With administration preparing to weigh in with its final recommendations on privacy rights in the digital age, consumer groups from the U.S. and Europe are calling on it not to rely on what they call the "flimsy self-regulatory system" proposed in a preliminary report.
The preliminary report does not take positions on do-not-track or opt-in/opt-out regimes, two big issues in the online privacy debate. The final recommendations are meant to be the basis of the Obama administration's policy position on the privacy issue.
The letter, sent to FTC and European officials from the TransAtlantic Consumer Dialogue, the combined U.S./EU consumer group that includes Consumers Union, Consumer Federation of America and Center for Digital Democracy (CDD), USPIRG and others, is an effort trying to head off privacy bills and regs that rely on an icon-based opt-out regime, which they say is just an attempt to "quell" a "growing uproar" over online behavioral advertising (OBA).
The letter urges "the European Commission, the Obama Administration and the FTC to ensure that any self-regulatory approach effectively protects consumer privacy." They say the OBA icon regime does not address data collection profiling practices and is insufficient notice of just how much data is being routinely collected. "It is wholly unreasonable to expect consumers to know the convoluted links between online entities."
The groups argue that the icon regime has been used by industry both here and abroad to expand behavioral advertising practices. They say they are not against digital marketing, but for protecting consumer privacy. Among their key recommendations are:
- "Investigate and take regulatory action as needed to address new threats to consumer privacy from the growth of real-time tracking and sales of information about individuals' online activities on ad exchanges and other similar platforms.
- Commit to developing a global common standard for protecting privacy and consumer welfare in the digital marketplace that reflects the highest possible standards for human rights.
- Ensure a coherent implementation and proper enforcement of existing personal data protection and privacy legislation rules, including the principles of data minimization, necessity, purpose limitation, limitation of storage period, and data security.
- Address the constantly evolving techniques used by advertisers for the profiling of online users and adopt measures that go beyond the standard third-party cookies that have been the focus of regulators to date."
Jeff Chester, executive director of CDD, has said from the outset that the administration report should have rejected industry self-regulation out of hand given what he says are past failures.