The National Association of Attorneys General (NAAG) has made digital privacy and online childrens safety the center of its 2012-13 agenda, as the new NAAG president, Maryland attorney general Douglas Gansler, made clear in a statement in June, with its Privacy in the Digital Age initiative. On the heels of NAAGs initiative, Senator John D. Rockefeller (D-WV), chairman of the Committee on Commerce, Science, and Transportation, has aimed his committees arrows squarely at self-regulation for digital privacy, despite endorsements to the contrary from industry, the Federal Trade Commission and, more recently, the Obama Administration.
While President Obama has endorsed the idea of a Consumer Internet Privacy Bill of Rights together with limited legislation, unlike Rockefeller he clearly supports self-regulation and the efforts of the Digital Advertising Alliance (DAA), the consortium trying to lead industry to self-imposed solutionssuch as its Self-Regulatory Program for Online Behavioral Advertising and Advertising Option Iconrather than legislatively imposed sanctions.
However, the Senate committee, prompted by political pressures and anecdotal evidence, called for hearings on whether legislation was necessary to protect consumer privacy on the web, begging the question: Is self-regulation failing? Senator Rockefellers conclusion was clear and signaled a predetermined agenda in a June 28 posting on his blog:
. . . I have learned that self-regulation is inherently one-sided, and that the interests of consumers are often sacrificed for the demands of the bottom line. Until consumers are adequately protected, I will continue to push for legislation, and hold hearings, to address this imbalance.
Senator Rockefeller made a specific point of citing criticism directed at global online travel company Orbitz and its alleged policy of charging more for hotel rooms to Mac users than PC users. His use of an isolated example showed with particular clarity how anecdotes, told out of context, can unfairly fuel the fire of regulatory intrusion.
The reality is that price adjustment and practice differentiation among targeted consumers on the basis of income or zip code has gone on for decades. Such practices may anger affluent consumers, but they clearly benefit those with less discretionary income and provide for a more robust and efficient marketplace. In some ways, its really no different from politicians changing their tunes on economic reform depending upon the audience and the neighborhood in which they are working the electoral stumpbut thats politics. Never mind wavering politicians who can cost us all a lot more than analytical competitors.
The Senate committee heard from four witnesses: Alex Fowler, chief privacy officer of Mozilla, the creators of the Firefox web browser; Robert Liodice, president & CEO of the Association of National Advertisers (appearing on behalf of the DAA); Ohio State law professor Peter Swire; and Berin Szoka, president of TechFreedom and a former director at the Center for Internet Freedom.
Their testimony presented a diverse perspective on self-regulation, but none of the witnesses welcomed the idea of Congressional intrusion with open arms. Even Berin Szoka, an advocate for more federal regulation, expressed his belief that nothing new needed to be enacted and that the FTC already had the authority, but perhaps lacked the resources, to deal with the issues at hand.
Whether the testimony changed Senator Rockefellers promise to push for legislation or not remains to be seen. However, without question, he is taking aim at self-regulation and the industry is preparing to respond. Before I review why this should concern corporate counsel, it will be instructive to note some of the highlights of the testimony.
Alex Fowler, critical of the industry approach he described as notice and choice, testified that it remains unclear whether industry self-regulation, by itself, is a viable way to allow users to manage and control data collected and used about them by third parties. Believing that notice and choice was a marketplace failure, Fowler nonetheless commended the DAA. His criticism was largely directed at the results the DAAs Advertising Option program has achieved, claiming the number of users who use the icon is only 0.0035% per click. Of those, Fowler notes that only one in 20 opt out.
What Fowler misses in citing statistics, however, is the raw numbers. The same industry studies Fowler relies on also point out that the DAA icon has been delivered more than one trillion times, and over one million consumers have opted out. That is not an insignificant number by any count, and it is a clear indication that a very large number of consumers understand the DAA program. Fowlers statistics belie the real, tangible responses from consumers.
Even Fowler, the most outspoken critic among those who testified, suggested that the solution is broadening self-regulation by including other relevant stakeholders. He endorsed the activities of the Tracking Protection Working Group of the World Wide Web Consortium (W3C), noting that this group is committed to following a consensus-based approach to achieve a protocol that everyone can live with.
Szokas similar endorsement of the W3Cs efforts was, at best, tepid, fearing that the organization was missing important stakeholders but describing it as the worst possible process, except for all the others. Nonetheless, he was also supportive of the DAAs efforts, noting that they provided the flexibility, speed, and decentralization necessary to address Internet policy challengesnot perfectly, but better than government efforts.
Interestingly, while Szoka believes self-regulation is not enough and legislation is needed, he testified that the FTC, not Congress, should be tasked with setting baseline standards. His solution was to strengthen the FTC and allow it greater latitude under the Fairness Doctrine to establish guidelines for industry to follow and enforce self-regulation by holding companies to their promises.
Swire noted that self-regulation works best when there is a credible threat that government will step in if industry does not do a good job. The balance of his testimony was critical of the DAAs exceptions to a consumers opting out, believing they were so open-ended that I have not been able to discern any limits on collection under them. He suggested that the DAA might look to other industry efforts, such as telephone-marketing best practices and standards adopted by research firms like Gallup, to tighten its rules.
Liodice stated that online advertising fuels economic growth and job creation, and supports a wealth of online resources that consumers can access at low or no cost, and that industry recognizes and respects that some consumers may prefer not to receive such advertising or to have data collected about their web browsing even on an anonymous basis. Most importantly, Liodice pointed out that the DAA program is ever-evolving and improving as the industry considers criticism and suggestions from other stakeholders. The last thing the process needs at this point is premature government intrusion.
While some of those who testified were critical of how far industry has progressed through the DAAs self-regulation program, suggesting that changes were necessary and that other views need to be considered, one message rang clear: Congress should stay out of the process. Between the DAA, the W3C, and technology companies, solutions are being advanced that, given time and guidance from the FTC, will address consumer needs and concerns.
So what is corporate counsels role in this evolution?
First and foremost, companies need to send a clear hands-off message to the Senate Committee on Commerce, Science, and Transportation. Members of the committee can be found here [PDF].
Second, companies must become DAA-compliant. Visit aboutads.org to learn how. Delay in doing so will only fuel the fires of criticism and give pundits an opportunity to turn opt-out into opt-in and establish a regime that would be devastating to long-established marketing practices both on- and offline.
Finally, companies must reexamine their privacy polices, how they track consumer behavior, and what they do with information when targeting customers. Corporate counsel, even for the largest of online marketers, may not be fully in the loop regarding company marketing practices. In such a high-stakes game, ignorance is no excuse.
See also: The Digital Clock is Ticking for Online Marketing, CorpCounsel, June 2012.
