U.S. Web users should be able to sign up for a do-not-track list that would prohibit Web sites and advertising networks from following their movements online, the U.S. Federal Trade Commission said.
The do-not-track list, modeled after a national do-not-call list targeting telemarketers, would help consumers better protect their privacy because a uniform mechanism for opting out of online tracking does not yet exist, the FTC said in an online privacy report released Wednesday. The do-not-track list could be implemented by the Internet industry or by the U.S. Congress, the FTC said.
"Companies engaged in behavioral advertising may be invisible to most consumers," the report said. "The FTC repeatedly has called on stakeholders to create better tools to allow consumers to control the collection and use of their online browsing data."
The report shows a failure of private industry to adequately address customer privacy concerns online, FTC Chairman Jon Leibowitz said during a press conference. "Despite some good actors, self-regulation of privacy has not worked adequately and is not working adequately for American consumers," he said. "We deserve far better from the companies we entrust our data to, and industry as a whole needs to do a far better job."
Earlier this year, Leibowitz said the FTC was considering a do-not-track list, and several privacy groups proposed such a list back in 2007. Opponents of a do-not-track list say it could dramatically decrease the effectiveness of online targeted, or behavioral, advertising.
The FTC report suggested a do-not-track (DNT) list should not interfere with the benefits of online advertising, said Thomas Lenard, president of the Technology Policy Institute, an anti-regulation think tank.
"But, of course, that's the issue," Lenard said. "It is highly likely the DNT mechanism would interfere with those benefits. Furthermore, the DNT mechanism cannot be compared to the popular do-not-call list, which reduces unwanted marketing messages. A DNT mechanism wouldn't necessarily reduce advertising messages, it just would likely make them less useful."
The FTC should compare the benefits and costs of do-not-track before making such a "major proposal," Lenard added.
The FTC is not yet calling for do-not-track legislation in Congress, but Web browser makers and other Internet companies should act quickly to implement a universal do-not-track list, Leibowitz said.
New privacy protections, either from industry or government, are needed, because Internet users are often confused about how companies are collecting and using their personal data, Leibowitz said. "Many companies are not disclosing their practices," he said. "Even among the companies that do disclose them, those disclosures are often done in long, incomprehensible privacy policies and user agreements that consumers don't read, let alone understand."
The FTC doesn't have the power to implement a do-not-track list, but Web companies should expect the agency to bring new privacy enforcement actions in coming weeks, Leibowitz said.
The FTC report also calls on companies to adopt a so-called "privacy by design" approach by building in privacy protections to their everyday business practices. U.S. businesses should ensure reasonable security for consumer data, limit their collection and retention of personal data, and make reasonable efforts to ensure the data is accurate, the report said.
Companies should also provide customers with choices about how their data is collected and shared, the report said. Those choices should come at the time and in the context of decisions consumers are making -- "not after having to read long, complicated disclosures that they often cannot find," the FTC said in a press release.
Companies should not, however, have to seek consumer permission to collect data for some commonly accepted practices, such as product shipping, internal operations and fraud prevention, the FTC report said.
In addition, online companies should look to create shorter and standardized privacy policies that are easy to understand, the FTC report recommends.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is firstname.lastname@example.org.