As Sonia Arrison mentioned here on Friday, the State of California is currently considering legislation that could, in the name of enhancing online privacy, impose burdensome new regulatory mandates on the Internet. Sonia has a nice column at TechNewsWorld discussing this. I also wrote about the same issue in my Forbes column this week, which is entitled, “The State of California Versus the Internet.” Specifically, I discuss SB 242, “The Social Networking Privacy Act,” and SB761, the so-called Do Not Track bill, and argue that: “What unifies these two measures is a general lack of understanding about the way the Internet and digital technology work. Both measures fail to appreciate the global nature of the Internet and would raise a host of unintended consequences.”
While the best of intentions drive these measures, they will be complicated to enforce in practice and could have a devastating impact on the California economy in the process. “If California wants to reestablish itself as the home of high-tech innovation,” I argue, “it needs to realize heavy-handed Net controls are not the ticket to either economic progress or job-creation.” Moreover, “These laws could be challenged in court since state-based regulation of the Internet raise constitutional issues. The Commerce Clause of the Constitution was designed to block the sort of parochial burdens on interstate commerce that these measures would establish.”
Jump over to Forbes to read the rest. Let’s hope California policymakers realize what a mistake they are making before it’s too late. If they don’t, Congress will need to preempt this regulation of interstate commerce if it’s not immediately challenged in Court and overturned.
Reps. Edward Markey (D-Mass.) and Joe Barton (R-Texas) have released a discussion draft of their forthcoming “Do Not Track Kids Act of 2011.” I’ve only had a chance to give it a quick read, but the bill, which is intended to help safeguard kids’ privacy online, has two major regulatory provisions of interest:
(1) New regulations aimed at limiting data collection about children and teens, including (a)
expansion of the Children’s Online Privacy Protection Act (COPPA) of 1998, which would build upon COPPA’s “verifiable parental consent” model; and (b) a new “Digital Marketing Bill of Rights for Teens;” and (c) limits on collection of geolocation information about both children and teens.
(2)
An Internet “Eraser Button” for Kids to help kids wipe out embarrassing facts they have place online but later come to regret. Specifically, the bill would require online operators “to the extent technologically feasible, to implement mechanisms that permit users of the website, service, or application of the operator to erase or otherwise eliminate content that is publicly available through the website, service, or application and contains or displays personal information of children or minors.” This is loosely modeled on a similar idea currently being considered in the European Union, a so-called “right to be forgotten” online.
Both of these proposals were originally floated by the child safety group Common Sense Media (CSM) in a report released last December. It’s understandable why some policymakers and child safety advocates like CSM would favor such steps. They fear that there is simply too much information about kids online today or that kids are voluntarily placing far too much personal information online that could come back to haunt them in the future. These are valid concerns, but there are both practical and principled reasons to be worried about the regulatory approach embodied in the Markey-Barton “Do Not Track Kids Act”: Continue reading →
I’ve already Tweeted about it, but if you are following Internet privacy debates and have not yet had the chance to read Lauren Weinstein‘s new paper, “Do-Not-Track, Doctor Who, and a Constellation of Confusion,” it is definitely worth a look. Weinstein, founder of the Privacy Forum, zeroes in on two related issue that I have made the focus of much of my work on this issue: (1) the fact that Do Not Track is seemingly viewed by some as a silver-bullet quick fix to online privacy concerns but will really be far more complicated in practice to enforce, and (2) that Do Not Track regulation will likely have many unintended consequences, most of which are going unexplored by proponents.
For example, Weinstein says:
Do-not-track in actuality encompasses an immensely heterogeneous mosaic of issues and considerations, not appropriately subject to simplistic approaches or “quick fix” solutions. Approaching this area without a realistic appreciation of such facts is fraught with risks and the potential for major undesirable collateral damages to businesses, organizations, and individuals. Attempts to portray these controversies as “black or white” topics subject to rapid or in some cases even unilaterally imposed resolutions may be politically expedient, but are ultimately both childish and dangerous. […]
Above all, we should endeavor to remember that tracking issues both on and off the Internet are in reality part of a complicated whole, a multifaceted set of problems — and very importantly — potentials as well. The decisions that we make now regarding these issues will likely have far-ranging implications and effects on the Internet for many years to come, perhaps for decades.
Continue reading →
FTC Commissioner J. Thomas Rosch puts the brakes on some of the Do-Not-Track excitement that has been bubbling up in this (wouldn’t you know it) Advertising Age piece.
The concept of do not track has not been endorsed by the commission or, in my judgment, even properly vetted yet. In actuality, in a preliminary staff report issued in December 2010, the FTC proposed a new privacy framework and suggested the implementation of do not track. The commission voted to issue the preliminary FTC staff report for the sole purpose of soliciting public comment on these proposals. Indeed, far from endorsing the staff’s do-not-track proposal, one other commissioner has called it premature.
Do-Not-Track does need more vetting and consideration. Don’t get your hopes up about being free of tracking anytime soon. (Do you even know what “tracking” is?)
If Do-Not-Track goes forward, don’t get your hopes up to be free of tracking either. When you take control of what your browser sends out over the Internet?
Then you can rightly anticipate being free of unwanted tracking!
Today, the U.S. Senate Commerce Committee held a hearing on “The State of Online Consumer Privacy.”
The push for online privacy regulation has real momentum, as proposed privacy legislation from numerous lawmakers, a Department of Commerce report proposing a compulsory Do Not Track mechanism to regulate business marketing practices, and the Obama Administration’s proposed “Privacy Bill of Rights” all indicate.
However, Congress should be very wary of such proposals. A politically defined Do Not Track regime risks undermining targeted advertising, impeding business transactions that occur between strangers, and stifling mobile ecosystems that are barely out of the cradle. Rattling consumers needlessly by encouraging them to opt-out of largely beneficial information collection is an especially unwise idea in our uncertain economic climate – especially when major industry participants are developing such mechanisms on their own.
The opportunity to undermine online marketing – wrongly called “surveillance” – appeals to some, but such privacy purists have no right to call the shots for anyone but themselves and those who agree with them. The right to use information acquired through voluntary transactions is no less important than the right to decide whether to disclose information in the first place.
Continue reading →
It seems peculiar to me that some of the same individuals and groups who so vociferously opposed a “broadcast flag” technological mandate in past years are now in a mad rush to have federal policymakers mandate a “Do Not Track” regulatory regime for privacy purposes. The broadcast flag debate, you will recall, centered around the wisdom of mandating a technological fix to the copyright arms race before digitized high-definition broadcast signals were effectively “Napster-ized.” At least that was the fear six or seven years ago. TV broadcasters and some content companies wanted the Federal Communications Commission (FCC) to recognize and enforce a string of code that would have been embedded in digital broadcast program signals such that mass redistribution of video programming could have been prevented.
Flash forward to the present debate about mandating a “Do Not Track” scheme to help protect privacy online. As I noted in my filing last week to the Federal Trade Commission, at root, Do Not Track is just another “information control regime.” Much like the broadcast flag proposal, it’s an attempt to use a technological quick-fix to solve a complex problem. When it comes to such information control efforts, however, there aren’t many good examples of simple fixes or silver-bullet solutions that have worked, at least not for very long. The debates over Wikileaks, online porn, Internet hate speech, and Spam all demonstrate how challenging it can be to put information back into the bottle once it is released into the digital wild.
To be clear, I am not opposed to technological solutions like broadcast flag or Do Not Track,
but I am opposed to forcing them upon the Internet and digital markets in a top-down, centrally-planned fashion. While I am skeptical that either scheme would work well in practice (whether voluntary or mandated), my concern in these debates is that forcing such solutions by law will have many unintended consequences, not the least of which will be the gradual growth of invasive cyberspace controls in these or other contexts. After all, if we can have “broadcast flags” and “Do Not Track” schemes, why not “flag” mandates for objectionable speech or “Do Not Porn” browser mandates? Continue reading →
Today I filed roughly 30 pages worth of comments with the Federal Trade Commission (FTC) in its proceeding on “Protecting Consumer Privacy in an Era of Rapid Change: a Proposed Framework for Businesses and Policy Makers.” [Other comments filed in the proceeding can be found here.] Down below, I’ve attached the Table of Contents from my filing so you can see the major themes I’ve addressed, and I’ve also attached the entire document in a Scribd reader. In coming days and weeks, I’ll be expanding upon some of these themes in follow-up essays.
In my filing, I argue that while it remains impossible to predict with precision the impact a new privacy regulatory regime will have the Internet economy and digital consumers, regulation
will have consequences; of that much we can be certain. As the FTC and other policy makers move forward with proposals to expand regulation in this regard, it is vital that the surreal “something-for-nothing” quality of current privacy debate cease. Those who criticize data collection or online advertising and call for expanded regulation should be required to provide a strict cost-benefit analysis of the restrictions they would impose upon America’s vibrant digital marketplace.
In particular, it should be clear that the debate over Do Not Track and online advertising regulation is fundamentally tied up with the future of online content, culture, and services. Thus, regulatory advocates must explain how the content and services supported currently by advertising and marketing will be sustained if current online data collection and ad targeting techniques are restricted. Continue reading →
Rep. Jackie Speier introduced legislation today that would require the Federal Trade Commission to establish standards for a “Do Not Track” mechanism and require online data collectors to obey consumer opt-outs through such a tool.
As I’ll explain in more detail in my comments on the FTC’s privacy report (due next Friday), I’ve argued for the last two and half years that user empowering users to make their own choices about online privacy is, in combination with education and enforcement of existing laws, the best way to start adddressing online privacy concerns. In principle, some kind of “Do Not Track” mechanism could be a valuable user empowerment tool.
But actually implementing “Do Not Track” without killing advertising won’t be easy. Just as consumers need to be empowered to make effective privacy choices, so too must publishers of ad-supported websites be able to make explicit today’s implicit
quid pro quo: Users who opt-out of tracking might have to see more ads, pay for content and so on.
Government cannot design a “marketplace for privacy” from the top down, nor predict the costs of forcing an explicit
quid pro quo. It would be sadly ironic—as Adam Thierer and I pointed out over a year ago—if the same FTC that has agonized so much about the future of journalism wound up killing advertising, the golden goose that has sustained free media in this country for centuries.
The market is evolving quickly here, with two very different “Do Not Track” tools debuting in Internet Explorer 9 and Firefox 4 just this week. Ultimately, it is the Internet’s existing standards-setting bodies, not Congress or the FTC, that have the expertise to resolve such differences and make a “Do Not Track” mechanism work for both consumers and publishers, as well as advertisers and ad networks.
You have to read all the way to the end to get exactly what the New York Times is getting at in its Sunday editorial, “Netizens Gain Some Privacy.”
Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.
That means Congress—or the federal agency it punts to—would tell authors of Internet browsing software how they are allowed to do their jobs. Companies producing browser software that didn’t conform to federal standards would be violating the law.
In addition, any Web site that tailored ads to their users’ interests, or the networks that now generally provide that service, would be subject to federal regulation and enforcement that would of necessity involve investigation of the data they collect and what they do with it.
Along with existing browser capabilities (Tools > Options > Privacy tab > cookie settings), forthcoming amendments to browsers will give users more control over the information they share with the sites they visit. That exercise of control is the ultimate do-not-track. It’s far preferable to the
New York Times‘ idea, which has the Web user issuing a request not to be tracked and wondering whether government regulators can produce obedience.
[I got enough push-back to a recent post arguing the existence of market nimbleness in the browser area that I’m unsure of the thesis I expressed there. The better explanation of what’s going on may be that regulatory pressure is moving browser authors and others to meet the peculiar demands of the pro-regulatory community. The reason they have waited to act until now is because they do not perceive consumers’ interests to be met by protections against tailored advertising. The question of what meets consumers’ interests won’t be answered if regulation supplants markets, of course.]
Today the Mercatus Center has released a short new paper I have authored on “Unappreciated Benefits of Advertising and Commercial Speech.” I begin the piece by noting that:
Federal policy makers, state legislators, and state attorneys general have recently shown interest in regulating commercial advertising and marketing. Several new regulatory initiatives are being proposed, or are already underway, that could severely curtail or restrict advertising or marketing on a variety of platforms. The consequences of these stepped-up regulatory efforts will be profound and will hurt consumer welfare both directly and indirectly.
I go on to note that “advertising can be an easy target for politicians or regulatory activist groups who make a variety of (typically unsubstantiated) claims about its negative impact on society,” but then continue on to explain how “the role of commercial speech in a free-market economy is often misunderstood or taken for granted.” I outline how, despite regulators’ concerns, consumers actually derive three important types of benefits from advertising and marketing: (1) Informational / Educational Benefits; (2) Market Choice / Pro-Competitive Benefits; and (3) Media Promotion / Cross-Subsidization. After discussing each benefit, I conclude that:
For these reasons, a stepped-up regulatory crusade against advertising and marketing will hurt consumer welfare since it will raise prices, restrict choice, and diminish marketplace competition and innovation—both in ad-supported content and service markets, and throughout the economy at large. Simply stated, there is no free lunch.
Read the entire 1,800-word essay here. I have also embedded the document down below in a Scribd reader.
Continue reading →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.