We Don't Need 'Do Not Track'

(page 2 of 2)

While the national frameworks for implementation of the Fair Information Practices differ, with the European Union countries being more prescriptive and the U.S. more self-regulatory, the bedrock element of all is the concept that consumers should be informed of how their personal data may be used so they can make educated choices. In short, transparency is the key. And in the U.S., if companies say one thing in their privacy policies but do another in the collection and use of personal data, the FTC will step in to enforce. Practice is measured against promises.

Competitive Spirit

The five major search engines—Google (GOOG), Yahoo (YHOO), Microsoft (MSFT), Ask.com (IACI), and Time Warner's (TWX) AOL—were recently lauded by the Center for Democracy & Technology (CDT) for changes in their privacy practices, specifically with respect to how search data (search terms, cookies, and IP addresses) will be handled.

The CDT said the changes show that competition works. The competition was made possible by visibility of the changes in the privacy policies of the various companies, which provide the notice and choices to consumers. Others disagree with the CDT over the extent to which the Googles of the world have gone to protect data. In any event, adherence to Fair Information Practices has allowed the debate by providing notice to consumers and to the world over how data is being handled (and what the choices are for consumers before they use the search engine).

User-Friendly Privacy Practices

An overhaul of the existing privacy framework, including the addition of "do not track" regulations, is not necessary. Fair Information Practices are expected to remain the foundation of privacy law for some time to come. So, with the advent of new technologies to collect personal data and tailor marketing messages, the fundamental issue is how the information about data use (and the attendant choices available) is communicated, not whether technology using personal data to engage in behavioral marketing should be regulated. In short, how clear and useful are privacy policies?

The FTC and the financial services community have been engaged in an exercise this year to standardize and streamline the privacy notices sent to consumers under the Gramm-Leach-Bliley (GLB) act. I agree with critics who say the notices sent to consumers in the past—often printed in tiny typeface on flimsy paper, and ignored—need a makeover. The strictures proposed in terms of content, format, and presentation have generated criticism for being inflexible and for stifling innovation in communications with consumers. Whether a standard form emerges remains to be seen.

Outside of the GLB realm, no such proposals for standard forms have been made. So there is a real opportunity for companies collecting consumer data for tailored marketing to communicate in new, clearer, and more consumer-friendly ways in order to provide the notice and choice that are the bedrock Fair Information Practices principles. Privacy policies need to be much more user-friendly. Of course, as a legal matter, the fine print needs to be there. But there is no reason the policies cannot be summarized with headlines in plain English, in a graphically attractive way. Just as dense management reports often contain executive summaries, companies should employ consumer summaries that highlight the privacy provisions. Even video can be used to describe the privacy options available to consumers. Verizon recently experimented with such video information.

Matter of Control

A special opportunity exists for companies that provide wired and wireless voice, video, and data services. The breadth and depth of the data such companies handle makes it incumbent upon them to clearly state their collection, storage, security, and sharing practices, and what the consumer options are with respect to how data are used. Likewise, more and clearer information needs to be provided to consumers regarding how they can use tools on their own computers to control the collection of data at its source.

In the new technological era, marketers will be able to provide more relevant (and more useful) information to consumers based on personal information, but that will only work if people have control over what information they are sharing. Privacy policies therefore will take on an increasingly important role, and companies will (and should) be rewarded for innovations in how such policies are communicated. A new "do not track" bureaucracy is not what is needed.

Wolf is a litigation partner in the Washington (D.C.) office of Proskauer Rose and chairs the firm's Privacy & Data Security Practice Group. He is the editor and lead author of the Practising Law Institute treatise Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age.