Privacy Protection Is Now A Centrist Issue

The issue of protecting online consumer privacy is about to get a lot more attention in Washington, D.C. While I've written about this subject a number of times in the past, it has never been with the immediacy that I write about it today. Privacy is about to take center stage with our federal legislators and regulators -- an occurrence I, and many others, don't think we're ready for.

The issue has been with the online ad industry for years. We had the public concern and regulatory backlash after the DoubleClick/Abacus merger. We have had organizations like the Network Advertising Initiative, TRUSTe, and more recently the Interactive Advertising Bureau working to develop self-regulatory programs to help the industry manage privacy. Many of us have been called to testify on privacy issues before the Federal Trade Commission and Congress.

In the past, most of the advocates calling for tougher privacy laws represented relatively extreme views. They were privacy advocates representing organizations that no one -- even those inside the beltway -- had heard of. No more.

Events during the past three weeks have changed the outlook for privacy legislation that could impact our industry.

First, FTC member Jon Leibowitz was named by President Obama to be the commission's new chairman. Not only is he a passionate consumer advocate, but he has stated many times he believes the online industry is giving short shrift to protecting consumer privacy. He does not believe that online ad companies do a good job of telling the public what user information they capture and what they do with this info. He is right.

Second, Representative Rick Boucher, the new chairman of the House Subcommittee on Consumer Protection, announced that he will be introducing legislation to regulate online privacy. While he recognizes that the FTC recently released an advisory report calling for continued self-regulation, he is on record that he doesn't believe most online ad companies are complying with the FTC's advice. He is right.

Leibowitz and Boucher are no Luddites. Nor are they fringe privacy zealots. They are both among the most tech-savvy in Washington and are quite centrist and pragmatic, certainly relative to those normally calling for more regulation or legislation in this area. No longer is the fight against governmental privacy protection a fight against the fringe. It is now a fight against the middle.

What should we do? Now is the time for online ad companies to get truly serious about self-regulation. The industry may not be able to avoid legislation in this area, but it can work to insure that the impact of any legislation is minor.

There is no question that many of our companies are vulnerable in this area. A number of companies try to be good actors, but don't pay enough attention to protecting privacy to realize that they are doing a bad job giving appropriate notice and choice to their users concerning data capture on their sites. We also have a number of companies out there that are just plain bad actors, who hide behind those that are ignorant. And, finally, we have a number of folks out there with a mindset that just because we can offer "better" services by capturing user data, and just because many younger users don't seem to worry too much about privacy, we don't have a problem.

We do have a problem. It is about to move beyond our control. Will you help fix it?

Tags: privacy
Recommend (2) Print RSS
9 comments about "Privacy Protection Is Now A Centrist Issue".
  1. R.J. Lewis from e-Healthcare Solutions, LLC , March 19, 2009 at 2:46 p.m.

    ... and the pendulum swings back once again...

  2. Autom Tagsa from Canadian Consulting Firm , March 19, 2009 at 2:48 p.m.

    Brilliant post.

    Privacy (and security) concerns are a huge issue, particularly for those who advocate intergration of social media tools for enterprise.

    Look forward to your updates on this.

  3. Paula Lynn from Who Else Unlimited , March 19, 2009 at 3:03 p.m.

    Just today, Frank Maggio's TV Board column exposed NBCU's agreement that rare few people read. So what happens when a company does not comply to a self regulation? Whose going to catch the problem? Is there a penalty? Whose going to impose a fix? If anyone thinks self regulation is going to work, have I got a fox for you!

  4. Craig Mcdaniel from Sweepstakes Today LLC , March 19, 2009 at 4:02 p.m.

    What is funny is every webmaster has seen a massive increase in spam from Russia, China, India and Eastern European. This problem is a far greater threat to privacy than anything that a American company can do. Worse, there are a number of measures to slow down spam but we have heard nothing from the Dem’s and the White House on this. I wonder why?

  5. Max Kalehoff from SocialCode , March 19, 2009 at 7:17 p.m.

    I don't think the publishing industry can help itself. There are a few well-intentioned people, but everyone's fighting for short-term dollars, which are shrinking in this economy, especially for display publishers. A massive overhaul is required, and that begins with incentive. There's no incentive to move the needle on short-term behaviors.

  6. Bruce McDermott from Atom Valley , March 20, 2009 at 11:47 a.m.

    Looks like opt-in time again.

    Nice article Dave..I knew you weren't that Darth Vader guy personified in "The Numerati".

  7. Scott Nelson from TruEffect, Inc. , March 23, 2009 at 9:41 a.m.

    Consumers have very well-documented expectations of privacy in the offline world. We as an industry have failed to effectively mirror those online. By and large, consumers will share information with those entities they know and trust, and expect to be treated differently as a result. The conspicuously absent parties to this discussion are the merchants (online advertisers) with whom consumers have a relationship. Third party technology platforms and ad networks have no equity with consumers. Leaving the solution to them is why elected officials such as Boucher, Dorgan, Markey, Brodsky, Straus, et al could take this out of control. Please keep up the noise level as silence in this case is not golden. -Scott

  8. Nicholas Givotovsky from datasphere , March 27, 2009 at 5:22 p.m.


    Isn't the debate about privacy in fact a dispute over control?

    Privacy is just one of the dimensions of concern people naturally have about their lives online, but it's both overplayed and undervalued, and it’s not the sole issue, though it’s often made to seem so.

    Until privacy and other related material user interests including, but not limited to security, control, interoperability are coherently addressed, and can then be expressed as a set of uniform and recognized user- related rights, the matter won't, and shouldn’t, be fully settled.

    Perhaps the disconnect between the "incredible value of user-related data" often described by behavioral targeting proponents when speaking to their business partners, when contrasted to the positioning to users (and for that matter, policy makers) that their exclusive concerns should be those of privacy alone, serves to undermine the credibility and trust needed to preserve, much less deepen, the advertiser/user relationship.

    Many people just aren't that naive, at least anymore, about the value of their data, and aren't so unaware of the ways in which they are and are not protected online and off when it comes to personal information. The "we don't do PII" also argument flags a bit also when the ease with which multiple sources of data can be mined and combined is also known, even to the non-technical.

    What’s to be done?

    The interactive advertising industry could work to establish and uphold a set information rights (including privacy, but not limited to it) on behalf of users which provided not only for their protection, but also created the mechanism for their direct incentive to provide user-related data in protected form, and then in turn equip them (us) to optionally and revocably participate in a transparent and accountable marketplaces for profile information in which they (we) have a direct stake.

    With immediate and effective consequences and remedies for the misuse and/or misappropriation of user related data, which could now be regarded as an asset held in trust by third parties, but belonging first to the user themselves, a new and better “digital deal” could perhaps be struck all around.

    Given the various interests in play, this kind of scenario may seem unlikely, even in the current climate, but absent a more reciprocal quid pro quo, and a more candid and unified statement of actionable, permissions-based polices, the premise that the only interest users’ have in the use of their data is that such use do them no “harm”, will continue to fall flat.

    If the industries and interest in question began to think more in terms of the rights and interests of “digital citizens”, and not talk exclusively about “privacy” while denying the possibility of any user harm as a result of current and upcoming practices, the prospect of effective self regulation would become more realistic.

  9. Bruce May from Bizperity , March 27, 2009 at 5:58 p.m.

    So do they teach that regulation is evil in business school these days? There are things that business can't do for themselves because of the natural conflict between their own interests and those of their customers. We will serve ourselves (and the industry) far better by cooperating with the government to create rational rules and guidelines that can be enforced. That way we won't have to sacrifice our own scruples to compete with scoundrels who, without regulation, will do as they please.