CIPPIC Comments on FTC Proposal on Consumer Tracking Adverts

The Phorm storm may be taking place far away, but few are aware of a similar storm brewing in the United States. Should advertising have the ability to track online users?

Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes

The FTC seems skeptical about the proposition.

A recent posting on the Canadian Internet Policy and Public Interest Clinic official website says that they passed along comments to the Federal Trade Commission regarding behavioral tracking advertisements which push targeted advertisements to various users.

The FTC had a proposal (PDF) on the issue saying, among other things:

In examining the practices, the FTC has applied a broad definition of online “behavioral advertising,” one meant to encompass the various tracking activities engaged in by diverse companies across the Web. Thus, for purposes of this discussion, online “behavioral advertising” means the tracking of a consumer’s activities online — including the searches the consumer has conducted, the web pages visited, and the content viewed — in order to deliver advertising targeted to the individual consumer’s interests.

First, while behavioral advertising provides benefits to consumers in the form of free web content and personalized ads that many consumers value, the practice itself is largely invisible and unknown to consumers. The benefits include, for example, access to newspapers and information from around the world, provided free because it is subsidized by online advertising; tailored ads that facilitate comparison shopping for the specific products that consumers want; and, potentially, a reduction in ads that are irrelevant to consumers’ interests and that may therefore be unwelcome. Although many consumers value these benefits, few appear to understand the role that data collection plays in providing them. Second, business and consumer groups alike cherish the values of transparency and consumer autonomy, and view them as critical to the development and maintenance of consumer trust in the online marketplace. Third, regardless of whether one views behavioral advertising as beneficial, benign, or harmful, there are reasonable concerns about the possibility of consumer data collected for this purpose falling into the wrong hands or being used for unanticipated purposes.

The FTC then proposed the following principles:
– Transparency and consumer control
– Reasonable security, and limited data retention, for consumer data
– Affirmative express consent for material changes to existing privacy promises
– Affirmative express consent to (or prohibition against) using sensitive data for
– behavioral advertising
– Call for additional information: Using tracking data for purposes other than
behavioral advertising

The FTC requested comments on the matter and CIPPIC seemed more than happy to comment on the issues.

CIPPIC commented (PDF),

The Canadian Internet Policy and Public Interest Clinic (“CIPPIC”) is a legal clinic based at the University of Ottawa, Faculty of Law. CIPPIC’s mandate is to provide a public interest voice in the policy-making process at the intersection of law and technology. We write to you today to offer our comments on the Federal Trade Commission’s (“FTC”) document, “Behavioral Advertising, Moving the Discussion Forward to Possible Self- Regulatory Principles” (the “Principles”).

CIPPIC has developed considerable expertise in privacy issues raised by technology. This expertise partially stems from the fact that we operate out of Canada, a jurisdiction with a well-developed privacy regulatory framework. This expertise, combined with the reality that any regulatory framework championed by the FTC will impact Canadians, provides the impetus for these comments.

CIPPIC then touched on the following topics:

General Comments

– a. Scope of Application of the Principles
– b. The Principles Should be Legislated (Not Voluntary)
– c. The Principles Should be Fully Fleshed Out and Comprehensive (Not Vague)
– d. The Principles Should be Treated as Baseline Requirements, not Aspirational “Best Practices”
– e. The Principles Should Extend to Outsourcing
– f. The Principles Should be Properly Enforced so as to Ensure Industry-Wide, Uniform Compliance

Comments on Specific Proposed Principles

– a. Principle 1: Transparency and Consumer Control
– b. Principle 2: Reasonable Security and Limited Data Retention
— (i) Reasonable Security
— (ii) Limited Data Retention
– c. Principle 3: Affirmative Express Consent for Material Changes to Existing Privacy Promises
– d. Principle 4: Affirmative Express Consent To (or Prohibition Against) Using Sensitive Data for Behavioural Advertising
– e. Call For Additional Information: Using Tracking Data for Purposes Other than Behavioural Advertising
— (i) Which secondary uses raise concerns?
— (ii) Are companies in fact using data for these secondary purposes?
— (iii) Are concerns about secondary uses limited to the use of personally identifiable
data or also extend to non-personally identifiable data?
— (iv) Do secondary uses merit some form of heightened protection?

It’s an interesting development in the wake of the Phorm storm in Britain. We here at ZeroPaid covered the latest developments on the surrounding controversy where ISP level technology called Phorm would have the capability to monitor and track users to push targeted advertisements onto web surfers.

Looks like the battle between corporate interests an consumer privacy continues.

Drew Wilson on Twitter: @icecube85 and Google+.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: