Posts Tagged ‘wishlist’

The PrivacyChoice Policy Wishlist

November 15, 2010

Intensified interest in federal privacy policy seems likely to result in either new laws affecting online tracking or efforts to boost the self-regulatory program. With privacy lobbying now in full swing, it seems like a good time to throw in some policy requests on behalf of consumer choice. (Each suggestion is linked to a prior post on the topic.)

Compliance criteria and failures should be transparent.

Behavioral data collection is opaque to consumers. This makes back-end oversight the lynch-pin to enforce consumer choice. Back-end privacy compliance standards should be published, just like public accounting standards. Every consumer has a stake, so failures must be visible. If advertisers consider it important enough, independent companies, not just industry-controlled organizations like the NAI, will provide compliance reviews.

Opt-outs should block data collection, not just data use.

It’s technically simple to separate tracking cookies from cookies that are used for non-behavioral purposes, and to overwrite each tracking cookie with a non-unique cookie when the user opts-out. By doing so, a consumer can have  greater assurance that their behavior is not being tracked. Companies must support that assurance by certifying the list of domains and cookies that they use for tracking.

Global opt-outs and status should be available at all choice points.

The current “opt-in” framework is fair to consumers only if they can opt-out of all tracking at once, rather than chase down the opt-outs of individual companies. That choice and the user’s current opt-out status should appear whenever notice of tracking is provided (and not multiple clicks away). Anyone in the ad business who says anything like, “We can’t do that because it  makes it too easy to opt-out” just doesn’t get it.

The consumer should see the characteristics in their profile just like an advertiser can.

In terms of fairness, it’s hard to understand the notion that data companies can trade in information about you that you can’t even see. If you can show that information for ad buying, then you can show it to the consumer. Opponents of this are short-sighted; this is a great opportunity to talk directly with the consumer about what interests them.

Consumer privacy choices should be durable.

The way browsers work now, consumers can’t make durable privacy choices with just a click; opt-outs are swept away each time they clear their browser history. They may need to drag and drop a bookmark or install an add-on. But whatever the mechanism, durability options should be provided and explained at each choice point. Since this is a wishlist, perhaps I can also ask that ad companies use local storage via html5 or Flash to ensure the durability of opt-out choices. This would require a retooling of ad-company systems, but is quite do-able.

No company should be considered compliant if they transact in data with non-compliant companies.

Outliers from privacy best practices and certification should find it hard to do business. Given the certification backlog at the NAI, prehaps this can’t happen immediately, but the deadline should be measured in months, not years. Adoption will accelerate if the big players (like Google’s ad exchange) embrace the idea. This is also where big websites need to pitch in to better control who they invite to the party when they place tags on their pages.