Man Vs. Machine

Well-respected scholars on privacy law believe privacy advocates have exaggerated the ramifications of collecting data online. University of Chicago law professor Richard Epstein recently commented: “I just don’t think most people care about [privacy] to the extent that the privacy mavens do.”

Although the collection of personal information online may not always be as obvious to users as registration pages and surveys, many traditional marketing practices also collect information without notifying consumers. Whenever consumers use a credit or check-cashing card or respond to a direct mail campaign, data is collected — and quite often sold for targeted marketing based on consumer behavior. Such activities have existed in one form or another for decades.

Internet technology now enables marketers to collect personal information without first informing the user. Cookies and Web bugs invisibly record online behavior, enabling Internet marketers to create a profile of a given consumer. This process has created much objection among privacy advocates, who fear that such activities are too intrusive, particularly because the consumer is largely unaware of the information-gathering activity. In reality, profiles using demographic and behavioral information have been a constant in the marketing industry, and central to many marketers’ decisions about products and services.

The concepts behind cookies and Web bugs are not new. The digital mechanisms are simply new ways for innovative marketers to implement well-established marketing procedures. In the end, the information is used to make the marketplace more efficient. Admittedly, there may have been abuses in the past that warranted regulatory scrutiny. This practice, however, clearly creates a more responsive and efficient marketplace.

Surfers Byte Back

Unlike many forms of traditional marketing, Web sites give consumers a choice about their information. Although some Web sites may not engage in fair information-collection practices, many sites provide the user with opt-in or opt-out choices for sharing personal information. More importantly, many sites use cookies and Web bugs solely to speed up the consumer’s surfing time on the site, and do not sell data to third parties.

Despite the non-obvious nature of cookies and Web bugs, numerous tools exist to detect and block them. In July 2000, the Federal Trade Commission and the Network Advertising Initiative, a collective body of Internet advertisers, reached an agreement that Web users will be explicitly informed about advertisers’ attempts to profile potential consumers and given the option of not participating.

The industry also has developed privacy protection tools. In June 2000, industry members unveiled Platform for Privacy Preferences (P3P), which alerts computer users to the level of privacy protection provided on a particular Web site before they visit the site. P3P sets standards that will automatically allow browsers to read the privacy policies on participating Web sites. The browser will only go to sites that follow the preferences pre-selected by the user. For this technology to work, however, each Web site on the Internet must adopt it. Most of the companies involved in the project already have privacy policies that can be read by P3P-enabled software.

Technological solutions like P3P and compliance with posted privacy policies are viable competitive tools in the online marketplace. Consumers can choose which Web sites to visit and have the choice to deal only with Web sites that will not share personal information.

Conclusions

The current state of affairs, including self-regulation, active suits, and legislation being considered, leads to several conclusions about Internet privacy:

Concerns over privacy intrusions by marketers are based on limited anecdotal evidence. Public policy should not be established on such anecdotal evidence.

The limited number of improper intrusions that have occurred are being adequately addressed by existing legislation and individual consumer suits.

The Internet is in its early stages of growth and should be nurtured, not hampered, by new laws or regulations.

Industry self-regulation is advancing and addressing consumers’ concerns in innovative ways, some beyond the current limits in the offline marketing community. Legislation or new regulations will only slow the process down.

The business community is developing software that gives consumers control over what personal information is or is not used by marketers. Such software will empower the consumer with more choice than any regulation can accomplish.

Government regulation of the Internet is severely limited by the global nature of the medium — regulation is local, and use is global. Local regulation cannot adequately address global behavior.

Adapted from “Protecting Online Privacy: Government Regulation or Free Market Initiatives,” published by the Legal Studies Division of the Washington Legal Foundation (wlf.org). Douglas Wood is a partner with Hall Dickler Kent Goldstein & Wood, New York City. Reach him at [email protected].