FTC Considers Do-Not-Track List

Capitol Hill

The Federal Trade Commission is considering proposing a do-not-track mechanism that would allow consumers to easily opt out of all behavioral targeting, chairman Jon Leibowitz told lawmakers on Tuesday.

Testifying at a hearing about online privacy, Leibowitz said the FTC is exploring the feasibility of a browser plug-in that would store users' targeting preferences. He added that either the FTC or a private group could run the system.

Leibowitz said that while Web users on a no-tracking list would still receive online ads, those ads wouldn't be targeted based on sites that users had visited in the past.

Three years ago, a coalition of privacy groups including the World Privacy Forum, Center for Digital Democracy and Center for Democracy & Technology proposed that the FTC create a do-not-track registry, similar to the do-not-call registry. At the time, the online ad industry strongly opposed the idea of a government-run no-tracking list.

Currently, many people who want to opt out do so through cookies, either on a company-by-company basis or through the Network Advertising Initiative's opt-out cookie (which allows users to opt out of targeting from many of the largest companies). But those opt-outs aren't stable because they're tied to cookies, which often get deleted.

The Network Advertising Initiative recently rolled out a browser plug-in that enables consumers to opt out of targeted ads by NAI members.

Leibowitz also told lawmakers that he personally favored opt-in consent to behavioral targeting, or receiving ads based on sites visited. "I think opt-in generally protects consumers' privacy better than opt-out, under most circumstances," he said. "I don't think it undermines a company's ability to get the information it needs to advertise back to consumers."

Online ad companies say that behavioral targeting is "anonymous" because they don't collect users' names or other so-called personally identifiable information, but Leibowitz said that it might be possible to piece together users' names from clickstream data. He told lawmakers about AOL's "Data Valdez," which involved AOL releasing three months' of "anonymized" search queries for 650,000 users. Even though the company didn't directly tie the queries to users' names, some were identified based solely on the patterns in their search queries. Several lawmakers expressed concerns with behavioral advertising during Tuesday's hearing. Sen. Claire McCaskill (D-Mo.) said she was "a little spooked out" about online tracking and ad targeting.

McCaskill said that after reading online about foreign SUVs, she noticed that she was receiving ads for such cars. "That's creepy," she said, likening it to someone following her with a camera and recording her moves.

She added that if an "average American" were to learn that someone was trailing him around stores with a camera, "there would be a hue and cry in this country that would be unprecedented."

Sen. Jay Rockefeller (D-W. Va.) and Sen. John Kerry (D-Mass.) both expressed concern that privacy policies weren't giving Web users enough useful information about online ad practices.

Rockefeller proposed that some companies were burying too much information in lengthy documents that consumers don't read. "Some would say the fine print is there and it's not our fault you didn't read it," he said, adding, "I say, that's a 19th-century mentality."

Kerry added that he didn't know that consumers understood how companies use data. "I'm not sure that there's knowledge in the caveat emptor component of this," he said.

2 comments about "FTC Considers Do-Not-Track List".
Check to receive email when comments are posted.
  1. Mike Einstein from the Brothers Einstein, July 28, 2010 at 11:35 a.m.

    Real freedom is having the choice to opt in, not the choice to opt out.

  2. Miki Dzugan from Rapport Online, July 28, 2010 at 11:44 a.m.

    This sounds like a boondoggle to me. Because the "do not call" list works, sort of, the list is seen as solution to all other problems. The idea of a "do not email" list rightfully failed as should a "do not stalk me online" list.

    People need to police their own privacy, even if it means reading the fine print and learning to manage your cookies.

Next story loading loading..