so you think you can go anywhere and no one will know. Some people do things they wouldn’t want other people knowing they do, like visit risqué websites. I believe that’s the genesis of the privacy concerns. So, a lot of people worry that companies know what they do online and could improperly use or share that information.
Despite concerns about privacy, people offer a lot of information. A vocal minority have real concerns about who has access to your data. Many people don’t realize, however, that they contribute to privacy problems. You have people putting all kinds of personal information on publicly available websites. It’s pretty amazing. People publish their birth dates, cell-phone numbers, and e-mail addresses on these sites, and most people don’t understand the privacy features, so all of that information is out there in the open. People with privacy concerns shouldn’t voluntarily be putting information like that out there for full public consumption.
ValueClick doesn’t collect any information that is personally identifiable. We do offer a service called behavioral targeting. With that, cookies installed when you click on an ad track where your IP address goes. But it’s important to note that we don’t track the websites you visit on a personally identifiable basis. We don’t care who you are; we just want to know if the IP address that visits site A is also interested in site B. We make sure we don’t match up your personally identifiable information with your IP address. The goal is to provide consumers with relevant ads—ads for products that they would be interested in—and the majority of consumers like that. Moreover, without Internet advertising, many of the sites that people visit would no longer be free.
The single biggest issue today is consent. With behavioral tracking, there has been a lot of noise about privacy. What do companies know? How should it be regulated? Should people have to opt in to receive targeting or should they have to opt out?
Legislative efforts have stalled. A number of bills have addressed consent. Currently, however, no bill about behavioral targeting has any chance of passing this year. Legislative efforts haven’t gotten much traction because legislators can’t seem to agree on a bill.
All the major players are moving toward self-regulation. At ValueClick, we’re members of the Network Advertising Initiative and the Interactive Advertising Bureau. They’ve put a number of regulations in place that all their members have to comply with, and members include every big Internet name out here—Facebook, Microsoft, and Yahoo, to name just a few. And these self-regulatory bodies have already rolled out a consent mechanism. We are very active with these groups and support their efforts.
Communication is key. Whatever a company’s privacy policies are, there has to be adequate information on its website about what it’s doing—whether it’s simply tracking IP addresses or whether it’s actually selling that information to other companies. This stuff is fairly complex; you’re never going to have a simple two-line privacy policy. But, the movement is toward transparency and we fully support it.
