Privacy Implications of Online Advertising – and NebuAd – Under Senate Scrutiny

WASHINGTON, July 9 – The CEO of upstart online advertising company NebuAd sparred with the head of the non-profit Center for Democracy and Technology at a Wednesday Senate hearing about the privacy implications of internet advertising.

By William G. Korver, Reporter, BroadbandCensus.com

WASHINGTON, July 9 – The CEO of upstart online advertising company NebuAd sparred with the head of the non-profit Center for Democracy and Technology at a Wednesday Senate hearing about the privacy implications of internet advertising.

NebuAd needs more “transparency,” and consumers deserve easier ways to opt-out of its advertising model, said CDT President Leslie Harris at a Senate Commerce Committee hearing.

NebuAd CEO Robert Dykes said his company only uses limited amounts of user behavioral data obtained from internet service providers (ISPs), and said that the company offers a “robust” notice permitting users to opt out.

Dykes continually sparred with Harris at the hearing, which also featured witnesses from Facebook, Google, Microsoft, the Federal Trade Commission, and the non-profit Competitive Enterprise Institute.

At the hearing, the Microsoft Associate General Counsel Mike Hintze reiterated the software company’s support for federal privacy legislation to provide a “baseline” of minimum privacy standards. States could enact more stringent requirements.

Many of the panelists agreed with the need for federal legislation – but not Facebook Chief Privacy Officer Chris Kelly, who offered no comment on whether his company supported such legislation.

The Federal Trade Commission also continues to favor self-regulation, said Lydia Parnes, director of the agency’s Bureau of Consumer Protection.

Privacy is “not a thing to legislate,” said Clyde Crews, director of technology studies for the Competitive Enterprise Institute. Speaking as if to an individual who desires privacy, Crews said: “then the Internet is not for you.”

Facebook’s Kelly said that his company was a good example of a company abiding by self-regulation. Legally, Facebook could inform advertisers of user’s identities, but the company chooses not to, he said. Facebook only tells advertisers the information that a user selects to share.

A user may also bar those who are not his or her online “friends” from seeing that user’s profile, Kelly said. Hence all shared information is provided voluntarily by individual users.

Hintze and Jane Horvath, senior privacy counsel for Google, said that their companies keep user information for 18 months. CDT’s Harris called that far too long.

On the NebuAd controversy, committee member Sen. James DeMint, R-S.C., argued that legislation targeting the NebuAd model is an example “of a solution looking for a problem.”

But Harris called for NebuAd to switch to an opt-in approach and offer greater transparency about its business practices. She also called for the creation of a “Do Not Track” system and urged that privacy laws in existence for 20 years be updated.

Still, all of the witnesses agreed that legislation targeting the NebuAd model would prove difficult, particularly because the model offers up users advertising that is potentially more relevant because the ads are targeted to his or her needs, and may promote advertiser-supported free content.