European Union
Consumer Commissioner Meglena Kuneva said she intends to take a close look at whether behavioral targeting, or showing ads to Web users based on the sites they have visited, violates people's privacy.
"There are some concerns that the amounts of personal data collected over the Internet without the awareness of users, let alone their consent, is getting too large and a bit out of
control," Kuneva said at a roundtable discussion Friday about online privacy and
advertising.
That current online marketing practice is "far removed" from what European law appears to require, she said. "The European Data Protection Supervisor has stated that our current
legislation requires explicit consent each time personal data is collected. The reality on Internet is far removed from these principles," she said.
The European Commission must specifically
address what constitutes "informed consent" to online tracking. "Currently, many Web sites offer to click for 'enhanced services,'" she said. "Is this an informed consent? How many people actually
know that this amounts to consent to having their behavior tracked, to have that data stored and then used commercially?" she asked.
Privacy watchdog Jeff Chester, executive director of the
Center for Digital Democracy, took Kuneva's remarks to signal that new European laws are on the horizon regarding behavioral targeting. "The consumer commissioner has suggested she will play a
proactive role in helping the industry address what needs to be done," he said, adding that he expects new standards will "go beyond self-regulation."
Europe's broad privacy law already
restricts companies' ability to collect personal data about people, so it's not a stretch to imagine that new European laws could address behavioral targeting specifically. The U.S. has no overarching
privacy law, but the Federal Trade Commission--as well as some states, including New York and Connecticut--have taken an interest in behavioral targeting.
But even without new U.S. laws, many
Web-based ad companies operate globally, and it may be difficult for them to justify giving U.S. consumers less privacy protection than European Web users. For instance, Google last year already said
it would limit the length of time it keeps logs by IP address in the U.S. in response to pressure from European regulators.