As the Internet evolves and new data collection technologies emerge, privacy concerns are increasingly in the spotlight. Few doubt that these concerns are, in many cases, legitimate. The major point of contention is which institutions in society are best equipped to address the privacy challenges of the information age. While a number of privacy scholars point to stricter federal regulation as the answer, others are very skeptical of granting government a more expansive role in safeguarding sensitive information on the Internet.

In this week’s issue of Advertising Age, Carolyn Homer and I have a guest column in which we discuss the role of market institutions in addressing privacy concerns:

A series of recent high-profile privacy gaffes involving internet firms such as Google, Microsoft and Facebook has spurred a public outcry for stronger privacy protections. Politicians in Congress have responded with a slew of blustering letters, hearings, and legislative threats. On July 19, Rep. Bobby Rush, D-Ill., introduced a sweeping privacy bill in the House of Representatives, and Sen. John Kerry, D-Mass., has pledged to introduce a similar bill in the Senate. This legislation would stifle the dynamic internet economy and targeted advertising while doing little to improve consumer privacy. Mr. Rush’s bill, titled the Best Practices Act, would give the Federal Trade Commission broad new powers to regulate nearly any organization that routinely collects even basic data about individuals, including phone numbers and email addresses. The bill would empower the FTC to dictate businesses’ data security practices, perform extensive compliance audits, and even restrict which kinds of information firms can collect and how long they can store it. This approach may sound sensible, but it ignores the crucial role of responsible data collection in the information age. Limiting such practices will impede e-commerce and endanger free internet content backed by advertising. The internet’s ubiquitous information sharing is a feature, not a bug.

Responsible private-data collection has revolutionized the information economy over the past two decades. E-commerce and online advertising sustain over 3 million U.S. jobs and $300 billion in annual economic activity, according to a 2009 study by two Harvard Business School professors. Strict privacy mandates could decimate this industry. This has already happened in the European Union. According to a recent Massachusetts Institute of Technology paper, after the EU implemented a data-privacy law in 2002, the effectiveness of online advertising fell 65%. Rigid federal regulations are especially detrimental to small, entrepreneurial start-ups. The Best Practices Act exempts databases with information on fewer than 15,000 individuals, but today many small businesses maintain databases much larger than that. Consider Diaspora, a privacy-oriented social-networking site founded by four New York University students, which already has more than 30,000 followers on the microblogging service Twitter. The site has yet to launch — but under Mr. Rush’s legislation, it would face strict FTC rules from day one. Sharing sensitive information online always entails some risk. But that does not mean we should stop sharing information entirely, nor that companies should be prohibited from using volunteered information. Rather, privacy risks should be combated by educating users about the information they proffer and the trustworthiness of the websites they visit.

Despite the recent privacy hysteria, most companies have a solid privacy track record. Countless firms now hold billions of individual data points, yet breaches are infrequent. Corporate investment in data security continues to grow rapidly. Mistakes do happen, of course, but firms usually fix them quickly to avoid consumer outrage. Competitive markets are not perfect, but they are self-correcting — unlike government. Putting the feds in charge of micromanaging private-data collection practices will do little to safeguard privacy. Indeed, the federal government’s own track record on privacy is hardly reassuring. Consider the Patriot Act, the recent scandal over the storage of full body images, or the Justice Department’s push to access cellphone locational data without a warrant. Ironically, Mr. Rush’s bill exempts all government agencies, leaving Americans vulnerable to further government abuses. We do need stronger privacy safeguards, but Washington does not offer our salvation. Privacy-enhancing technologies continue to be developed in response to growing consumer demand. Legislative interference is at best hypocritical, and at worst destructive to the internet economy.

Over at TechDirt, Mike Masnick has an interesting post asking “Why Did Apple Approve Spotify?” which builds on an AdAge column asking a similar question: “Did Apple Sacrifice ITunes With Latest Apps?”  As the title of that AdAge piece suggests, some folks are wondering if Apple shot itself in the foot by approving Spotify, a music streaming app that some regard as a potential iTunes killer.  I don’t really have any comment on the business angle here, rather, I wanted to just comment on Mike’s suggestion that one possible explanation for Apple’s approval of the app is that:

As we noted when the app was approved, Apple appears to be somewhat gunshy, following the FCC inquiry into why it “blocked” Google Voice on the iPhone (and, yes, Apple still insists it didn’t actually block the app, but Google says otherwise). Given the scrutiny, Apple probably realized that it was in for some serious political trouble if it blocked an app like Spotify, which would have received a lot of press attention. Oddly, the AdAge article doesn’t mention this at all.

Indeed, it is odd that AdAge didn’t bother mentioning that fact.  But what I find doubly odd here is that nobody is even blinking an eye at the prospect of such political meddling with — or even possible FCC regulation of — Apple, iTunes, or music streaming market in general!  Seriously, have we gotten to the point now in our Bold New World of Neutrality Regulation that innovative high-tech companies must live in fear of constant regulatory intervention even when they completely lack any statutory authority to play these games?  Moreover, does anyone think that the a bunch of Beltway bureaucrats can micro-manage music and high-tech application markets and give us more options than we have today?

I know the prospect of such meddling makes some academics and regulatory activists groups happy, but I can’t see how this ends well for consumers or high-tech markets more generally.  Regardless, for those of you who laugh when we suggest that the slippery slope of regulation is real, consider this case to be Exhibit A.  Or perhaps it’s Exhibit B since the Google Voice spat with Apple was already moving the FCC in the direction of becoming a device regulator and applying “handset neutrality” principles that have no basis in law.  It’s your anything-goes government at work.