The notion of online privacy is hardly a new one. But these days, guidelines pertaining to it are evolving almost as quickly as data-gathering technology itself. As more and more companies harness the power of information collection and analysis to boost revenues, the pushback has intensified from regulatory bodies and public advocacy groups aiming to restrict the kinds of information to be collected and ways in which that information can be used in the marketplace.
Whether or not increased regulation in the online space is inevitable—the Federal Trade Commission is expected to take action to increase protections for children’s privacy, and Congress is asking questions about the practices of data brokers—the current question is what proactive steps can companies that rely on data aggregation as part of their overall strategy take?
Answering that question requires a bit of historical perspective. The regulation of the use of information in the electronic marketplace traces its roots all the way back to 1973, when a government advisory committee on “automated personal data systems” developed the first code of conduct regarding information privacy protection. Over time, this code evolved into the Fair Information Practice Principles, a set of guidelines issued by the FTC in 1998, which outlined the basic tenets online privacy: notice, choice, access and security.
Since then, the FTC has monitored companies with consumer privacy policies to ensure that they abide by their own policies, but the government has had little authority over companies that don’t already have privacy policies in place.
More recently, at a May 2012 hearing of the Senate commerce committee, the chairman of the FTC, Jon Leibowitz, urged Congress to pass new online privacy legislation that would increase the commission’s enforcement power by giving it jurisdiction over all companies doing business on the Web, arguing it would spur the growth of Internet commerce by improving consumers’ trust in online transactions.
Meanwhile, elected officials are becoming more Internet-savvy. This September, Congressman Edward J. Markey, a Democrat from Massachusetts, proposed a piece of legislation called the Mobile Device Privacy Act, which would require companies to disclose to the public the extent of their ability to monitor mobile telephone usage. Previously, Rep. Markey has sponsored bipartisan legislation with Congressman Joe Barton, a Texas Republican, regarding digital privacy as it pertains to companies collecting customer data. Markey and Barton also led a group of Congress members who sent questionnaires to a group of marketing companies asking about their data collection and use practices.
Consumer protection groups largely support the FTC’s efforts to create more clearly defined rules, believing that self-regulation has not worked. “Industry has a problem, a disconnect, between what they claim are market practices and what is actually going on,” says Jeff Chester, executive director of Center for Digital Democracy, a Washington, D.C.-based nonprofit.
Ed Mierzwinski, consumer program director at U.S. PIRG, a nonprofit consumer interest group, adds that his organization believes the Fair Information Practices have been ignored, adding, “The online marketplace ought to have some basic rules and basic rights.”
The Need to Communicate Data Practices
The proactive steps companies that collect consumer data can take involve explaining what they are doing, and how their practices can benefit both businesses and consumers. That is the message from Jennifer Barrett Glasgow, chief privacy officer at Acxiom, a data technology consultancy based in Little Rock, Ark.
“Companies generally want to maximize their use of the data to make the information valuable for both parties [the company and the consumer],” Barrett Glasgow says. But those goals are unachievable if a data-collection initiative, she says, “feels plain-old creepy.”
Barrett Glasgow advises Acxiom’s clients to make sure whatever data-collection practices in which they engage pass a basic sniff test. She says a white paper issued by the FTC last March provides some “really good guidance” for companies of how to implement Privacy By Design, a concept originated in the 1990s by Canadian official Ann Cavoukian, Ontario’s information and privacy commissioner.
The basic idea of the guidelines, Barrett Glasgow says, is that “before you implement an online data strategy, you put yourself in your customers’ shoes.” In some cases, for example, a certain level of personalization and customization based on data analysis “can go too far,” she says.
Barrett Glasgow says that companies need to establish trust with consumers by explaining that big data analysis is about gathering large quantities of anonymous data, not smaller subsets of hyper-personalized data on individuals. “You don’t want people opting out of data collection,” she says.
Just because a company has access to a certain level of personal data about its customers doesn’t mean it needs to use it all, especially if it impacts credit decisions, insurance underwriting or other major life events such as employment, explains Barrett Glasgow.
Data Informed sought to speak with other corporate privacy representatives for this article. For example, leaders of the Internet Association, a new industry group that counts Google, Facebook, Amazon, and eBay as members, declined an interview request.
While some privacy advocates will remain skeptical about industry’s judgments on such policies, this may be the inflection point where consumer advocates and companies find common ground.
Ed Mierzwinski says, “My biggest concern isn’t an online shopping site that is analyzing each click. I’m concerned about gathering vital information without the consumer’s knowledge for financial or employment questions, and then redlining based on the answers.”
Acxiom’s Barrett Glasgow says that data brokers and the companies that rely on them should listen to advocates’ concerns but she says, “a lot of those things are not happening.” Past headline-grabbing privacy missteps by Facebook, Google and MySpace were the kind of public-relations nightmares that many in the online industry are eager to avoid in the future, she adds.
Besides, even the most impassioned privacy advocates don’t look to legislation as the ultimate antidote for their concerns. “Our goal is some sort of rule-based standard,” says U.S. PIRG’s Mierzwinski, either by FTC rules or standards guides backed by FTC rules.
Mierzwinski acknowledges that online data analysis is here to stay, but he wonders, “Why should a consumer have to act like James or Jane Bond to protect their privacy?”
Alec Foege is a writer and independent research professional based in Connecticut, and author of the upcoming book The Tinkerers: The Amateurs, DIYers, and Inventors Who Make America Great. He can be reached at firstname.lastname@example.org. Follow him on Twitter at @alecfoege.