With industry players aligning around a set of self-regulatory principles meant to protect consumer privacy on the Internet, some lawmakers are wondering if online marketers and other Web players can be trusted to responsibly police their own data-collection operations.
At a Senate hearing this week, commerce committee Chairman John Rockefeller (D-W.V.) gave air to those concerns, suggesting that lawmakers might have a role to play legislating privacy protections in spite of the efforts that industry groups have been making and the guidance that has emerged from a pair of reports from the executive branch.
"I recognize that consumer information is the currency of the Web," Rockefeller said. "Thanks to advertising revenue, much of the rich content of the Internet is available to consumers for free. I also understand that advertising is more effective and valuable to companies when it is tailored to match consumers' individual interests and tastes. But there has to be some balance. Consumers should have some degree of control over their personal, often sensitive, online information."
The hearing came amid the backdrop of an ongoing drive to implement effective self-regulation led by the Digital Advertising Alliance (DAA), a consortium of industry trade groups and member companies working to implement standard practices allowing consumers to opt out of data-collection programs and offer more visibility into what information is collected and how it is used.
Meantime, the White House and Federal Trade Commission have each issued their own sets of guidance about privacy best practices, variously calling on industry members to offer more meaningful notice to consumers about their privacy policies and implement a so-called do-not-track mechanism.
Rockefeller noted the news this week that the travel site Orbitz would begin offering different product listings to consumers depending on the type of computer they are using. So Mac users, which Orbitz has identified as a more affluent demographic, would be shown pricier travel options than visitors using a PC.
That announcement, Rockefeller said, "should remind all of us that companies will always be tempted to misuse the consumer information they collect."
Rockefeller said he was pleased that member companies of the DAA would offer consumers the ability to opt out of their online tracking programs, but took issue with the exemptions relating to activities concerning "market research" or "product development."
"These exceptions are so broad, they could swallow the rule," he said. "'Market research' and 'product development' could encompass almost anything."
Bob Liodice, president and CEO of the Association of National Advertisers, a member of the DAA, argued that certain tracking methods are necessary to support cybersecurity and curb fraud, while other limited marketing activities have won the blessing of Federal Trade Commission Chairman Jon Leibowitz and staffers.
"The Internet operates on some collection of data. And if a consumer opts out of any kind of information gathering, there are necessary exceptions in order to be able to ensure that fraud protection, crime prevention, other systems that currently operate on the Internet need to continue to ensure that those law enforcement capabilities continue to exist," Liodice said.
Rockefeller challenged the notion that cybersecurity should serve as a license for sophisticated data collection, calling that notion a "red herring" that furnishes marketers a license to compile detailed consumer profiles.
Liodice, however, allowed that the industry is obligated to provide a certain measure of consumer choice and options to limit the collection of data.
"We would agree that boundaries need to be placed in this arena because consumers need boundaries in order to understand exactly what their rights are, what their privileges are and what their decisions need to be based upon," he said.
Liodice also argued against more restrictive regulations along the lines of what European Union officials are backing, warning that overly prescriptive privacy protections threaten to calcify the industry at a time when the technologies and standards in play are swiftly evolving.
"That is essentially the core fear, that we lock in place what we currently have and not leave ourselves open to the evolution of technology," he said. "Creativity and innovation is the basis for the Internet, and we recognize that as part of our self-regulatory principles we have to allow enough room and flexibility to adapt to a changing economy and rapidly changing technologies."
Another witness, Alex Fowler, the global privacy and policy leader at Mozilla, questioned the urgency of the privacy issue in the mind of consumers. Fowler told the committee that online privacy has not yet gained the consumer momentum as previous legislative efforts in the areas of spam emails and telemarketing.
"I don't think we're at the point yet where we have the same kind of consumer backlash that we've had with CAN-SPAM and Do-Not-Call," Fowler said. "I think there's still an opportunity here, and some research backs this up -- that we have a polarized set of consumers on both ends that are very surprised and uncomfortable by tracking online and others who are very excited about engaging in personalized content and services. And we have a much larger -- and in fact the bulk of the consumer -- market that's somewhere in the middle and ultimately will decide based on the value that they receive and how transparent those mechanisms are."
"We have an opportunity to address this through technology and changes in industry practices that create more transparency," he added.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.
Read more about privacy in CIO's Privacy Drilldown.