• by Wendy Davis  @wendyndavis, November 2, 2007

WASHINGTON, D.C. -- Google, Microsoft, and Facebook joined a host of other Web companies in Washington Thursday to argue that they already fully protect users' privacy interests, and said that additional regulations could harm the online advertising industry.

"Billions of dollars of services and information are provided today for free, or nearly free, because of online advertising," Google deputy general counsel Nicole Wong told the FTC at the first day of a town hall meeting about privacy and behavioral targeting.

Wong, along with other industry executives, faced off against consumer advocates on a host of privacy-related issues ranging from the implications of behavioral targeting to why companies store search queries to allegations of Facebook employees spying on users.

Representatives from the online publishing and ad industry argued that companies already had robust privacy protections, while consumer and privacy advocates like the World Privacy Forum and the Center for Democracy & Technology took the position that collecting and storing data creates the potential for misuse.

For instance, Pam Dixon, executive director of the World Privacy Forum, proposed that a Web surfer who discloses a medical condition online might end up being denied health insurance coverage if that information got into the wrong hands.

But Web company executives stressed that they have privacy policies and teams of employees to make sure that individual users aren't identifiable or otherwise compromised. In Google's case, that would include Wong--plus a general privacy counsel, senior privacy counsel, and 16 "embedded" attorneys.

When a privacy compromise does happen--as allegedly occurred recently at Facebook, where an employee reportedly hacked into a user's profile--it's a breach of protocol and the company takes action, said Chris Kelly, chief privacy officer and head of global public privacy at Facebook.

"There have to be people at companies that have access to users' accounts," Kelly said, in response to a question about a data breach at Facebook. "There are rules around that access. Sometimes those rules are violated."

The FTC's town hall meeting came on the heels of a flurry of activity surrounding online privacy and behavioral targeting--specifically, the ability to track Web users online via cookies and serve them ads based on the sites they've visited. AOL Wednesday announced a new ad campaign aimed at educating users about cookies and behavioral targeting.

Also, the Center for Democracy & Technology led a coalition of privacy groups in asking the FTC to create a do-not-track registry for Web users who want to opt-out of behavioral targeting.

Internet industry groups like the Network Advertising Initiative, Online Publishers Association and Interactive Advertising Bureau oppose additional government regulation. They say that the largest ad networks already give people the ability to opt-out of behavioral targeting, and that government regulation would stifle continued growth.

"Government must be prudent," warned IAB President and CEO Randall Rothenberg, stressing that new laws could curb the recent "extraordinary pattern of innovation and consumer benefit."

The Web companies and industry groups also argue that any profiles that are compiled based on Web sites visited are anonymous; while those profiles are tied to a cookie, they're not tied to a specific email address, name or other personally identifiable information.

But privacy advocates say that the absence of a user's name doesn't necessarily render the information private. In papers filed with the FTC Thursday morning, the Center for Digital Democracy and U.S. Public Interest Research Group argue that the profiles being compiled are so detailed, it's nearly irrelevant that marketers haven't also collected email addresses or other personally identifiable information.

"The right hand of online marketing continues to hide behind the myth of anonymity, even while the left hand of Web analytics constructs remarkably detailed mosaics out of innumerable shards of purportedly 'non-personally identifiable information,' " they argued.

FTC Commissioner Jon Leibowitz indicated the agency might take another look at the type of information that should be included in Web companies' privacy polices to make sure consumers have adequate notice of ad practices.