FTC Intensifies Online Privacy Scrutiny

The U.S. Federal Trade Commission (FTC) has intensified government scrutiny of online consumer privacy by announcing that it will survey U.S. commercial Web sites about how personal consumer data is collected and used.

The FTC said that the survey will include a random sample from a list of the busiest sites on the World Wide Web, as compiled by Nielsen//NetRatings, Inc., for the month of January 2000. It will also include a census of the 100 busiest sites on the Nielsen//NetRatings list.

In addition, the FTC staff will assess Web sites’ compliance with fair information practices by analyzing the sites’ stated policies regarding the collection, use and disclosure of personal information that is gathered from consumers online.

Are Net Privacy Regulations Coming?

Currently, Web sites operate autonomously and often gather detailed information about consumers without their knowledge. While most sites claim that this process is done anonymously, it is not clear how many sites are gathering and selling information that includes surfers’ names, addresses and other information.

It is also not clear whether e-commerce firms should have the right to monitor consumers as they surf the Net without their permission.

With the recent groundswell of state investigations, lawsuits and federal investigations surrounding DoubleClick, the U.S. government is clearly circling e-commerce companies with an eye toward protecting consumer privacy on the Internet.

Just last Friday, President Clinton warned a group of high-tech industry executives that if corporations do not take strong actions to protect consumer privacy, the government will most likely intervene.

Privacy Taking Center Stage

Although industry self-regulation has been one of the main attractions of doing business online, both consumers and watchdog groups have been objecting of late to what they consider an invasion of privacy — and are getting attention at both state and federal government levels.

For example, the state of Michigan is heading toward a showdown with DoubleClick over the issue of using cookies. Michigan has threatened a lawsuit if DoubleClick does not get permission from its consumers before placing cookies on their computers to track their behavior on the Net.

Direct Marketing Association Issues Warning

The powerful Direct Marketing Association, which wants the government to back off in favor of the industry adopting its own standards, issued a warning to its members to create privacy policies and to post them prominently.

“All consumer marketers are strongly encouraged to prominently post privacy policies on their Web sites” the DMA advised. “To help companies create such policies, The DMA has developed a comprehensive Privacy Policy Generator which can be found on the association’s Web site.

Consumers Raising Their Voices

Last year, Forrester Research surveyed 100,000 online consumers and found that 67 percent were “very” or “extremely” concerned about online privacy. In itself, that figure speaks volumes about the state of online self-regulation.

More recently, the third annual “Surfer Beware” report from the Electronic Privacy Information Center (EPIC) reviewed the privacy practices of the 100 most popular shopping sites on the Internet.

Of the 100 sites, EPIC found that 18 did not display any type of privacy policy, while 35 had such profile-based advertisers as DoubleClick operating on their pages.

“Not one of the companies adequately addressed all the elements of fair information practices,” the EPIC report said. “We also found that the privacy policies available at many Web sites are typically confusing, incomplete and inconsistent. We concluded that the current practices of the online industry provide little meaningful privacy protection for consumers.”

Giving Consumers Personal Power

Most online privacy advocates applaud opt-in or opt-out policies at Web sites, which allow consumers to exercise an option as to whether their personal data will be used or circulated in any way.

Of the 100 sites surveyed by EPIC, 24 of them had opt-in data collection procedures in place. However, EPIC said that information about the policies are typically buried deep within the site or worded in a manner that confuses the user — often to the point that it becomes easier just to move on.

“Anonymity, which remains crucial to privacy on the Internet, is being squeezed out by the rise of electronic commerce,” the EPIC report said. “Industry-backed self-regulation has done little to protect online privacy.”