Web Continues Driving Privacy Debate
The Federal Trade Commission completed a random review of 1,200 sites last month to see whether they are taking steps to protect consumer privacy. It will present its findings to Congress in early June. The FTC was looking for the following in its sweep:
* Notice by sites of their information gathering and dissemination policies.
* Consumer control over personal information.
* Verification and oversight of claims made by the site.
* Recourse for resolving user complaints.
A week after the FTC's online sweep, the privacy debate heated up again when Microsoft Corp. purchased the Firefly Network (www.firefly.com) for $40 million. Firefly has caused controversy over its Web-based data collection and consumer profiling capabilities.
Meanwhile, the DMA is fielding members' comments on the guidelines it sent out last week. The document, "Practices for Satisfying the DMA Privacy Promise," outlined the keys to compliance in all media as:
* Giving customers notice of information practices.
* Offering customers an opportunity to opt out of having information about them transferred for the purpose of being contacted by others.
* Maintaining and using an in-house suppression file.
* Using the DMA's Mail and Telephone Preference Service (MPS/TPS) files.
H. Robert Wientzen, DMA president and CEO, said the association will introduce an e-mail preference service "within a few months."
Many question whether the DMA's efforts will be enough to quell consumers' fears over the collection of personal data online.
"People are five times more likely to have their privacy invaded offline than online, but it's a much bigger issue online," said Susan Scott, executive director at nonprofit online privacy group TRUSTe (www.etrust.org). She cited consumer ignorance as a primary cause. "All people know is that information [online] can be transferred very quickly and it scares them," she said.
Ari Schwartz, policy analyst at The Center for Democracy in Technology, Washington, raised concerns over a passage in "Practices for Satisfying the DMA Privacy Promise" that says notice of information practices need not be given on the medium originally used to contact the customer.
"It's important for consumers to understand their privacy rights as the transaction is occurring and through the same media," he said. Also, the DMA privacy promise makes no mention of enforcement beyond loss of membership for violators.
Scott said the guidelines fall short in the areas of oversight and recourse.
"Everybody is saying [about the DMA's privacy efforts] 'What's in it for them?' They should be commended for taking a hard line on [compliance], but because of self interest, they've got a credibility problem," she said. "They need to find an enforcement process that doesn't go back to the DMA."
To be fair, TRUSTe's aim to be just the type of third-party evaluator that Scott says the DMA needs means she isn't entirely unbiased.
Solveig Singleton, director of information studies at the Cato Institute, Washington, a libertarian think tank, said privacy advocates can be expected "to fuss that the new DMA rules do not go far enough." Singleton called recent heightened concerns over privacy misguided.
"In the United States, free trade in information should be the rule, not the exception," Singleton said.
Wientzen said the DMA is well aware of special sensitivities surrounding electronic marketing, which is why the organization published guidelines (albeit not mandatory) covering issues unique to online marketing, available at www.the-dma.org.
"Consumers are uneasy because they don't have an understanding of the information practices going on in the electronic marketing world," he said. "Most of that is because of a lack of knowledge."
Wientzen called the privacy promise "probably the first stage" of the DMA's privacy efforts overall.
"Along the way, we will probably find some additional fine-tuning that needs to be done," he said, "but for the moment, this is adequate."