FTC agrees on privacy rules with online advertisers

The U.S. Federal Trade Commission (FTC) yesterday asked Congress to pass new privacy legislation immunizing Internet advertising firms that adhere to a set of self-regulatory guidelines from complaints about their use of personal data to develop online profiles of consumers.

The FTC said it voted 4-1 to recommend that legislators endorse the guidelines negotiated by the Clinton administration and the Network Advertising Initiative (NAI), an association that includes DoubleClick Inc. and nine other online ad-server companies. The negotiations were disclosed last month by FTC officials at a Senate Commerce Committee hearing (see story).

The guidelines would allow the advertising firms to combine ostensibly anonymous Web surfer information with names and other personal data for tracking people's use of the Internet as long as individual consumers don't specifically forbid the practice. The legislation requested by the FTC would indemnify NAI members and other companies with privacy policies that "effectively implement the standards of fair information practices," such as notifying users, securing their data and giving them the choice of preventing the information from being used.

Last month, Sen. John McCain (R-Ariz.), the commerce committee's chairman, said the FTC would have to do a great "selling job" on Capitol Hill for any self-regulation plan. But in a statement issued yesterday, McCain was less antagonistic. "I look forward to reviewing the FTC's recommendations and will consider them as the committee continues to address consumers' concerns regarding online privacy," said McCain, who introduced an online privacy bill along with two other senators earlier this week (see story).

The U.S. Department of Commerce, which also was involved in the negotiations with the NAI, yesterday applauded the self-regulatory guidelines adopted by DoubleClick and its rivals. In a statement, Commerce Department Secretary Norman Mineta said the provisions of the deal between the FTC and the NAI "will constitute an effective and meaningful self-regulatory approach to privacy protection."

But Jason Catlett, president of privacy advocate Junkbusters Inc., said the NAI guidelines are "inadequate" for protecting the privacy of consumers and other Internet users. The guidelines "place an unfair burden on consumers to opt out from surveillance," Catlett said. The FTC instead should have required that individuals consent to having their personal information used in online profiling activities, he added.

At issue is online profiling -- or, as the NAI now calls it, "online preference marketing." The practice is used by ad-server companies to track the mouse clicks of Internet users in order to better target banner advertisements on Web sites.

NAI members claim that online profiling is a big reason why the majority of Web content can be provided free of charge. But Catlett and other privacy advocates argue that detailed online profiles -- even those lacking personally identifiable data -- should be stringently regulated by the government.

Yesterday's vote reflects the FTC's "view that industry self-regulation must play a central part in protecting consumer online privacy," said Jodie Bernstein, director of the FTC's consumer protection bureau. "I applaud [the NAI's] willingness to take significant steps in this area."

The NAI is pledging that its members will never use information concerning "sensitive medical or financial data, sexual behavior or sexual orientation, or Social Security numbers." NAI members also said they would give Internet users "reasonable access" to the personal data collected about them.

NAI officials said they hope the FTC's approval of the voluntary guidelines will help the group's members avoid negative publicity of the sort that erupted earlier this year over DoubleClick's plans to combine anonymous online data with names and addresses culled from the files of an online marketing firm it acquired last year.

DoubleClick previously said it would resume the practice once self-regulatory standards were in place, but a spokesman for the New York-based company yesterday said it's now "focused on anonymous products" and has "no plans to link personally identifying data with Web activity across [different] sites."

Related stories:

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon