• by Wendy Davis  @wendyndavis, October 10, 2010

Two influential lawmakers said Friday they were concerned that Web companies are collecting data from consumers without adequately notifying people about the practice.

"Consumers may be unaware that the sites they visit, coordinating with a cadre of analytics firms, advertising networks and offline data companies, may be tracking their activities around the Internet," Rep. Ed Markey (D-Mass) said in a statement.

Rep. Joe Barton (R-Texas) added that although many companies use privacy policies to explain data collection practices, those documents often are not understandable. "There is now a small army of companies collecting, analyzing, trading, and using information about consumers' habits, purchases, and private data," Barton said. "While some of these practices may be entirely legitimate -- some, in fact, ultimately beneficial to the consumer -- I do worry that not only are many Americans unaware of these practices, but those who seek out information in privacy policies often come up against complicated legalese."

Markey and Barton, who co-chair the Congressional Privacy Caucus, also released responses to questions they had posed about behavioral targeting to around a dozen Web site operators, including MySpace, AT&T, Comcast, Verizon, Yahoo, MerriamWebster.com, CareerBuilder, AOL and Microsoft.

Many of the companies said they had privacy policies to explain their data collection practices and that they allowed users to opt out of behavioral targeting, or receiving ads based on their online activity.

Some publishers, like MerriamWebster, specifically tied their use of behavioral targeting to the ability to offer free content. "We know that the twenty million people who use our site want it to remain free, and we work hard to balance the needs of advertisers, which is what allows the site to remain free, with the privacy needs of our users," John Morse, president and publisher of MerriamWebster, wrote.

Among other items, the Congress members also had asked for names of third parties with whom the companies do business, although not all Web companies agreed to answer. AOL, for instance, said that many of its business arrangements were "subject to confidentiality agreements."

Verizon, on the other hand, listed 37 outside companies including Omniture, Commission Junction and Google's DoubleClick.

Markey and Barton also had inquired about the Web companies' use of Flash cookies -- which are stored in a different place than HTTP cookies and therefore require additional effort to delete. In recent weeks, at least three lawsuits have been filed alleging that companies are improperly using Flash cookies to recreate erased HTTP -- activity that is seen as circumventing users' privacy choices.

At least one Web site operator, CareerBuilder.com, said that although it believed its prior use of Flash was legitimate, it had removed the cookie pending a review and update of its cookie policy.

Privacy advocacy group Center for Digital Democracy blasted the publishers' responses, saying that the companies "don't take responsibility for the problem or acknowledge that there are privacy concerns outstanding."

The organization also criticized the Web sites' privacy policies, many of which were submitted along with their responses. "In order to fully understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc."