Internet Businesses Must Respect Users’ Privacy: Jon Leibowitz
Throughout cyberspace, almost 2 billion Web surfers post, share, friend, follow, buy, sell and trade. Because of invaluable Internet technology, the world is at our fingertips. Vast quantities of data are available with a tap or a click.
It isn’t news how much information is collected, shared or sold on the Internet. What is news is how much of that information might be about you.
Every time you go online, a host of invisible data catchers, placed on your computer without your permission, follow you as you browse, reporting your stops and actions to third-party businesses unrelated to, and sometimes without the knowledge of, the owners of the sites you visit.
This behind-the-scenes data collection is different from that done by websites you choose to visit. We know that those sites track our purchases and navigation on their sites, and use the information to serve us better by remembering our address, suggesting products we might enjoy and adjusting their offerings to meet our apparent interests. In this way, the Internet has allowed large companies to give us the personal service of a neighborhood butcher, who puts aside your son’s favorite cut of meat whenever he comes home from college.
We know less about the third-party data miners. They compile profiles of our online behavior for their own use or to sell to other companies, primarily to target Internet advertising to your particular interests. This marketing strategy helps support the free Web content we all enjoy. But it also raises serious privacy concerns, especially when the data involves your health, finances, children or whereabouts.
To the extent that this data is used to advertise a shirt, a car, a vacation destination or a soft drink, we might view it as innocuous, even beneficial to the thriving Internet market that has increased choice for consumers everywhere. And that would be fine, if we knew that your tracked information stopped at the online ad company. But we don’t. It might continue to travel throughout an invisible lattice of online and offline companies, developing into a profile of you that anyone might buy, including those making decisions about your career, your credit, your health, your reputation.
Let’s say you print out a fact sheet on alcoholism to help your son with a project for health class; you know you are a dutiful parent, but a potential employer might see a boozy job applicant. You order a big box of your mother’s favorite candy to take her when you go to visit; you know you are a thoughtful daughter, but a health insurer could see a destined diabetic. You buy the book “The Winner’s Guide to Casino Gambling” as a raffle prize for your church’s Las Vegas Night; you know you are a generous member of the community, but a loan officer might see a risky gambler.
At the Federal Trade Commission, we want you to have a choice about what you make public and what you keep private. Last December, our staff proposed a “Do Not Track” mechanism that would let you choose the information you share about your browsing behavior; your tracking preferences would travel with you every time you went online. We envision a system you can find and use easily, and one that all companies tracking you on the Internet would need to respect or face serious consequences.
When we first proposed Do Not Track, many in the online community complained that it would destroy the Internet advertising business. But Do Not Track doesn’t stop advertisers from collecting information about consumers. It does, however, require them to convince us that they will treat personal data with care. And at the FTC, we are certain that the advertisers marketing on the Web today are up to that task.
In fact, a number of leading online businesses, including Microsoft, Mozilla and Apple, have responded by developing Do Not Track systems, and other companies may soon join them. A coalition of advertising industry groups has redoubled efforts to establish Do Not Track architecture. And key Internet standards-setting bodies are working on Do Not Track.
Congress Is Looking
With continued work, I am confident that industry will be able to devise a Do Not Track mechanism that is universal, simple, persistent, effective and enforceable. Admittedly, this isn’t easy -- from a technical or a business perspective -- and the FTC is considering various alternatives.
During hearings in the past year, members of Congress have inquired about Do Not Track. And last month, Senator John D. Rockefeller IV, chairman of the U.S. Senate Committee on Commerce, Science and Transportation, introduced legislation that would empower the FTC to establish an industry-run Do Not Track mechanism through regulation; the FTC and state attorneys general would enforce compliance. So Internet companies have a choice: they can develop a voluntary system that gives consumers control of their private data, or accept that Congress might mandate a system they don’t like.
Ideally, the private sector would police itself. The FTC doesn’t want to set up roadblocks to the online freedom that has spawned everything from ingenious new technologies to democratic revolutions. But we also don’t want cyberspace to morph into a place where you have to surrender your privacy. We call on the innovators of the Internet to use their brain power to develop a Do Not Track system that protects every individual and not just those with something to sell.
(Jon Leibowitz is chairman of the Federal Trade Commission. The opinions expressed are his own.)
This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.
To contact the author of this story:
James Greiff at email@example.com