The Web is in the middle of an advertising revolution, driven by technology. With its typical obtuseness, however, Congress is up in arms over “behavioral advertising” online by companies like Google.
Targeted advertising helps fuel today’s flood of information, frictionless e-commerce, and the global blogger soapbox—so much so that it has become a cliché to call the Internet one of the most important wealth-creating and democratizing technologies ever known.
Unfortunately, every information technology advance stokes privacy fears, and marketing that tracks our online comings and goings is no different.
Behavioral advertising employs heretofore unexploited “tracking” capabilities of the Internet, which reminds us that there is more to the Internet than just the Web at any given juncture, and it’s only 2008.
The cries have become familiar. Is my data personally identifiable? Can it become so? Will my identity be stolen? And if a breach occurs, who will be punished?
Differing Privacy Expectations
Remember how angry we would get at receiving untargeted spam ads? Today, those ads are relevant, but we are still dissatisfied.
Privacy is not a “thing” to legislate; it is a relationship expressed in countless ways. User preferences preclude one-size-fits-all privacy policy. Online, some hide behind digital gated communities; others parade before personal Webcams.
Trying to legislate all of this would be exceedingly complex, as any law would have to contend with myriad questions. If online privacy is regulated, what about offline? Should the standard be opt-in or opt-out? Who defines “behavioral,” or “sensitive”? Should the federal government preempt state laws? What about noncommercial information collection?
Many companies already voluntarily follow principles much like the Federal Trade Commission’s proposed opt-in for sensitive information, even when the information is not personally identifiable.
But the rise of the Information Society amid a “homeland security culture” is an unfortunate coincidence, as it has blurred the important distinction between public and private data. This has complicated things unnecessarily.
Government Is Biggest Threat
Total Information Awareness, the Computer Assisted Passenger Prescreening System (CAPPSII), and Real ID—such invasive government proposals undermine privacy by preventing data from being confined to an agreed-upon business purpose. Most of the time, government does not need to protect privacy, but to allow it in the first place. (One is reminded of the cartoon of Snoopy typing, “Dear IRS, Please remove my name from your mailing list.”)
An old joke holds that if McDonald’s were giving away free Big Macs in exchange for a DNA sample, there would be lines around the block. But consumers do care about safekeeping their personal information—and increasingly have the means to protect it.
The Internet itself empowers consumers to vent their discontent—through blog backlashes against companies, for example. The result: Firms alter their information-handling procedures without being told to by law.
Consumers can also avoid certain sites, or use Anonymizer, Scroogle, TrackMeNot, and other such self-help tools. A federal mandate for “choice” isn’t persuasive when choice is increasingly the default.
The fury in the online privacy debate implies real, unexploited market opportunities exist in providing online anonymity. A marketer does not necessarily want to know who you are, but how somebody like you acts.
Market Regulates Snooping
No firm in a free market is lucky enough to “self-regulate,” as the FTC puts it. Firms (such as Phorm and NebuAd) now under attack for peering too deeply into personal behavior online are regulated by the threat of consumer backlash, competition from rivals, non-cooperation by potential Internet service provider (ISP) partners, and discontent from investors.
There is no such thing as no regulation. The choice is either political control or competitive discipline in a dynamic market.
Clamping down too hard will undermine what the Web can become. Tomorrow’s Web page will not look like today’s, as “widgets” scooping information from numerous sources become more accepted and then routine.
Despite the accusations hurled against behavioral advertising, marketing to an unidentified customer is today’s goal. Therefore, privacy thrives best as a war between computer scientists competing to offer anonymity.
Meanwhile, there is great value in technologies to prevent others from posing as us—the opposite of anonymity. That is one reason we should be hesitant about outright bans on the use of personally identifiable data.
Regs Exacerbate Problems
In the meantime, we need improved cyber-insurance and enhanced liability to evolve in online commerce. Government regulation of privacy standards can short-circuit such innovation. The private sector needs “practice” for the really difficult cases such as the future use of biometrics in online transactions.
Privacy policies are already legally binding. Therefore a realistic federal privacy agenda should:
* target identity theft and computer crime;
* enforce privacy policies;
* remain neutral on technology;
* keep compulsory databases separate from private ones;
* stabilize government’s own insecure networks; and
* avoid mandates that undermine private security guarantees.
To protect consumers online, we must consciously avoid entrenching regulations that inhibit the emergence of effective private alternatives and institutions. Online marketers are today’s “Battered Business Bureau”—but they need battering by competitive discipline, not from regulators.
Wayne Crews ([email protected]) is vice president for policy at the Competitive Enterprise Institute in Washington, DC and coeditor of Who Rules the Net? (Cato Institute, 2003). An earlier version of this article appeared in the Washington Times. Reprinted with permission.