Commentary
FTC Chief Hopeful Online Ad Biz Can Self-Regulate
- by Wendy Davis , Staff Writer @wendyndavis, May 13, 2010
"So long as self-regulation is making forward progress, the FTC is not interested in regulating in this area," he told the National Cable & Telecommunications Association's Cable Show.
But, while industry executives undoubtedly are relieved to hear that, Leibowitz also issued some warnings to the online ad industry. Among other tidbits, he indicated that the FTC will consider privacy violations problematic even without proof of identity theft or other financial harm.
"In the FTC's more traditional consumer protection work, we often look to stop practices that cause consumers tangible harm. But wouldn't that miss a serious part of the value of privacy to consumers?" he asked. "How can we put a price on the unease of knowing that strangers out in cyberspace might be compiling detailed dossiers about you?"
That's significant because it appears to conflict with the where's-the-harm approach that ad executives long took regarding online privacy. To this day, some observers tend to approach online privacy as a security matter, arguing that users have no reason to worry about data that's collected as long as they're safe from identity theft.
But it's become increasingly clear that consumers do care about privacy separate and apart from online security. Just consider the pushback to Facebook's new instant personalization, which automatically shares users' names, photos and other information with Yelp, Microsoft Docs and Pandora.
Leibowitz also once again took aim at the incomprehensible privacy polices that have become commonplace online. "Each website gathering information for behavioral advertising needs to tell consumers that's what it is doing," he said, adding: "And by this, I do not mean another 3-point font, 10-page document written by corporate lawyers and buried deep within the site."
Additionally, he advised companies to obtain consumers explicit consent before obtaining sensitive data -- and to err on the side of caution when defining that term. "Health records, financial information, social security numbers, home addresses, anything at all about children -- these certainly comprise sensitive data. And in the gray areas beyond that, if you want to continue to self-regulate, you will need to be -- well -- sensitive to what others consider sensitive personal information."
Wendy Davis is a Senior Writer at MediaPost. You can reach Wendy at wdavis@mediapost.com
Privacy questions should be examined from more perspectives than identity theft or compliance. Multiple leaks of data that can eventually lead to successful identity theft may not be immediate or obvious.
Privacy, in practice, is about trust and control over what is released about us. Since we are all in the same boat as consumers, marketers and advertisers it makes sense to realize that what we do to our customers, we essentially do to our own families.
It is a common misnomer that we see a direct one to one correlation between a single breach and a successful identity theft. The bad guys compile, buy & sell profiles in a similar fashion to any legitimate data aggregator. The criminals aren’t unsophisticated boobs.
Consumers have no way of knowing, much less proving, that a bad actor got their name from site a, their ssn from site b and their mother's maiden name from site c.
Treating consumers as mere numbers aggregated to generate behavioral targeting profiles misses the potential boost to public relations, and trust that makes consumers more willing to provide meaningful data.
As consumers become more aware the risk of backlash, such as what continues to happen with Facebook increases. Self-regulation programs need to have real buy-in and auditable compliance to stave off knee-jerk government regulation.
We need to take the lead in customer relationships and stop congratulating ourselves for staying one step ahead of the regulators.