Ad Industry: FCC Shouldn't Break A Privacy Model That Works

Sometimes good government policy is as simple as a schoolyard aphorism: If it ain’t broke, don’t fix it.

The Federal Communications Commission is close to finalizing a rule-making to regulate the free and open Internet that would impose new standards on Internet Service Providers. One element of that proposed rule could damage today’s widely accepted approach to digital privacy by expanding the definition of “sensitive information” to cover nearly all digital activities.

Online privacy policy has always distinguished between general Web browsing that helps advertisers understand users’ interests and the types of data that users would consider to be “sensitive” like financial, health, children’s, or precise geolocation information.

In the self-regulatory principles of the Digital Advertising Alliance’s YourAdChoices program, for example, a company must obtain consent from a consumer before those types of sensitive health, financial, or location data can be used for advertising purposes, while more general interest-based information can be used unless a consumer “opts out,” which ceases collection and use of data for those types of ads.

This common-sense approach to the use of different types of information was developed through close collaboration between the digital advertising industry and policymakers in agencies and Congress, and it is protected through the DAA’s robust, independent enforcement around data collection and use. To date, DAA’s Accountability Program has publicly announced more than 70 compliance actions, demonstrating that the system works as advertised.

Unfortunately, the FCC’s proposed rule would undermine that current successful and effective privacy model by dramatically expanding the definition of “sensitive information” to cover all Web browsing and application use for broadband customers. In expanding the logical and limited definition of “sensitive information” to include nearly everything a user does online, this approach creates a false equivalence that a visit to a sports Web site, for instance, should be treated as sensitive as a user’s private financial activities.

Rather than twisting an accepted definition to mean something that it does not, we believe there is a better approach to this issue that builds on the success of our current model.

The FCC should set a standard for broadband ISPs that comports with long-standing industry practice and the expectations of the consumers it is working to serve, a well-tested standard that has helped the U.S. become the global Internet leader. By contrast, the FCC’s current proposal would undercut the competitive and innovative Internet marketplace, hurting consumers and limiting the diverse content and services made available at low or no cost through advertising funded by the responsible use of Web browsing and application use history.

That’s why six major advertising associations joined together to share an alternative approach with the FCC in a filing last week. Representing more than 5,000 members ranging from ISPs to digital advertisers, publishers, and other ad tech companies, those associations -- the American Association of Advertising Agencies, American Advertising Federation, Association of National Advertisers, Direct Marketing Association, Interactive Advertising Bureau, and Network Advertising Initiative -- offered a proposal that “strikes an appropriate balance between privacy and economic benefits” for both customers and ISPs.

In the associations’ common sense proposal, “sensitive information” would be defined as health, financial, children’s, and precise geolocation information, and broadband ISPs would be required to obtain a customer’s opt-in consent for the use and sharing of such information for marketing purposes. For the broader and non-sensitive categories of general Web browsing and application use history, ISPs would be required to offer clear, meaningful, and prominent notice allowing the customer to opt-out of the use of such information for marketing purposes.

This approach ensures the FCC also does not create privacy fatigue by reserving higher-level controls for the specific types of data that need such safeguards, like social security numbers and medical information. As McGeorge Bundy said in a quote now enshrined in data protection guidelines from the National Institute of Standards and Technology: “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.”

In short, by adjusting its proposed rule to meet current standards and set a plain English definition of “sensitive information,” the FCC would continue to protect the engine of ad-supported innovation that consumers want and deserve, while giving consumers control over their online experience. We urge the FCC to consider this rational alternative approach on this important issue.

Next story loading loading..