WASHINGTON, July 25, 2009 - Advertisers need to consider consumers’ right to privacy when they collect information on individual internet consumers, a panel of academics, non-profits and industry officials agreed on Friday.
The experts spoke during a panel discussion sponsored by the Technology Policy Institute, a market-oriented think tank on technology issues.
Emphasizing the success of the Internet as an unregulated medium, Florida Republican Rep. Cliff Stearns said it is important to treat any such legislation with caution.
Stearns said that “only the consumer” knows how he or she feels about the information being collected about him.
Still, increased transparency and choice would help in resolving the conflict between advertisers’ needs for information and consumers’ privacy.
Any legislation passed should apply the same privacy rules to similar types of companies collecting the same type of information for the same reasons, he said, and parties accountable only for what they know and control.
Besides the Federal Communications Commission and the Federal Trade Commission, Stearns suggested that a new agency could be formed for this type of regulation.
During the panel discussion that followed Stearns’ remarks, Alessandro Acquisti, associate professor of information technology and public policy at the Heinz College, Carnegie Mellon University, said that the free market approach might not create an equilibrium between information and privacy, as some people expect.
Many consumers, said Acquisti, “tend to act in a short-sighted manner,” by volunteering personal information for short-term benefits, such as price discounts, and then pay the price later on.
While individual data points cannot be immediately used to identify a consumer, they can, when combined, become “way more sensitive.” For example, when a consumer’s date of birth and state of birth are combined, they can be used to predict his or her social security number, he said.
While there is technology consumers can use to authenticate themselves without identifying themselves, the market is not sufficient to push this technology to full adoption, he said.
Despite the risks associated with collecting consumers’ data, banning data collection is both “impossible” and “undesirable,” said Gerard Lewis, vice president, deputy general counsel and chief privacy officer for Comcast.
Data, ranging from factual and transactional to more personal data, said Lewis, is the “exhaust” of computer systems.
The real issue is not that data is collected and stored, but how, when, and by whom it’s used and associated, he said.
Alan Davidson, director of government relations and U.S. public policy for Google, disagreed with the idea of a “trade-off” between information and privacy.
Advertising and privacy are “not a zero-sum game,” he said.
Davidson spoke of the need to protect consumers’ privacy as a “simple business issue.” If consumers don’t trust internet services, said Davidson, “they aren’t going to use them.” This would ultimately harm the advertisers themselves.
Consumers, therefore, should have transparency and “meaningful choices,” he said.
When Google displays an ad, said Davidson, two notices are displayed along with the ad, one identifying who the advertiser is and the other identifying who placed the ad. Google then allows customers, if they wish, to install a plug allowing them to continually opt out.
Leslie Harris, president of the Center for Democracy and Technology, agreed with Davidson that there is no inherent contradiction between information collection and privacy. Still, CDT supports a “baseline privacy law,” She said.
Privacy legislation, said Harris, is “not about draconian restriction on companies,” but about “providing consumers with choice,” especially since it is the consumer’s data.
Harris also spoke on the negative effects of consumer privacy violations on advertisers. “When there’s no trust in the medium, there will be devastating results,” she said.
Paul H. Rubin, senior fellow at the Technology Policy Institute, and Samuel Candler Dobbs professor of economics and law at Emory University in Atlanta, disagreed with Davidson and Harris, saying that “there is a trade-off between privacy and information.”
While there are risks with internet transactions, they are still safer than “real transactions” on paper, he said.
The reason, said Rubin, that many people don’t know about data related risks is because they haven’t bothered to learn about them, because nothing bad has really happened so far.
Rubin posed the following question: why should data collection be more regulated when no one has been able to point to specific harms to consumers?