Microsoft Corp., Redmond, WA, the Internet's largest advertiser, startled consumer advocates and business leaders alike this week when it upped the ante in the privacy debate by announcing a policy requiring all of its online advertising partners to post comprehensive policies in accordance with FTC guidelines beginning next year.
The business community has to face the complicated issue of privacy and Microsoft intends to lead the way, said Bob Herbold, executive vice president and chief operating officer at Microsoft.
“Inadequate privacy protection is a top barrier to the continued growth of e-commerce,” Herbold said. “Our goal is to provide the leadership, expertise and technologies to help move the industry forward.”
Microsoft's move goes beyond that of IBM Corp., Armonk, NY, which established a similar online measure in April, but one that referred to guidelines set by the Online Privacy Alliance, which uses a wider tooth comb in guiding businesses on what the contents of a posted policy should be.
In establishing its policy, Microsoft made clear that it would be tightening the standards and advancing the debate on industry self-regulation by focusing less on the posting of policies and more on their actual contents. Herbold said the company plans to “restrict its purchases of online advertising space in the United States to Web sites that have posted comprehensive privacy policies.” By using the word comprehensive, it clarified exactly what it meant in terms of core principles:
* Notice to the customer of information being collected about them.
* Consent to provide such information.
* Access to the information.
* Assurances over the security of the information, including considerations for children.
* Enforcement of the privacy statement.
Microsoft spokeswoman Melissa Keveli said the company's position is “that privacy has not been made a high enough priority and could potentially slow the growth of e-commerce.”
The move by Microsoft, which painted the Internet with $34 million in banner advertising in 1998, was announced at last week's PC Expo in New York. About $2 billion is thought to have been spent last year for Internet advertising by all U.S. companies.
By requiring Web sites to meet the federal government's recommended guidelines, some business leaders suggested privately that Microsoft was by default casting itself as the Internet world's police force, noting that the company also was developing privacy software products that could leverage the issue to its financial benefit.
At IBM, spokesman John Bukovinsky was more interested in expressing satisfaction with the industry's continued moves toward responsible self-regulation rather than the focus Microsoft was placing on the details of the FTC's guidelines.
“We are delighted that the Microsoft Corp. is following our lead,” he said.
Since IBM made its privacy policy announcement in March, Bukovinsky said 349 of the 357 Web sites running IBM banner advertising had posted policies as of this month's deadline. Bukovinsky said IBM pulled all advertising from the remaining eight Web sites that didn't comply.
At the Electronic Privacy Information Center, executive director Marc Rotenberg said, “I think it's significant that Microsoft is requiring privacy pledges, but I think the critical question is still with us: 'What is being is done to provide privacy protection?' Our assessment is that there is still a large, large gap between privacy pledges and privacy protection. That is the critical question that the industry is going to have to focus on.”
It's clear that Microsoft timed its announcement to coincide with July's continuing congressional hearings on privacy and banking reform legislation, which numerous industry groups — including Microsoft — have lobbied heavily against. And its legal fight with the Justice Department over anti-trust issues is likely to be playing some political role as well. Moreover, the Direct Marketing Association is poised to address issues related to findings about its Privacy Promise as of July 1.
A survey conducted by Georgetown University that was released earlier this month found that the majority of commercial, nonadult-oriented Web sites are posting privacy policies, but it also found that less than 10 percent were abiding by the FTC guidelines. Microsoft's move to require Web sites to meet those guidelines significantly moves the industry toward a tougher standard and presumably further away from congressional oversight.
Some privacy experts expect the FTC to eventually recommend that legislators leave the issue to the business community, and Microsoft's move to draw a line in the sand may be what lawmakers are looking for.
Microsoft already offers a software solution allowing Web sites to develop comprehensive privacy statements using Privacy Wizard, a free online tool that asks a series of simple questions and generates a “template” privacy statement that can be reviewed, revised and posted. The company said it will continue to support the development of a standard platform for privacy, the Platform for Privacy Preferences Project, which was initiated in 1997 by the World Wide Web Consortium.
