JonathanBonillaFirstPaper 2 - 09 Mar 2009 - Main.JonathanBonilla
|
|
META TOPICPARENT | name="FirstPaper%25" |
| | -- By JonathanBonilla - 09 Mar 2009 | |
< < | I. Online Behavioral Advertising | | As seen in O’Harrow’s No Place to Hide, online data aggregation can pose a real problem to consumers. One specific and pervasive form of data aggregation occurs as a result of “online behavioral advertising.” Essentially, any time a user visits a site, performs a search, purchases a product online, or otherwise submits personal information to a site that participates in such advertising, this information is stored in order to track the user’s “behavior” and tailor future online advertisements to fit the predicted desires of that user. | |
< < | II. Current Regulatory System | > > | History and Current Regulatory System | | Under the current system of US regulation, online behavioral advertising is monitored by the Federal Trade Commission (FTC). 15 U.S.C. §45 (a) provides a broad statutory mandate for the FTC to prohibit “deceptive acts or practices in or affecting commerce.” This has been interpreted by the FTC to implicate situations where companies collect or use customer data in a manner contrary to that company’s stated privacy policy, which is punishable as an unfair or deceptive practice. As a result of this interpretation, the FTC assumed jurisdiction in this area and has since been closely following the development of online behavioral advertising. | |
< < | To begin regulation of this field, in 1998 the FTC presented to Congress a report containing the “core principles of privacy protection” to guide industry practice. These core principles included notice to consumers regarding what is collected, choice to consumers as to how it will be used, consumer access to the collected data, security of the collected data, and enforcement mechanisms (self-regulatory, private remedy, government enforcement) for the principles. However, this report merely presented possibilities for regulation, and no further action was taken at the time, despite the report’s conclusion that there is “real need for implementing the basic fair information practices.” Further reports were sent to Congress, such as in 2000, when the FTC asked for legislation to support an otherwise self-regulatory scheme for online behavioral advertising, based on the 1998 report’s core principles. Congress failed to enact this legislation, though the self-regulatory scheme took off, using the newly-created Network Advertising Initiative (NAI) to enforce the core FTC principles. NAI represents roughly 90% of the advertising industry. | > > | Regulation in this field began in 1998, when the FTC presented to Congress a report containing the “core principles of privacy protection” to guide industry practice. These core principles included notice to consumers regarding what is collected, choice to consumers as to how it will be used, consumer access to the collected data, security of the collected data, and enforcement mechanisms (self-regulatory, private remedy, government enforcement) for the principles. However, this report merely presented possibilities for regulation, and no further action was taken at the time, despite the report’s conclusion that there is “real need for implementing the basic fair information practices.” Further reports were sent to Congress, such as in 2000, when the FTC asked for legislation to support an otherwise self-regulatory scheme for online behavioral advertising, based on the 1998 report’s core principles. Congress failed to enact this legislation, though the self-regulatory scheme took off, using the newly-created Network Advertising Initiative (NAI) to enforce the core FTC principles. NAI represents roughly 90% of the advertising industry. | | The FTC did not re-examine this issue until 2006, when it began holding hearings to determine future action relating to online behavioral advertising. A series of updated principles were created and then altered over the next several years, based on input from privacy advocates and advertisers, alike. Throughout this time period, as well, Congress has failed to legislate on the issue. | |
< < | III. Problems and Possible Solutions | > > | Problems and Possible Solutions | | One issue with the current system is apparent in the fact that NAI does not represent the entirety of online advertisers. As a result, NAI is powerless to enact sanctions against non-complying entities whom are not members. This was one of the reasons FTC sought congressional legislation in 2000. While it is true that FTC may still take action under the “deceptive practices” mandate, against those companies that do not follow the provisions of their privacy policies, that alone does not go far enough to ensure the privacy of online consumers. For example, a company might not have a privacy policy that clearly illuminates how the data is being used; in such a situation, it would be hard to find the company broke their agreement with the consumer, where the agreement itself was overly vague. | | As online behavioral advertising is a rapidly expanding process, these developments are certainly noteworthy to all online consumers. | |
< < | (Word Count: 968) | > > | (Word Count: 965) | | (Citations to be added)
|
|
JonathanBonillaFirstPaper 1 - 09 Mar 2009 - Main.JonathanBonilla
|
|
> > |
META TOPICPARENT | name="FirstPaper%25" |
Online Behavioral Advertising and the Federal Trade Commission
-- By JonathanBonilla - 09 Mar 2009
I. Online Behavioral Advertising
As seen in O’Harrow’s No Place to Hide, online data aggregation can pose a real problem to consumers. One specific and pervasive form of data aggregation occurs as a result of “online behavioral advertising.” Essentially, any time a user visits a site, performs a search, purchases a product online, or otherwise submits personal information to a site that participates in such advertising, this information is stored in order to track the user’s “behavior” and tailor future online advertisements to fit the predicted desires of that user.
II. Current Regulatory System
Under the current system of US regulation, online behavioral advertising is monitored by the Federal Trade Commission (FTC). 15 U.S.C. §45 (a) provides a broad statutory mandate for the FTC to prohibit “deceptive acts or practices in or affecting commerce.” This has been interpreted by the FTC to implicate situations where companies collect or use customer data in a manner contrary to that company’s stated privacy policy, which is punishable as an unfair or deceptive practice. As a result of this interpretation, the FTC assumed jurisdiction in this area and has since been closely following the development of online behavioral advertising.
To begin regulation of this field, in 1998 the FTC presented to Congress a report containing the “core principles of privacy protection” to guide industry practice. These core principles included notice to consumers regarding what is collected, choice to consumers as to how it will be used, consumer access to the collected data, security of the collected data, and enforcement mechanisms (self-regulatory, private remedy, government enforcement) for the principles. However, this report merely presented possibilities for regulation, and no further action was taken at the time, despite the report’s conclusion that there is “real need for implementing the basic fair information practices.” Further reports were sent to Congress, such as in 2000, when the FTC asked for legislation to support an otherwise self-regulatory scheme for online behavioral advertising, based on the 1998 report’s core principles. Congress failed to enact this legislation, though the self-regulatory scheme took off, using the newly-created Network Advertising Initiative (NAI) to enforce the core FTC principles. NAI represents roughly 90% of the advertising industry.
The FTC did not re-examine this issue until 2006, when it began holding hearings to determine future action relating to online behavioral advertising. A series of updated principles were created and then altered over the next several years, based on input from privacy advocates and advertisers, alike. Throughout this time period, as well, Congress has failed to legislate on the issue.
III. Problems and Possible Solutions
One issue with the current system is apparent in the fact that NAI does not represent the entirety of online advertisers. As a result, NAI is powerless to enact sanctions against non-complying entities whom are not members. This was one of the reasons FTC sought congressional legislation in 2000. While it is true that FTC may still take action under the “deceptive practices” mandate, against those companies that do not follow the provisions of their privacy policies, that alone does not go far enough to ensure the privacy of online consumers. For example, a company might not have a privacy policy that clearly illuminates how the data is being used; in such a situation, it would be hard to find the company broke their agreement with the consumer, where the agreement itself was overly vague.
Along those lines, if Congress continues to fail to enact specific legislation for this issue, Congress could at the least expand on the FTC mandate to allow FTC to take direct action. Currently, FTC does not feel it has the statutory authority to issue regulations relating to online behavioral advertising, which in itself is a problem since it results in FTC trying to find and justify a roundabout solution (self-regulation), instead of attempting direct regulation, which it arguably could based on the existing mandate.
Another issue with the current FTC guideline-based self-regulatory scheme is that it is centered on a contract-theory of the privacy policy of the website being used, where the user is free to view the privacy policy, but need not expressly assent to the terms. The issue with this contract approach is that when using various websites during any given day, it is unlikely the average non-law-educated consumer will take the time to read through and understand each privacy policy of every website, prior to using the website. As a result, it seems much of the benefit of providing such transparency may be lost in the real world.
One possible solution would be to require express assent prior to collecting or using any personal information (FTC guidelines already require express assent for use of “sensitive data”). However, the same problem arises here as did before: much like it is common for users to click-through a EULA without reading it, prior to installing a computer program, it would seem likely that users would also not pay much attention to a large wall of text describing the details of a website’s privacy policy, when all the user wants to do is get to the content of the website as quickly and easily as possible.
In such a situation, where ease of computing is a large factor, it would appear that a statutory solution in limiting the specific uses of certain information would be warranted. Unfortunately, being that Congress has neglected to enact such on multiple occasions, the only remaining option would be a state-by-state approach. Indeed, several states in 2008 already proposed bills relating to the regulation of behavioral advertising. Massachusetts, for instance, was able to pass their version, though it primarily deals with safeguarding personal information once it has been obtained by the advertisers.
As online behavioral advertising is a rapidly expanding process, these developments are certainly noteworthy to all online consumers.
(Word Count: 968)
(Citations to be added)
# * Set ALLOWTOPICVIEW = TWikiAdminGroup, JonathanBonilla |
|
|
|
This site is powered by the TWiki collaboration platform. All material on this collaboration platform is the property of the contributing authors. All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
|
|