Online Ads, Privacy Remain in FTC Crosshairs

WASHINGTON -- A senior official at the Federal Trade Commission hinted on Wednesday that the agency is planning to prod online advertisers and Web companies to adopt new education tools and data-collection restrictions in an effort to protect consumer privacy.

"Right now the consumers really don't understand what's going on. So I think that is the real issue that needs to be addressed," Loretta Garrison, a senior attorney at the FTC, said here at the O'Reilly Media Gov 2.0 Summit. "We think they sort of know they're being tracked, but they don't really understand the wealth of information that's being collected and the many different parties that are involved and the various ways in which [information] is being used."

Garrison acknowledged that the commission is sensitive to the concerns expressed by members of the Internet industry about enacting overly restrictive rules in a marketplace evolving as rapidly as the online advertising sector, particularly when advertising revenue funds the bulk of the free content and services on the Web.

But at the same time, she suggested that a baseline privacy protection should be available to consumers, recalling FTC Chairman Jon Leibowitz's comments at a recent Senate hearing when he proposed a "do-not-track mechanism" for online advertising, similar to the popular "do-not-call" registry that restricts the activities of telemarketers.

"There ought to be an element where if they don't want to be tracked they ought to be able to say 'no,'" Garrison said.

Earlier this year, the FTC concluded a series of workshops that convened consumer advocates, industry representatives and other stakeholders to explore various aspects of the online privacy debate. This fall, the commission is planning to release a report outlining a set of recommendations for Internet advertisers and Web companies to provide clearer notice about their data-collection practices and offer meaningful privacy safeguards.

Leibowitz has acknowledged that those guidelines will likely extend the commission's policy of self-regulation in the online-advertising space, given its limited rulemaking authority absent an act of Congress.

House lawmakers have developed a framework for online privacy legislation, though any bill is unlikely to advance in an election-shortened session.

For some of the other members of the privacy debate speaking at the conference today, that's probably a good thing.

Education Could Alleviate Some Consumer Anxiety

High-profile missteps, such as Google's inadvertent collection of Internet transmissions with its Street View cars, or some of Facebook's more controversial policy changes, help keep the privacy debate in the front burner.

But for Tim O'Reilly, founder and CEO of O'Reilly Media, those are the inevitable byproducts of a fast-moving technology revolution, and hardly a justification for hasty laws or regulations.

"I'm really worried because it's so important when we enter a new technological era to realize that there will be mistakes," O'Reilly said. "It really worries me when we see this rush to criminalize mistakes as we are starting to enter a new world that we don't fully understand."

The FTC's Garrison conceded that the agency's series of workshops had made it clear that "there's no such thing really as anonymity on the Web," particularly in an age when users are willingly sharing information about themselves on social media sites and loose snippets of data from disparate sources can be compiled into highly detailed profiles.

In that light, she said that the well-worn guideposts of the online privacy debate -- opt-in versus opt-out data-collection regimes and the efficacy of privacy policies -- may no longer apply.

Internet companies could drain much of the anxiety from the privacy debate if they could more effectively demonstrate the value proposition of gathering data about their users, argued Jules Polonetsky, director of the Future of Privacy Forum who formerly served as the chief privacy officer at AOL and DoubleClick.

Polonetsky recalled the outrage many Facebook users expressed when the company launched its news feed, providing automatic updates about members' activities.

Those privacy concerns dissipated as members grew accustomed to the feature (now an essential element of the social network) and Facebook made some modifications to the way it was implemented. Polonetsky made a similar point in an interview with InternetNews.com while still at AOL, describing the knee-jerk reaction privacy-conscious consumers might have had to an instant-messaging client such as AIM that alerts users when their buddies are online and available.

Both cases involve social features that seem almost quaint by the standards of 2010, but in each situation, the privacy concerns were defused when consumers came to recognize the utility of the product. Polonetsky argued that if companies could do a better job of explaining to users the value they receive in exchange for sharing benign bits of information (such as Amazon's personalized shopping recommendations), the perception of a widespread consumer harm could be laid to rest, and policy makers might not feel compelled to press for restrictive laws or regulations.

"You solve an enormous number of these privacy questions when you make data the feature that frankly it is for many of these apps," Polonetsky said. "How do we tell people that it's not about tracking, profiling -- it's about serving you."