PGP INSIGHT
PGP Blogs
Subscribe to CEO Blog via RSS.
Do Not Track
27 Nov, 2007
You may have noticed the news out of Washington that the Federal Trade Commission (FTC) held a workshop a few weeks ago on the topic of “behavioral targeting” of Internet advertising. For those of you not familiar with the term, it basically involves presenting advertising based on your specific Web usage patterns.
The day before the workshop, a number of privacy groups including the Privacy Rights Clearinghouse hosted a press conference to promote the idea of a “Do Not Track” list. Modeled after the highly successful Do Not Call phone list, the Do Not Track list would allow consumers to go to a single website to opt out of being tracked by the websites they frequent.
Although most of the big Internet search and media companies allow you to opt out of some tracking, the policies are inconsistent even within each company’s sites. For reference, I’ve put links to privacy policies of the four largest sites at the bottom of this blog. I challenge you to determine, based on these privacy policies, how to implement each company’s opt-out trigger.
In this type of environment where consumers who want to maintain a level of privacy either can’t or have to work very, very hard to do so, legislation may be the only answer. On the whole, I think a centralized Do Not Track list might work; however, I also think it only addresses a small part of a much larger problem. The core issue in my mind is who, exactly is the rightful owner of the data about how each of us uses the Internet.
It may strike some as libertarian, but I really believe that I am the rightful owner of my data—be it financial, medical, or Web usage preferences. I also believe that I should be allowed either to protect this information or proactively sell it to the highest bidder. Currently, we have statutes that protect my financial and medical information, but there is no such protection for my Web usage data.
To be fair, the big online media sites do allow me to “sell” my Web preferences to them in exchange for access to their content. Whenever you register with one of the big sites, you typically have to release a certain amount of personal information and you also have to agree to the Terms-of-Service, which inevitably require that you agree to be tracked. The issue I have with this approach is that the information I’m forced to reveal seems to be far more valuable than the content access I receive in return. Even worse, because all the big media site explicitly reserve the right to change their policies and the information they collect, I don’t really know on any given day exactly what it is costing me to view their content.
As I’ve observed previously, I think the long-term answer to this type of issue is a comprehensive data privacy statute that would clearly and simply define what data can be collected and what can be done with it. A Do Not Track list is certainly a step in the right direction, but is a long way from a complete solution.
27 Nov, 2007
You may have noticed the news out of Washington that the Federal Trade Commission (FTC) held a workshop a few weeks ago on the topic of “behavioral targeting” of Internet advertising. For those of you not familiar with the term, it basically involves presenting advertising based on your specific Web usage patterns.
The day before the workshop, a number of privacy groups including the Privacy Rights Clearinghouse hosted a press conference to promote the idea of a “Do Not Track” list. Modeled after the highly successful Do Not Call phone list, the Do Not Track list would allow consumers to go to a single website to opt out of being tracked by the websites they frequent.
Although most of the big Internet search and media companies allow you to opt out of some tracking, the policies are inconsistent even within each company’s sites. For reference, I’ve put links to privacy policies of the four largest sites at the bottom of this blog. I challenge you to determine, based on these privacy policies, how to implement each company’s opt-out trigger.
In this type of environment where consumers who want to maintain a level of privacy either can’t or have to work very, very hard to do so, legislation may be the only answer. On the whole, I think a centralized Do Not Track list might work; however, I also think it only addresses a small part of a much larger problem. The core issue in my mind is who, exactly is the rightful owner of the data about how each of us uses the Internet.
It may strike some as libertarian, but I really believe that I am the rightful owner of my data—be it financial, medical, or Web usage preferences. I also believe that I should be allowed either to protect this information or proactively sell it to the highest bidder. Currently, we have statutes that protect my financial and medical information, but there is no such protection for my Web usage data.
To be fair, the big online media sites do allow me to “sell” my Web preferences to them in exchange for access to their content. Whenever you register with one of the big sites, you typically have to release a certain amount of personal information and you also have to agree to the Terms-of-Service, which inevitably require that you agree to be tracked. The issue I have with this approach is that the information I’m forced to reveal seems to be far more valuable than the content access I receive in return. Even worse, because all the big media site explicitly reserve the right to change their policies and the information they collect, I don’t really know on any given day exactly what it is costing me to view their content.
As I’ve observed previously, I think the long-term answer to this type of issue is a comprehensive data privacy statute that would clearly and simply define what data can be collected and what can be done with it. A Do Not Track list is certainly a step in the right direction, but is a long way from a complete solution.
- Phil
Archives
Recent Posts
Cold Boot Attack Commentary
24 Mar, 2008
Metrics that Matter
08 Feb, 2008
Smile When You Say That.
05 Oct, 2007
Why You Need Enterprise Data Protection
14 June, 2007
Media Contacts
North America
Christina Grenier
PGP Corporation
+1 650 543 3697
cgrenier@pgp.com
Tom Rice
Merritt Group
+1 703 856 2218
rice@merrittgrp.com
Germany
Ingrid Daschner
Johnson King
+49 (0) 89 8940 8511
ingridd@johnsonking.de
Japan
Kyosuke Wakairo
Powered Communications Inc.
+81 3 5211 7899
pgp@powered-communications.com
United Kingdom
Jacqui Depares
Johnson King
+44 (0)20 7401 7968
jacquid@johnsonking.co.uk