Do Not Track legislation

Do Not Track legislation protects users’ right to choose whether or not to be tracked by third-party websites. It is often called the online version of "Do Not Call".[1] The legislation is supported by privacy advocates, and opposed by advertisers and services that use tracking information to personalize web content.

Overview

With the development of Internet technology, a large number of people, business entities and organizations are interacting with each other. For instance, Facebook enables its users to socialize with each other. Google provides e-mail services and entertainment through Gmail and YouTube. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as IP address or search history.

Personal information has become a valuable asset because many business entrepreneurs are utilizing it to implement targeting advertisements or marketing promotions.[2] According to a press release from the Consumer Watchdog, however, there is a growing concern for rampant collection of personal information.[3][4] Privacy advocates worry about the fact that search engine companies can store and utilize the users’ personal information such as medical history, criminal records, profile, location and their orientation for implementing a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws in regard to the protection of internet users’ privacy.

U.S. citizens usually know that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by The Gallup Organization and the USA Today shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers’ online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want targeting advertisement, 14% said that they would allow those advertisements.[5]

History

On December 1, 2010, the U.S. Federal Trade Commission (FTC) published a preliminary report highlighting the consumers’ right to prevent websites from tracking their online behaviors.[6] The central plank of the bill was to adopt a Do Not Track opt-out function to web browsers. The FTC judged that online marketers’ pervasive collection of personal information could possibly violate privacy. This issue began to surface again in 2012 after Google announced its new privacy policy. Reps. Edward Markey, Joe Barton, and Cliff Stearns asked the FTC to investigate the legality of Google’s change of privacy policy; they sent a letter to the FTC regarding Google’s changed privacy policy.[7]

Bills introduced in the United States

In 2011 and 2012, there were several bills introduced around this issue:

Do Not Track Me Online Act of 2011

The Do Not Track Me Online Act of 2011 attempted to make the FTC set the standards for the use of an online opt-out function in the United States, which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt out of such collection or use.[8] The bill was regarded as an online version of the Do Not Call law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also stated that each respective business entity should disclose the current status of personal information collection and whom they share the information with.

According to the Do Not Track Me Online Act of 2011, personal information includes:

The bill also forbids data collection about the following:

The bill was introduced on February 11, 2011. However, it was not enacted.[14]

California Senate Bill 761

California Senate Bill 761 was introduced by Senator Alan Lowenthal on February 18, 2011, and amended by the California State Senate on May 10, 2011.[9] The intent of this bill was to forestall shirking of responsibility of corporations’ personal information leakage and to strengthen the protection for customers. This bill also included:

However, on April 27, 2011, several business entities expressed strong opposition to the bill in a letter.[15] The objectors characterized the bill as:

California Assembly Bill AB 370

The state's Assembly and Senate approved the bill (AB 370) that requires commercial websites and online services to disclose how they respond to an Internet browser's "do not track" signals and whether and how third parties collect personally identifiable information from consumers who visit those sites.

THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:

SECTION 1. Section 22575 of the Business and Professions Code is amended to read: 22575. (a) An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site, or in the case of an operator of an online service, make that policy available in accordance with paragraph (5) of subdivision (b) of Section 22577. An operator shall be in violation of this subdivision only if the operator fails to post its policy within 30 days after being notified of noncompliance. (b) The privacy policy required by subdivision (a) shall do all of the following:

(1) Identify the categories of personally identifiable information that the operator collects through the Web site or online service about individual consumers who use or visit its commercial Web site or online service and the categories of third-party persons or entities with whom the operator may share that personally identifiable information.

(2) If the operator maintains a process for an individual consumer who uses or visits its commercial Web site or online service to review and request changes to any of his or her personally identifiable information that is collected through the Web site or online service, provide a description of that process.

(3) Describe the process by which the operator notifies consumers who use or visit its commercial Web site or online service of material changes to the operator’s privacy policy for that Web site or online service.

(4) Identify its effective date.

(5) Disclose how the operator responds to Web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services, if the operator engages in that collection.

(6) Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service.

(7) An operator may satisfy the requirement of paragraph (5) by providing a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.

Consumer Privacy Protection Act of 2011

Reps. Cliff Stearns and Jim Matheson introduced a bill to improve and protect consumer privacy on April 13, 2011. This bill suggests consumers control the uses of private information collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third-party websites. According to this bill, websites must prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions.[10] In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the "opt-out" option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers’ choice.

Commercial Privacy Bill of Rights

Senators John Kerry and John McCain announced a bipartisan Commercial Privacy Bill of Rights, the United States' "first comprehensive privacy law", during a press conference on April 12, 2011.[11][16] The purpose of this bill, which prescribed consumer privacy rights, was to establish a regulatory framework for the comprehensive protection of personal data for individuals.[17] It mandated that websites collecting user information:

Do Not Track Online Act of 2011

On May 6, 2011, U.S. Senate pushed ahead a bill forbidding online business entities from collecting online users’ location information.[12] According to this bill, corporations can collect user information under an apparent consent. The notice on the collection and use of information should be provided to users in clear, conspicuous, and accurate manner. Senator Jay Rockefeller, the chairman of the Senate Committee on Commerce, Science and Transportation, mandated corporations to respect users’ denial of information collection. In addition, the FTC was mandated to punish corporations not following this bill. The bill includes civil penalties of $16,000 per day for violations, with a maximum total liability of $15 million.

Do Not Track Kids Act of 2011

Representative Edward Markey introduced a bill called the "Do Not Track Kids Act of 2011".[13] This bill requires that online stores should get parents’ consent when they collect kids’ information. Even though they can collect it, they cannot use it for marketing purposes.[18] The goal of the "Do Not Track Kids Act of 2011" is to strengthen privacy protection for children by:

Consumer Privacy Bill of Rights

The Obama administration announced that consumers have right to control which companies collect and use their information. The administration also stated that the privacy policy of companies should be transparent and understandable, and hacking and personal information leakage should be completely stopped.[19][20] The Consumer Privacy Bill of Rights advances these objectives by holding that consumers have a right to:

The purpose of the Consumer Privacy Bill of Rights is to deter Internet companies from indiscriminate collection of personal information for targeted ads. In response, The Internet companies such as Mozilla, Google, Microsoft, Yahoo!, and AOL promised to provide a "do not track" mechanism so that customers can choose whether they want to participate in online behavioral advertising or not.[21][22] However, the guideline has its limitation that it is not enforceable. The Obama Administration encouraged the United States Congress to grant the Federal Trade Commission the authority to enforce each element of the statutory Consumer Privacy Bill of Rights. Once enacted, Internet companies infringing upon the rights put forth in these guidelines could suffer sanctions from the FTC.

Federal Trade Commission report

In March 2012 the U.S. Federal Trade Commission (FTC) published a report called "Protecting Consumer Privacy in an Era of Rapid Change".[23] FTC Chairman Jon Leibowitz stated that "data brokers have deceived the Internet users” and “we need to focus on that the data brokers have collected personal information without the users knowing it".[24]

The FTC articulated that the purpose of the report was to protect the user privacy which is constantly exposed while surfing the Internet. In addition, the FTC discussed the Do Not Track mechanism and recommended browser vendors to enable users to control the level of personal information tracking by adopting an opt-out function. The Digital Advertising Alliance agreed with the FTC proposal, and it is planning to adopt the opt-out function within 2012.

The FTC also recommends mobile application companies to come up with simple, effective, and approachable privacy protection measures. It also required data brokers to reveal their identities by establishing a centralized website enabling transparent collection of personal information, and to allow users to access personal information collected by data brokers.

The Right to be Forgotten (European Union)

Concept

The European Union expressed its concern about the personal information management. On January 25, 2012, Viviane Reding, the vice chairperson of the European Commission, suggested General Data Protection Regulation which is a more strict form than the Directive 95/46/EC is. This is a right to ask service providers to delete the personal information which were collected by data brokers under a users’ consent in order to strengthen the user information protection. The right to be forgotten also includes the notion of not to be searched, and extinctive prescription of information.[25]

The regulation recommends service providers to request consent from their users when they deal with sensitive personal information. When failing to comply with the regulation, service providers would be fined up to €1 million or 2% of their sales figures.

Reding articulated that change of regulations related to the past Internet environment is inevitable due to the changes of digital circumstances such as technological development and globalization. She also stated that the current credibility of Internet companies is low because of weak personal information management. The proposed law would include the following:

Objection against the statute

As a response to the proposal, there are several objections against the statute.

Discard of resident registration numbers (South Korea)

Concept

The resident registration numbers (RRN) have been used for online identification purposes in South Korea. The Korea Communications Commission introduced a law preventing the Internet websites which have more than 10,000 daily active users from collecting and using RRN; it took effect on August 18, 2012. The range of law will be extended to every website in 2013.[28]

Objection against the statute

However, there are arguments against this law:[29]

Opposition to Do Not Track

There are some arguments against Do Not Track proposal. Opponents emphasize its economic benefits of online behavioral advertising and its quality of services. According to their arguments:

Reactions of online companies

Among the major Internet browsers and search engines, the Do Not Track policy has been quite controversial. For instance, Google’s contentious privacy settings, effective earlier this year, raised questions of how companies would interpret and implement the Do Not Track policy. Microsoft has recently implemented a Do Not Track option into its Internet Explorer 10 browser as its default setting, which has instigated a number of public comments and critique from major companies. Sarah Downey, from Abine, commented on Fox Business Network that even if you opt-in on the Do Not Track option, advertisers can still collect your data and track your behavior. Abine created a Do Not Track Plus add-on that claims to completely block tracking. Downey continues to state that the in-browser Do Not Track option is a more of a "voluntary message" or a "request, not an obligation" to the advertisers not to track you.[34]

Furthermore, the Digital Advertising Alliance stated, earlier this year at an industry consortium, that the Do Not Track option should be a “choice actively made by an individual consumer”, in which Microsoft’s new software denies consumers that choice. A Yahoo! Policy blog post also argues that Microsoft’s decision “degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them”.[35] Executives from Dell, IBM, Intel, Visa, Verizon, Walmart, and Yahoo!, one of the initial supporters of the Do Not Track policy, argue that Microsoft should "realign with the broader business community by providing choice through a default of 'off' on your browser's 'do not track' setting".[36]

References

  1. Linsey, Davis (Dec 2, 2012). "Do Not Track: The Online Version of 'Do Not Call'". abc News. Retrieved 1 May 2012.
  2. Mulconrey, Brian (Oct 2005). "Your personal information: Managing your most valuable asset". The Futurist. 5. 39: 24.
  3. Simpson, John. "Consumer Watchdog poll finds concern about Google's Wi-Spy snooping". Consumer Watchdog. Retrieved 18 February 2012.
  4. Dye, Jessica (2009). "Consumer Privacy Advocates Seek Search Engine Solution". EContent (March). Retrieved 4 May 2012.
  5. Lymari, Morales (Dec 21, 2010). "U.S. Internet Users Ready to Limit Online Tracking for Ads". Gallup Economy. Retrieved 1 May 2012.
  6. "FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers". Federal Trade Commission. Retrieved 2 May 2012.
  7. Rep. Joe Barton (R-TX), cosponsor Rep. Ed Markey (D-MA), cosponsor Rep. Cliff Stearns (R-FL), "Letter to FTC regarding Google" (February 17, 2012), http://markey.house.gov/sites/markey.house.gov/files/documents/2-17-12%20LTR%20to%20FTC%20Regarding%20Google.pdf
  8. 1 2 Rep. Jackie Speier (D-CA), "Do Not Track Me Online Act of 2011" (February 11, 2011), http://www.gpo.gov/fdsys/pkg/BILLS-112hr654ih/pdf/BILLS-112hr654ih.pdf
  9. 1 2 Sen. Alan Lowenthal (D-CA), "California Senate Bill 761" (February 18, 2011), http://info.sen.ca.gov/pub/11-12/bill/sen/sb_0751-0800/sb_761_bill_20110510_amended_sen_v95.pdf
  10. 1 2 Rep. Cliff Stearns (R-FL), cosponsor Rep. Matheson (D-UT), "Consumer Privacy Protection Act of 2011" (April 13, 2011), http://www.gpo.gov/fdsys/pkg/BILLS-112hr1528ih/pdf/BILLS-112hr1528ih.pdf
  11. 1 2 Sen. John Kerry (D-MA), cosponsor Sen. John McCain (R-AZ), "Commercial Privacy Bill of Rights Act of 2011" (April 12, 2011), http://www.kerry.senate.gov/imo/media/doc/Commercial%20Privacy%20Bill%20of%20Rights%20Text.pdf
  12. 1 2 Sen. Jay Rockefeller (D-WV), "Do Not Track Online Act of 2011" (May 6, 2011), http://commerce.senate.gov/public/?a=Files.Serve&File_id=85b45cce-63b3-4241-99f1-0bc57c5c1cff
  13. 1 2 Rep. Ed Markey (D-MA), "Do Not Track Kids Act of 2011" (May 5, 2011), http://online.wsj.com/public/resources/documents/billdraft0506.pdf
  14. https://www.govtrack.us/congress/bills/112/hr654
  15. "Opposition letter to SB 761" (PDF). Retrieved 2 May 2012.
  16. "Introducing the Commercial Privacy Bill of Rights(press conference)". Retrieved 3 May 2012.
  17. Angwin, Julia (13 April 2011). "Senators Offer Privacy Bill to Protect Personal Data". Wall Street Journal.
  18. "Protecting Children's Privacy in an Electronic World (Statement at Hearing)". Retrieved 2 May 2012.
  19. David, Goldman (Feb 23, 2012). "White House pushes online privacy bill of rights". CNN Money. Retrieved 2 May 2012.
  20. The White House, "Consumer Privacy Data in a Networked World" (Feb 23, 2012), http://www.whitehouse.gov/sites/default/files/privacy-final.pdf
  21. Rainey, Reitman (Jan 24, 2011). "Mozilla Leads the Way on Do Not Track". Electronic Frontier Foundation. Retrieved 3 May 2012.
  22. Jennifer, Valentino-DeVries (Mar 29, 2012). "Yahoo to Implement 'Do Not Track' Mechanism". The Wall Street Journal. Retrieved 2 May 2012.
  23. "Protecting Consumer Privacy in an Era of Rapid Change" (PDF). Federal Trade Commission. Retrieved 3 May 2012.
  24. Gerry, Smith (Mar 26, 2012). "Consumer Privacy Defended In FTC's Caution To Congress On Data Brokers". Huffington Post. Retrieved 2 May 2012.
  25. European Commission, "Proposal for a Regulation of the European Parliament and of the Council", (January 25, 2012), http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
  26. 1 2 Grant, Gross (Jan 25, 2012). "Critics: EU's proposed data protection rules could hinder Internet". ComputerWorld. Retrieved 3 May 2012.
  27. Matt, Warman (Feb 28, 2012). "Government minister Ed Vaizey questions EU 'right to be forgotten' regulations". The Telegraph. Retrieved 3 May 2012.
  28. Shin, Inkyu (Dec 29, 2011). "인터넷서 주민번호 사라진다". 한국경제. Retrieved 3 May 2012.
  29. Jeong, Bora (Mar 21, 2012). ""주민번호 본인 확인을 다시 허하라"…왜?". Bloter.net. Retrieved 3 May 2012.
  30. "Ponemon study: Privacy concerns thwart ad spending on behaviorally targeted campaigns". Professional Services Close - Up. 7 May 2010.
  31. Avi, Goldfarb; Catherine E. Tucker (Jan 2011). "Privacy Regulation and Online Advertising".
  32. Howard, Beales. "The Value of Behavioral Targeting" (PDF). Retrieved 3 May 2012.
  33. "Facebook Founder on Privacy: Public Is the New "Social Norm" (video material)". Mashable Social Media. Retrieved 3 May 2012.
  34. "Companies Ignoring 'Do Not Track' Selections on Web Browsers". Fox Business. Retrieved 30 October 2012.
  35. Gilbertson, Scott. "Yahoo, Microsoft Tiff Highlights the Epic Failure of 'Do Not Track'". Wired. Retrieved 30 October 2012.
  36. Singer, Natasha (13 October 2012). "Do Not Track? Advertisers say 'Dont Tread on Us'". New York Times. Retrieved 30 October 2012.
This article is issued from Wikipedia - version of the 11/27/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.