Will We Ever Get Strong Internet Privacy Rules?

 

This has been a tough few weeks for privacy rights on the Internet. Google changed its privacy policy so it can combine the information it collects from different sources – including gmail, searches, and web browsing – to make a more complete dossier on who we are and what we do online. And the Wall Street Journal reported that Google and other online advertising companies have been bypassing the privacy settings of people who use Safari, the popular Apple web browser.

(MORE: New Google Privacy Policy May Violate European Law)

In the middle of these privacy blow-ups, the Obama administration announced a new set of online privacy policies – a 62-page document called “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” The White House has the right intentions, but it is not clear that these policies will have the teeth necessary to effectively protect people’s online privacy.

It’s no great secret what the fighting over online privacy is about. Many Internet users want to be able to browse the Internet, use search engines, and view websites without anyone keeping a record of it. People do a lot of things online that they may want to keep secret – for example, looking up symptoms of diseases (which health insurance companies may consider in writing coverage) and visiting non-mainstream political sites (which the government might want to know about).

When technology companies keep track of online activity, privacy problems radiate out in all directions. These companies could sell the data to people who will do harmful things with it – including employers, who could use it to vet potential hires. This kind of data can easily end up in the hands of the government, which can subpoena it from the tech companies – and suddenly, we are living in a Big Brother state.

(MORE: Can You Be Fired For Your Genes?)

If many Internet users strongly oppose data collection of this sort, Internet companies feel just the opposite. Personalized consumer data is marketing gold – it can be used to direct “behavioral advertising” at Internet users, targeted very specifically to their tastes. Behavioral advertising is fast crowding out old-fashioned advertising models – and the financial pressure to collect and store more of this sort of data is overwhelming.

The Obama administration’s privacy guidelines are a step in the right direction. They create a “Consumer Privacy Bill of Rights,” which contains good privacy principles, starting with “individual control,” meaning that consumers have the right to exercise control over what personal data is collected about them and how it is used. And the administration is calling on Google, Facebook, and other Internet companies to sit down with privacy advocates to develop codes of conduct for protecting Internet users’ data.

That’s the good news. But there are also some real problems. The guidelines are broadly phrased and allow a great deal of wiggle room. For example, they say that consumers have a right to “reasonable” limits on the personal data that companies collect and retain – and “reasonable” is just the sort of word that can be stretched beyond all recognition. To take effect, the guidelines will need to be turned into an actual law by Congress – and before the lobbyists are done, worthy principles may be turned into toothless rules.

(MORE: The Human Cost of Apple’s Success)

Another problem with the guidelines is that they rely a great deal on voluntary agreements from Internet companies. The Obama administration did not include a “do not track” requirement – as many privacy advocates wanted. This would operate like the very popular federal “do not call” registry, which allows people to sign up not to get marketing telephone calls – only in this case, people would be able to opt out of having their online movements tracked. Big Internet companies, including Google, Microsoft, and Yahoo! have reportedly agreed voluntarily to include “do not track” buttons on their browsers. But there is a problem with this: tech companies change their privacy policies constantly (think: Facebook), and they may change how they track users when the pro-privacy heat dies down and few people are looking.

It was great to hear the President speaking out about Internet privacy – and to see some worthy policy guidelines coming out of the federal government. Rather than celebrate the announcement, however, people who care about privacy should monitor how these guidelines get translated into law – and how tech companies actually behave.

(MORE: Ten Ideas That Are Changing Your Life)

Cohen, the author of Nothing to Fear, teaches at Yale Law School. The views expressed are solely his own.

 

Leave a Reply