The ‘Do Not Track’ Minefield
The privacy landscape is bumpy and dangerous. It all started with the FTC’s report in early December. A distant cry was heard calling for a system like ‘Do Not Call’ that could apply to internet advertising and solve the woes of the consumer, protecting them from the evils of behavioral tracking. Shortly thereafter, we hear that Microsoft is planning a do not track option in the next version of Internet Explorer. Then this month Mozilla announced that it will provide a unique new type of header that when set, will tell websites not to track this particular user. And to cap it all off we have the DMA proposal of placing a little icon on every ad allowing the consumer to click on the icon, read privacy policies and then decide whether to allow that advertiser or not.
There is an over-riding problem with all of this. Current proposed solutions are addressing the wrong issue. Behavioral tracking, when used properly, can be a very effective form of optimizing ad expenditures. Aside from occasionally being a little creepy, having a webpage know what things you might be interested in based on previous actions is not generally considered an invasion of privacy. It is when that data is used for malicious purposes that problems arise.
Sure, it seems simple enough to just stop the collection of data and then we won’t have to worry about how that collected data can be abused. But that is throwing the baby out with the bath water. Within a particular site or advertising vendor, this data has been shown to improve the user’s on-site experience. The problem we should be addressing is corporate ethics and information exchange regulation.
The real tease here is that once behavioral data has been collected, it has value to parties other than those who collected it. This means additional revenue streams for the collecting party. But once the data leaves the originator’s hands, there are no guidelines as to how that information may be used. In fact, many Privacy Policies have disclaimers as such. They will inform you that your data may be given to third parties and after that, it is no longer their problem. Of course, reputable vendors are ethical and try to select reputable partners. For example, here is a statement from the macys.com privacy policy:
The information gathered may be shared with the Macy’s, Inc. family of companies, which includes Macy’s and Bloomingdale’s. We also share the information with third parties, including responsible companies with which we have a relationship.
The section goes on to provide information about the kinds of parties they share with and the intent of the sharing and so on. But this paragraph gives reason for pause. As a consumer concerned about privacy, you have to ask yourself, what is a ‘responsible company’ and what exactly is meant by ‘having a relationship? As expected, macys.com provides link to the third parties’ privacy policy for your further reading enjoyment.
A minefield. That’s what it is. An undulating landscape that may have hidden privacy-threatening bombs at any step. What the industry really needs is to stop trying to find ways to block access to the landscape and instead, provide consumers with a really good metal detector. This is a task that will ultimately evolve, but we are a long ways from it.
