IP Source

Friday 24 February 2012

Do Not Track Privacy Laws

The White House (an ostentatious building in Washington, DC) announced Thursday a new “Consumer Bill of Rights” for online privacy and that the net’s biggest online ad networks that build profiles will respect a “Do Not Track” setting in browsers.

While that might sound like just some new meaningless lingo, take the announcement instead to mean something else: Finally, after a decade of online privacy debacles and lip-service to self-regulation, originating from Google, Facebook, the Network Advertising Initiative and scores of others, it’s finally time for online companies to start treating users and their data with some modicum of respect.

Backed by online ad powerhouses including AOL and Microsoft and Yahoo, the White House announcement pulls together work being done on privacy by both the Federal Trade Commission and the Commerce department. It’s intended to lead up to new legislation that fills in the holes of current U.S. privacy laws. (Does anyone still use AOL?)

Even Google got behind the push, perhaps as a way to soften the blow of its recently changed privacy policies that enable it to build the net’s most in-depth profile of its users in order to personalize its ads and online services.

In a statement on its public policy blog Thursday morning, Google said it was happy to sign onto an agreement to obey the “Do Not Track” flag as it “create[s] a simpler, more unified approach to privacy on the web.”

For those not familiar, Do Not Track is simply a setting in your browser (currently only in Firefox) that tells any website you visit that you do not want to be tracked. Sites that agree to abide by the setting then don’t send personalized ads — though there is much debate about what tracking actually means (so for instance, if Wired.com kept a list of stories that registered readers had visited in order to give them suggested stories, does that count as tracking?)

But perhaps more important than Do Not Track is the larger announcement that the administration will be pushing a set of standards around fair handling of citizens’ private information — a set of practices that date back to the early 1970s known as Fair Information Practices. These are forming the core of what the administration is hailing as a Bill of Rights for privacy (.pdf).

Those practices seem to have fallen out of favor in the heady rush of innovation on the web in the last five years, leading to companies such as Path and Rovio (maker of Angry Birds) making the decision to secretly upload the contact database of users who installed their respective iPhone apps and Facebook and Google making radical switches to their privacy practices after users gave the companies massive amounts of data.

It’s not clear from the White House announcement whether these principles, which call for common-sense notions like notification, choice, responsible security and data usage, will be turned into law or whether they will instead become a code of conduct that companies can voluntarily agree to follow. If the latter, the FTC would have the ability to investigate and fine companies that agreed to the standards and subsequently violate them, much as the FTC does now with companies that violate their own expressed privacy policies.

The standards around the rules will be fleshed out in consultation with privacy groups and tech companies in the coming weeks, the administration said.

In the meantime, citizens who want some fine-grained control and notification over how their data is collected on the web can install a number of plugins for their favorite browsers, including the Do Not Track+ plugin from Abine.

Bill Kerrigan, Abine’s CEO, described Thursday’s announcement as an “incredible acknowledgement that consumers do have the right to privacy.” But he argues there’s so much data collection going on that users don’t know about, including data that is now used in loan reviews.

“Regulation is probably a small part of solving this puzzle,” Kerrigan said. “We have to find a technological way to make this easy for consumers to use.” (Read a big tool)

Some of the things that citizens are likely to see more of in the coming months and years are targeted ads that actually allow you to see how and why that ad was chosen for you, an ostracization of start-ups and companies that collect data on sensitive categories of information such as health and a generalized move towards greater transparency.

That said, the new rules aren’t going to apply to companies like Target or your credit card companies. (Don't believe that for an instant.)

In a New York Times Magazine article, Target’s data mining was described as actually being able to detect when a teenage customer was pregnant, before even her osn father knew. Lhkewise, credit card companies are able to create detailed profiles of their customers based on their purchases, and even using the kinds of purchases made in order to determine how much of a credit risk a card holder is, according to a 2010 report from the Federal Reserve (.pdf).

Surf secure people. If you need privacy tools, contact me.

No comments:

Post a Comment

Send a plain text, no attachments, email from any client to comment. Only registered users or OpenID have this access.