To supporters of Internet self-regulation, one of the saddest spectacles of late has been the inexorable drive to sacrifice consumer privacy in the name of targeted advertising. Postulating a false dichotomy between the economic well-being of Net enterprises and individual privacy, companies blindly proceeded to set the stage for a major backlash. When the privacy backlash came, as it recently did, it came from all quarters--consumers, investors, and regulators. After DoubleClick, an Internet ad-placement company, announced it was merging online Web profiles with data containing names and addresses, a slew of consumer lawsuits, protests from privacy advocates, and regulatory inquiries sent its stock plummeting. Only by retreating could it recoup some of its loses.
The business model of the Net is based on revenue generated by advertising--not much different from the traditional business model of broadcast television, radio, magazines, and newspapers. Advertisers do tend to channel their advertising and sometimes pay a premium for media that efficiently delivers their target audience. But offline media do not invade the privacy of their audience to satisfy advertisers, and neither should online companies, even if technology allows them to do so.
DoubleClick and other Net companies belonging to the Network Advertising Initiative promised to develop a privacy code some time ago and simply walked away from their responsibilities. Federal law is now necessary, if only to avoid the chaos that would surely come if pending state and local privacy bills were passed.
BUSINESS WEEK believes that a single minimum federal standard of online privacy would increase consumer trust and bolster the long-term health of e-commerce. Here are four principles for privacy legislation:
CLARITY. Web sites should explain clearly, in plain English, what they do with a person's information, how they aggregate it with other data bases, and with whom they share it. They and their business partners should follow the same set of privacy policies.
CHOICE. People must be given the choice of whether or not to reveal personal data on sensitive topics, such as health and finances. If they want to "opt in," they can. If not, no such data can be collected on them. Period. And under no circumstances should data be collected from children without their parents' consent. Consumers must also be given the opportunity to "opt out" of anything. Net companies are quick to say that anyone can opt out right now, but most mechanisms are obscure, difficult, and serve to dissuade people from using them. This must change.
DISCLOSURE. Consumers must be able to inspect all their online files and change them if they wish. Individuals can already demand to see their credit rating files and correct any errors. Allowing the same option for online files is a no-brainer.
ENFORCEMENT. If online sites invade consumer privacy, they must be penalized. The Federal Trade Commission should do this job. It already enforces the Fair Credit Reporting Act for credit agencies, the Truth in Lending Act, and the Children's Online Privacy Protection Act.
Privacy legislation based on these principles would go along way toward sustaining the growth of the Net.