Risk
12/1/2010
06:56 PM
50%
50%

FTC Proposes 'Do Not Track' Option For Internet

Web users could use a browser button to stop organizations from tracking their viewing habits, under the Federal Trade Commission proposal.

The Federal Trade Commission has made a potentially far-reaching proposal that would give web users the option of shielding personal information from advertisers, retailers and other companies while browsing the Internet.

The FTC gave its blessing to the so-called "Do Not Track" approach in a proposed framework for consumer privacy released Wednesday. The proposal would apply to all commercial organizations that collect or use data that can be linked to a specific consumer, computer or other device.

The commission favored giving consumers a simple mechanism for disallowing data gathering. To do that, the FTC recommended adding a button to browsers that would activate technology to prevent people from being tracked or receiving targeted advertising. The proposal would be an alternative to current browser privacy settings, which a recent study by Stanford University and Carnegie Mellon found inadequate to shield people's viewing habits.

The need for such simplicity stems from the fact that the voluntary approach -- in which organizations set their own privacy policies and notify consumers of the rules in advance of collecting information -- has failed. "Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand," the FTC report said.

The Future of Privacy Forum, a Washington, D.C.-based think tank, agreed with the FTC and praised the report. "Today's FTC report identifies the most pressing privacy issues facing consumers today," the group said in a statement. "They correctly recognize that the current framework needs to be updated to reflect consumers' ongoing concerns about how their data is being collected and used."

The commission's proposed privacy framework would have companies build consumer privacy protection into every stage of development of products and services. In addition, organizations would offer a clearly defined no-tracking option at the time a consumer is making a decision that would set data gathering in motion. Finally, companies would increase transparency of their data practices through clearer, shorter and more standardized privacy notices and by providing access to consumer data they maintain. If a company planned to use data for something other than its originally stated purpose, then consumers would have to agree to the new use in advance.

Advertisers have been adamantly against government-imposed privacy regulations, preferring a self-regulatory approach instead. In an appearance this year before the House Subcommittee on Commerce, Trade and Consumer Protection, Mike Zaneis, VP of public policy for the Interactive Advertising Bureau, argued that the industry "has a long and successful history of protecting consumers' privacy rights through effective self-regulation."

"Given the free content and services that consumers enjoy because of advertising revenue, it is imperative that any new laws be carefully tailored," Zaneis said.

Shar VanBoskirk, analyst for Forrester Research, said the firm's studies have shown that consumers are generally willing to share information with marketers if there's a valuable payback for doing so. Consumers are more concerned about the lack of control they have over their data, and VanBoskirk said she doesn't have a lot of faith that legislation would effectively address those concerns.

"Consumers need education to understand how their data is used, when data sharing has a benefit for them, where their data goes, who knows what about them, and then how to elect out of data sharing if they choose," VanBoskirk said in an e-mail sent to InformationWeek.

The FTC does not have the authority to require companies to follow its framework, much of which would require an act of Congress. The House Subcommittee on Commerce, Trade and Consumer Protection is scheduled to consider on Thursday the feasibility of a universal method for opting out of being tracked online, according to The New York Times.

SEE ALSO:

Web Browser Privacy Settings Flawed

The Massachusetts Data Privacy Law Debacle

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-0891
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0892
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0893
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.