When surfing the internet in the privacy of your own home, one might think they are safe from prying eyes, and free to surf the internet without anyone knowing what they're doing. Unfortunately, this couldn't be further from the truth. What you do on the internet is information that every retailer and marketing firm wants to know. Why? It's because these companies use that information to create targeted advertising, which increases sales and thus profits. Targeted advertising simply means that when a company pays for an advertisement they want that advertisement to go to people who will be most likely to purchase whatever the advertisement is selling. For example, sending an advertisement for an expensive boat to someone who is unemployed would most likely be a waste of money.
Companies pay for information about your online habits to companies called data brokerage firms or information aggregators. These companies set up thousands of servers specifically to monitor people's activity on the internet, organize the information to fit a retailer or marketing firm's needs, and then sell it to the highest bidder. This type of information gathering has set off alarms within the privacy advocacy community as the information collected can at the very least have personal information about you, including age, race, sex, weight, height, marital status, educational level, politics, buying habits, household health worries, vacation dreams and more.
So far, the retail industry has for the most part been self-regulating when it comes to what is right or wrong when tracking you online. According to the World Wide Web Consortium (W3C), an international community where Member organizations, a full-time staff, and the public work together to develop Web standards, privacy advocates and retailers have come to a cautious agreement that an option called "Do Not Track" on web browsers should be available to consumers. When a consumer clicks the "Do Not Track" option, retailers would honor their request and stop their websites from tracking everything that a consumer does on their website. The problem is that all of this is voluntarily and the W3C has no power to enforce any of the standards they promulgate.
Microsoft has added to the controversy over this issue by declaring that their next web browser, Internet Explorer 10, will have the "Do Not Track" option activated as the default setting for their new browser. Retailers and marketers rebuked this idea, threatening not to comply because they believed the standard of complying with the do not track request is only valid if the consumer actively selects it themselves. This latest battle in the protracted war between privacy advocates and the retailing industry has many calling for legislation so that there is some method of enforcing companies to respect the "Do Not Track" option. Surprisingly, several bills have been introduced in both the Senate and the House regarding tracking online consumers. Not surprisingly, all of these bills have been languishing in Congressional committees since 2011. With the attention Microsoft's move has garnered, the possibility of these bills gaining traction in Congress is becoming more likely.
A bill submitted by Rep. Jackie Speier, the Do Not Track Me Online Act of 2011, requires the Federal Trade Commission (FTC) to create new rules that establish standards for the required use of online opt-out mechanism to let a consumer choose to prohibit anyone from tracking them online. The standards must include a rule requiring covered companies to disclose to the consumer how they collect information and what they do with it, as well as a rule obligating companies to not track consumers if they elect to not be tracked. The FTC would also be given the authority to conduct random audits of covered companies to ensure that they are in compliance with the established standards. For companies not in compliance with these standards, any state attorney general would be permitted to bring a civil action imposing fines up to $11,000 per day with a $5,000,000 maximum cap.
The Do-Not-Track Online Act of 2011, submitted by Sen. John Rockefeller, largely mirrors Rep. Jackie Speier's legislation; however, his bill lacks any language giving the FTC authority to conduct random audits of companies. While it lacks audit authority for the FTC, Sen. Rockefeller's bill calls for fines up to $16,000 per day with a $15,000,000 maximum cap.
Lastly, Rep. Edward Markey has put forth the Do Not Track Kids Act of 2011 putting extra emphasis on the protection of children from being tracked online. This bill provides for the same kind of enforceable standards as above, but adds extra standards for minors. This bill would require covered companies to not track children unless receiving parental permission, stop companies from requiring children's personal information in exchange for allowing the child to play a free online game, and to create an "eraser button" allowing users of a website to erase any current or past information already collected on a minor. While providing a multitude of protections for minors on online, this bill does not provide any recommendations on fines or damages to be paid by companies in violation of its rules.
While it is unlikely that any of these bills will be signed into law in the near future, it is a good idea to keep them in mind as the discord surrounding privacy on the web escalates. For now, the war between retailers and privacy advocates will continue as the struggle for meaningful self-regulation of online tracking makes slow progress. In the meantime, click that "Do Not Track" option if you feel uncomfortable having your online activity monitored and hope that companies are courteous enough to oblige.
"You Are Being Tracked" was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.