Proposed Web Privacy Legislation Sparks Intense Criticism

Published June 9, 2010

Two members of Congress, Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL), have released draft privacy legislation to regulate behavior-targeted online advertising.

The 27-page proposal ( released in May includes a variety of provisions, such as requiring companies that collect data, such as publishers and advertisers, provide an opt-out from targeted advertising.

The proposed opt-out mandate includes not only site-to-site targeted advertising but also advertising on the first-party site, which has been governed by self-regulatory standards.

The legislative proposal also includes a provision for the use of location-based information, which maintains, “any provider of a product or service that uses location-based information shall not disclose such location-based information concerning the user of such product or service without that user’s express opt-in consent.” This provision would apply to products such as mobile phones.

Simpler Approach Preferred
Daniel Castro, a senior analyst with the Information Technology and Innovation Foundation, says the proposed legislation goes too far.

“Federal legislation on digital privacy should do two things,” he said. “One, it should establish a ceiling on privacy requirements so states can’t impose burdensome regulations on companies. Two, it should protect individuals from government use of private individual data.”

‘Could Devastate’ Internet
Adam Thierer, president of the Progress and Freedom Foundation, a public policy think tank in Washington, agrees.”By mandating a hodgepodge of restrictive regulatory defaults, policymakers could unintentionally devastate the ‘free’ Internet as we know it,” he said.

“Because the digital economy is fueled by advertising and data collection, a ‘privacy industrial policy’ for the Internet would diminish consumer choice in ad-supported content and services, raise prices, quash digital innovation, and hurt online speech platforms enjoyed by Internet users worldwide,” said Thierer.

‘Micromanaging Privacy Settings’
Castro says people don’t need government to protect their privacy when they willinglyjoin social networking sites.

“The FTC already has the authority to protect consumers from deceptive and unfair business practices, and we do not need Congress micromanaging the privacy settings of social networks for millions of Americans.

“The market works pretty well right now,” he added. “Privacy policies tell consumers what to expect on a Web site, and consumers have the option of using the site or not. And plenty of consumer groups, journalists, and bloggers monitor privacy policies on popular Web sites so that any controversial changes get attention. Plus, organizations like TRUSTe provide privacy seals which provide voluntary certification that industry best practices are being met.”

Castro says the voluntary nature of Web surfing makes government policing of privacy policies unnecessary and inappropriate.

“As a Facebook executive said recently in the New York Times, ‘Nobody is forcing people to use Facebook,'” Castro notes. “Users have alternatives, and Facebook is not a right. Surprisingly, MySpace has done little to capitalize on the negative [publicity regarding] Facebook. But some college students in New York raised over $100K in funding in about a week for a P2P social network that gives users more control over their data.

“So there are options out there, and the market responds to consumer demand,” he added.

Less-Restrictive Alternatives
Berin Szoka, a senior fellow at the Progress and Freedom Foundation and director of its Center for Internet Freedom, said, “Before imposing prophylactic regulation, policymakers should first identify specific consumer harm that requires government intervention.”

Szoka outlined what such an approach would involve. “They should ask whether there are less restrictive alternatives to regulation, such as enhancing enforcement of existing laws, bolstering limitations on government access to online data, education efforts about online privacy, and promoting the development and uptake of technological empowerment solutions that allow users to manage their own privacy preferences,” he  said.

“This layered approach recognizes that [the preference for] privacy varies across users and depending on context, and that there’s no escaping the tradeoff between locking down information and the many benefits for consumers associated with the free flow of information,” he explained.

“Simply put, there is no free lunch when it comes to online media and services,” he added. “While the discussion draft deserves proper consideration, we feel its regulatory requirements may do more harm than help the growth of the Internet and the secure Internet services demanded by Americans.”

Privacy Lost
Castro agrees, saying, “Privacy is a value, and like any value it must be balanced against other wants and needs. Some people prefer convenience and openness over privacy. Others don’t. But we don’t want government to come in and start banning information-handling practices that it deems ‘bad.’ The trend right now is toward more data-sharing, from social networks to real-time messaging like Twitter, which is public by default.

“Another problem with the proposed legislation is that it tries to define types of so-called ‘sensitive’ information, such as sexual orientation or religion, that doesn’t always neatly fit in a box,” he added. “Not all data is structured, but data mining tools can still capture and extract this information. Neither do advertisers actually care about specifics like those when serving up online ads. JDate doesn’t want to know if you are Jewish or not; they just want to know if you would be interested in a Jewish dating service.

He concluded, “It’s a small, but important, distinction, and any proposed legislation needs to keep this in mind.”

Sarah McIntosh ([email protected]) teaches constitutional law and American politics at Wichita State University in Kansas.