The Wall Street Journal (WSJ) reports that the Federal Trade Commission (FTC) is close to reaching a record settlement with Google for the charge that it tracked Apple Safari web browser users. Google had earlier signed a 20-year consent decree in which it agreed not to misrepresent its privacy practices to consumers. Tracking Apple Safari users appears to be in violation of that agreement because Google had posted a statement in its online help center stating that these Safari users would not be tracked. The WSJ reports that Google will pay a penalty of $22.5 million, a record fine for the FTC.
When this issue first came out I wrote a post in which I argued:
“As always, the FTC can and should investigate if it discovers legitimate concerns about the business practices of a particular company. But companies should not face punitive sanctions for actions that do not cause consumer harm and are taken in good faith. To do so would discourage the type of fast-paced innovation that has defined the remarkable progress of the Internet era.”
I stand by these comments today. It’s always good to see … Read the rest
The Gramm-Leach-Bliley privacy notices illustrate how misguided privacy regulations tend to be in the United States. Rather than provide any actual benefit to consumer privacy, they just serve to raise costs. And the costs of all of these privacy notices add up. According to a 2009 report from the FDIC, approximately … Read the rest
On May 26, the new EU-mandated “Cookie Law” will go into effect in the UK. This law requires that websites give users the ability to opt-out of all tracking. The UK and Ireland took this a step further and require users to opt-in. Website owners in the UK that fail to comply with the law will face fines up to £500,000.
Over time, I also wouldn’t be … Read the rest
This week the FTC released its much anticipated report on consumer privacy, “Protecting Consumer Privacy in an Era of Rapid Change”. The report is an update to the preliminary staff report released in December 2010 which laid out the FTC’s proposed framework for privacy. In the new report, the FTC lays out a set of principles for consumer privacy and calls on Congress to implement privacy legislation using the framework laid out in this report. While the report does provide a comprehensive discussion of many of the major privacy challenges, too often the report sides with privacy advocates at the expense of competition and innovation.
One important change in the new report is that the FTC has proposed that its privacy framework apply to all commercial entities that collect or use consumer data, except those who collect data on fewer than 5,000 consumers. The FTC exempts small businesses from the privacy framework because of the potential burden that would be imposed on them. However, larger businesses would face similar burdens and these costs would ultimately be passed on to consumers.
Read the rest
Various news outlets recently published articles discussing an emerging trend in hiring practices where employers are asking potential employees for their social network or email account credentials so that they can review the potential hire’s private online profile. Not surprisingly, many people have objected to this practice, noting the intrusiveness of the request and the inherit coerciveness of asking for this information during a job interview. In response, Sen. Blumenthal (D-CT) announced yesterday that he was planning to introduce legislation to prohibit employers from asking potential employees for their social network login credentials.
Privacy activists often argue that government should concern itself with the mechanics of how the private sector manages data rather than prevent harmful uses of data, as the Blumenthal legislation attempts to do. However, this is like asking legislators to write laws that restrict how people move their arms and legs, rather than writing laws that prohibit assault and battery. The reality is that privacy regulations, no matter how well-intentioned, cannot guarantee privacy or prevent accidental disclosures or theft of personal data. As I have argued before, legislators should focus on restricting uses of data that harm individuals (e.g., credit discrimination), rather than restricting particular technologies or practices (e.g., behavioral targeting). Instead of fruitlessly trying to lock down data, legislators should focus on creating protections to minimize or eliminate harm to consumers if private data becomes public.
Read the rest
Last year the media was abuzz as people counted down the days to May 21. Harold Camping, a Christian radio broadcaster, had gained notoriety for his prediction that not only the Rapture was coming, but that he had nailed down the exact date. Commentators on TV, in newspapers, on the radio and on the Internet were all watching with a mixture of skepticism and anticipation to see whether this would indeed be the advent of the End of Days or whether Camping would be proven an undeniable fraud.
Read the rest
Last week the Wall Street Journal published an article accusing four online advertisers—Google, Vibrant Media, Media Innovation Group and PointRoll—of using special code on web pages to circumvent the privacy settings in the Apple Safari web browser for the purpose of “tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.” The Safari web browser is used by approximately 7 percent of desktop Internet users and 24 percent of mobile users. Google responded in a statement by saying, “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.” Google also disabled the code in question.
Read the rest
Changes over Google’s proposed privacy changes need some clarification. Google has not made any radical changes to its privacy policies. Google still does not sell personal information to third parties. Google is not collecting more or less information than before. Google still does not have people in its company reading through people’s email or search history. And Google still offers users the ability to control their data through various tools including the Google Dashboard, an opt-out feature for personalized ads, and the Data Liberation Front which allows users to export data from Google services. More importantly, users can simply opt to not use Google products. As great as Google is, there are plenty of alternatives if users choose to leave
Read the Rest
I read an article in the Washington Post today by Michael Rosenwald which took up a theme I blogged about earlier: at least half the problem with online advertisers is that when they track you they do such a crummy job of actually sending relevant ads and offers your way.
Imagine if you knew as much about me as “they” do: what sites I visit, what I do when I go there, what I buy online. Don’t you think you could come up with some decent ideas about what to pitch to me?
Rosenwald tried to completely open up his preferences by going directly to ad network sites and checking and unchecking preferences: flowers, but not cars, gadgets but not cars. Please, Lord, anything but cars!
There were, however, signs of relevancy. In my day-to-day surfing, I noticed a striking increase in the number of gadget and computer ads. I noticed flower ads. I noticed about a 20 percent decline in car ads. Did I also still see ads for beauty products? Yes. Did I also see ads for Goldman Sachs? Yes. Did those ads annoy me?
Notably, Facebook has created many privacy options around this feature. These include the following:
- Users are notified when they are tagged.
- Users can untag themselves from any photo.
- Users can only tag their friends.
- Users can disable the “Tag Suggestions” feature so that their name will not be suggested automatically.
Some individuals may dislike the change, but … Read the rest