The Importance of Self-Regulation In Improving Digital Privacy

However, the Senate committee, prompted by political pressures and anecdotal evidence, called for hearings on whether legislation was necessary to protect consumer privacy on the Web, begging the question: Is self-regulation failing? Sen. Rockefeller's conclusion was clear and signaled a predetermined agenda in his Majority Statement at a hearing before the Senate Commerce Committee on June 28 entitled “The Need for Privacy Protections: Is Industry Self-Regulation Adequate?”

I have learned that self-regulation is inherently one-sided, and that the interests of consumers are often sacrificed for the demands of the bottom line. Until consumers are adequately protected, I will continue to push for legislation, and hold hearings, to address this imbalance.

(A webcast of the hearing and transcripts of Sen. Rockefeller's statement and those of the witnesses are available at http://1.usa.gov/MHSDGK.)

Sen. Rockefeller made a specific point of citing criticism directed at global online travel company Orbitz and its alleged policy of charging more for hotel rooms to Mac users than PC users. His use of an isolated example showed with particular clarity how anecdotes, told out of context, can unfairly fuel the fire of regulatory intrusion.

The reality is that price adjustment and practice differentiation among targeted consumers on the basis of income or ZIP code has gone on for decades. Such practices may anger affluent consumers, but they clearly benefit those with less discretionary income and provide for a more robust and efficient marketplace. In some ways, it's really no different from politicians changing their tunes on economic reform depending on the audience and the neighborhood they're addressing or in which they're working the electoral stump ' but that's politics.

Give and Take

The Senate committee heard from four witnesses: Alex Fowler, chief privacy officer of Mozilla, the creators of the Firefox Web browser; Robert Liodice, president and CEO of the Association of National Advertisers (appearing on behalf of the DAA); Ohio State law professor Peter Swire; and Berin Szoka, president of TechFreedom and a former director at the Center for Internet Freedom.

Their testimony presented a diverse perspective on self-regulation, but none of the witnesses welcomed with open arms the idea of Congressional intrusion. Even Szoka, an advocate for more federal regulation, expressed his belief that nothing new needed to be enacted and that the FTC already had the authority, but perhaps lacked the resources, to deal with the issues at hand.

Whether the testimony changed Sen. Rockefeller's promise to push for legislation or not remains to be seen. However, without question, he is taking aim at self-regulation and the industry is preparing to respond. Before I review why this should concern e-commerce counsel, it will be instructive to note some of the highlights of the testimony.

Fowler, critical of the industry approach he described as “notice and choice,” testified that it remains “unclear whether industry self-regulation, by itself, is a viable way to allow users to manage and control data collected and used about them by third parties.” Believing that notice and choice was a marketplace failure, Fowler nonetheless commended the DAA. His criticism was largely directed at the results the DAA's Advertising Option program has achieved, claiming the number of users who use the icon is only 0.0035% per click. Of those, Fowler notes that only one in 20 opt out.

Even in a Trillion, A Million Is a Lot

What Fowler misses in citing statistics, however, is the raw numbers. The same industry studies Fowler relies on also point out that the DAA icon has been delivered more than one trillion times, and over one million consumers have opted out. That is not an insignificant number by any count, and it is a clear indication that a very large number of consumers understand the DAA program. Fowler's statistics belie the real, tangible responses from consumers.

Even Fowler, the most outspoken critic among those who testified, suggested that the solution is broadening self-regulation by including other relevant stakeholders. He endorsed the activities of the Tracking Protection Working Group of the World Wide Web Consortium (W3C; www.w3.org), noting that this group is “committed to following a consensus-based approach to achieve a protocol that everyone can live with.”

Szoka's similar endorsement of the W3C's efforts was, at best, tepid, fearing that the organization was missing important stakeholders but describing it as “the worst possible process, except for all the others.” Nonetheless, he was also supportive of the DAA's efforts, noting that they provided “the flexibility, speed, and decentralization necessary to address Internet policy challenges” ' not perfectly, but better than government efforts.

Let the FTC Set Standards

Interestingly, while Szoka believes self-regulation is not enough and legislation is needed, he testified that the FTC, not Congress, should be tasked with setting “baseline” standards. His solution is to strengthen the FTC and allow it greater latitude under the Fairness Doctrine to establish guidelines for industry to follow and “enforce self-regulation by holding companies to their promises.”

Swire noted that “self-regulation works best when there is a credible threat that government will step in if industry does not do a good job.” The balance of his testimony was critical of the DAA's exceptions to a consumer's opting out, believing they were “so open-ended that I have not been able to discern any limits on collection under them.” He suggested that the DAA might look to other industry efforts, such as telephone-marketing best practices and standards adopted by research firms like Gallup, to tighten its rules.

Liodice stated that “online advertising fuels economic growth and job creation, and supports a wealth of online resources that consumers can access at low or no cost,” and that “industry recognizes and respects that some consumers may prefer not to receive such advertising or to have data collected about their Web browsing even on an anonymous basis.” Most important, though, Liodice pointed out that the DAA program is ever-evolving and improving as the industry considers criticism and suggestions from other stakeholders. The last thing the process needs at this point is premature government intrusion.

While some of those who testified were critical of how far industry has progressed through the DAA's self-regulation program, suggesting that changes were necessary and that other views need to be considered, one message rang clear: Congress should stay out of the process. Between the DAA, the W3C and technology companies, solutions are being advanced that, given time and guidance from the FTC, will address consumer needs and concerns.

Counsel's Role

So what is e-commerce counsel's role in this evolution?

First, e-commerce companies need to send a clear “hands-off” message to the Senate Committee on Commerce, Science, and Transportation (members of the committee can be found at http://bit.ly/RgQZPb).

Second, companies must become DAA-compliant. Visit aboutads.org to learn how. Delay in doing so will only fuel the fires of criticism and give pundits an opportunity to turn “opt-out” into “opt-in” and establish a regime that would be devastating to long-established marketing practices both on- and offline.

Finally, companies must reexamine their privacy policies, how they track consumer behavior and what they do with information when targeting customers. Counsel, even for the largest of online marketers, may not be fully in the loop regarding company marketing practices. In such a high-stakes game, ignorance is no excuse.

The National Association of Attorneys General (NAAG; www.naag.org) has made digital privacy and online children's safety the center of its 2012-13 agenda, as the new NAAG president, Maryland attorney general Douglas Gansler, made clear in a statement in June, in announcing the “Privacy in the Digital Age” initiative (see, http://bit.ly/MOEfyL).

On the heels of NAAG's initiative, Sen. John D. Rockefeller (D-WV), chairman of the Committee on Commerce, Science, and Transportation, has aimed his committee's arrows squarely at self-regulation for digital privacy, despite endorsements to the contrary from industry, the Federal Trade Commission (FTC) and, more recently, the Obama Administration.

While President Obama has endorsed the idea of a Consumer Internet Privacy Bill of Rights together with limited legislation, unlike Rockefeller he clearly supports self-regulation and the efforts of the Digital Advertising Alliance (DAA), the consortium trying to lead the industry to self-imposed solutions ' such as its Self-Regulatory Program for Online Behavioral Advertising and Advertising Option Icon (www.aboutads.info) ' rather than legislative sanctions proposed.

However, the Senate committee, prompted by political pressures and anecdotal evidence, called for hearings on whether legislation was necessary to protect consumer privacy on the Web, begging the question: Is self-regulation failing? Sen. Rockefeller's conclusion was clear and signaled a predetermined agenda in his Majority Statement at a hearing before the Senate Commerce Committee on June 28 entitled “The Need for Privacy Protections: Is Industry Self-Regulation Adequate?”

I have learned that self-regulation is inherently one-sided, and that the interests of consumers are often sacrificed for the demands of the bottom line. Until consumers are adequately protected, I will continue to push for legislation, and hold hearings, to address this imbalance.

(A webcast of the hearing and transcripts of Sen. Rockefeller's statement and those of the witnesses are available at http://1.usa.gov/MHSDGK.)

Sen. Rockefeller made a specific point of citing criticism directed at global online travel company Orbitz and its alleged policy of charging more for hotel rooms to Mac users than PC users. His use of an isolated example showed with particular clarity how anecdotes, told out of context, can unfairly fuel the fire of regulatory intrusion.

The reality is that price adjustment and practice differentiation among targeted consumers on the basis of income or ZIP code has gone on for decades. Such practices may anger affluent consumers, but they clearly benefit those with less discretionary income and provide for a more robust and efficient marketplace. In some ways, it's really no different from politicians changing their tunes on economic reform depending on the audience and the neighborhood they're addressing or in which they're working the electoral stump ' but that's politics.

Give and Take

The Senate committee heard from four witnesses: Alex Fowler, chief privacy officer of Mozilla, the creators of the Firefox Web browser; Robert Liodice, president and CEO of the Association of National Advertisers (appearing on behalf of the DAA); Ohio State law professor Peter Swire; and Berin Szoka, president of TechFreedom and a former director at the Center for Internet Freedom.

Their testimony presented a diverse perspective on self-regulation, but none of the witnesses welcomed with open arms the idea of Congressional intrusion. Even Szoka, an advocate for more federal regulation, expressed his belief that nothing new needed to be enacted and that the FTC already had the authority, but perhaps lacked the resources, to deal with the issues at hand.

Whether the testimony changed Sen. Rockefeller's promise to push for legislation or not remains to be seen. However, without question, he is taking aim at self-regulation and the industry is preparing to respond. Before I review why this should concern e-commerce counsel, it will be instructive to note some of the highlights of the testimony.

Fowler, critical of the industry approach he described as “notice and choice,” testified that it remains “unclear whether industry self-regulation, by itself, is a viable way to allow users to manage and control data collected and used about them by third parties.” Believing that notice and choice was a marketplace failure, Fowler nonetheless commended the DAA. His criticism was largely directed at the results the DAA's Advertising Option program has achieved, claiming the number of users who use the icon is only 0.0035% per click. Of those, Fowler notes that only one in 20 opt out.

Even in a Trillion, A Million Is a Lot

What Fowler misses in citing statistics, however, is the raw numbers. The same industry studies Fowler relies on also point out that the DAA icon has been delivered more than one trillion times, and over one million consumers have opted out. That is not an insignificant number by any count, and it is a clear indication that a very large number of consumers understand the DAA program. Fowler's statistics belie the real, tangible responses from consumers.

Even Fowler, the most outspoken critic among those who testified, suggested that the solution is broadening self-regulation by including other relevant stakeholders. He endorsed the activities of the Tracking Protection Working Group of the World Wide Web Consortium (W3C; www.w3.org), noting that this group is “committed to following a consensus-based approach to achieve a protocol that everyone can live with.”

Szoka's similar endorsement of the W3C's efforts was, at best, tepid, fearing that the organization was missing important stakeholders but describing it as “the worst possible process, except for all the others.” Nonetheless, he was also supportive of the DAA's efforts, noting that they provided “the flexibility, speed, and decentralization necessary to address Internet policy challenges” ' not perfectly, but better than government efforts.

Let the FTC Set Standards

Interestingly, while Szoka believes self-regulation is not enough and legislation is needed, he testified that the FTC, not Congress, should be tasked with setting “baseline” standards. His solution is to strengthen the FTC and allow it greater latitude under the Fairness Doctrine to establish guidelines for industry to follow and “enforce self-regulation by holding companies to their promises.”

Swire noted that “self-regulation works best when there is a credible threat that government will step in if industry does not do a good job.” The balance of his testimony was critical of the DAA's exceptions to a consumer's opting out, believing they were “so open-ended that I have not been able to discern any limits on collection under them.” He suggested that the DAA might look to other industry efforts, such as telephone-marketing best practices and standards adopted by research firms like Gallup, to tighten its rules.

Liodice stated that “online advertising fuels economic growth and job creation, and supports a wealth of online resources that consumers can access at low or no cost,” and that “industry recognizes and respects that some consumers may prefer not to receive such advertising or to have data collected about their Web browsing even on an anonymous basis.” Most important, though, Liodice pointed out that the DAA program is ever-evolving and improving as the industry considers criticism and suggestions from other stakeholders. The last thing the process needs at this point is premature government intrusion.

While some of those who testified were critical of how far industry has progressed through the DAA's self-regulation program, suggesting that changes were necessary and that other views need to be considered, one message rang clear: Congress should stay out of the process. Between the DAA, the W3C and technology companies, solutions are being advanced that, given time and guidance from the FTC, will address consumer needs and concerns.

Counsel's Role

So what is e-commerce counsel's role in this evolution?

First, e-commerce companies need to send a clear “hands-off” message to the Senate Committee on Commerce, Science, and Transportation (members of the committee can be found at http://bit.ly/RgQZPb).

Second, companies must become DAA-compliant. Visit aboutads.org to learn how. Delay in doing so will only fuel the fires of criticism and give pundits an opportunity to turn “opt-out” into “opt-in” and establish a regime that would be devastating to long-established marketing practices both on- and offline.

Finally, companies must reexamine their privacy policies, how they track consumer behavior and what they do with information when targeting customers. Counsel, even for the largest of online marketers, may not be fully in the loop regarding company marketing practices. In such a high-stakes game, ignorance is no excuse.