HAYMARKET, Va. — FOUR years ago, the Federal Trade Commission announced, with fanfare, a plan to let American consumers decide whether to let companies track their online browsing and buying habits. The plan would let users opt out of the collection of data about their habits through a setting in their web browsers, without having to decide on a site-by-site basis.
The idea, known as “Do Not Track,” and modeled on the popular “Do Not Call” rule that protects consumers from unwanted telemarketing calls, is simple. But the details are anything but.
Now, finally, an industry working group is expected to propose detailed rules governing how the privacy switch should work. The group includes experts but is dominated by Internet giants like Adobe, Apple, Facebook, Google and Yahoo. It is poised to recommend a carve-out that would effectively free them from honoring “Do Not Track” requests.
If regulators go along, the rules would allow the largest Internet giants to continue scooping up data about users on their own sites and on other sites that include their plug-ins, such as Facebook’s “Like” button or an embedded YouTube video. This giant loophole would make “Do Not Track” meaningless.
How did we get into this mess?
For starters, the Federal Trade Commission doesn’t seem to fully understand the nature of the Internet.
Online companies typically make money by utilizing data gleaned from their users to sell targeted ads. If the flow of user data slows down, so does the money. A study commissioned by the Interactive Advertising Bureau with researchers from Harvard Business School underscores the point: at least half of the Internet’s economic value is based on the collection of individual user data, and nearly all commercial content on the Internet relies on advertising to some extent. Digital advertising grew to a $42.8 billion business last year, a sum that already exceeds spending on broadcast television advertising.
Essentially, the collection of user data makes possible the free access to maps, email, games, music, social networks and other services.
Digital privacy advocates, understandably, view the online ecosystem differently. They are alarmed by the growth of the surveillance economy, in which companies compile and store information about what a user reads, looks for, clicks on or buys. In this world, disclosure is fairly meaningless, because almost no one reads the terms of service that define the relationship between the customer and the company.
The regulatory process is the wrong way to address this fundamental tension. If the government wants to shift the Internet economy away from a “barter” system (exchanging personal data for free services) toward a subscription-based system, Congress should take charge.
Even worse, the Federal Trade Commission has abandoned responsibility, all but throwing up its hands. Instead of leading the effort to write good rules, based on the broadest public participation, the commission has basically surrendered control of the process to the industry panel, the “tracking protection working group” of the World Wide Web Consortium, or W3C.
The industry recommendation is expected to distinguish between companies that have a “first party” relationship with users — consumer-facing Internet content providers and Internet service providers — and “third party” companies, which include most small advertising-technology companies.
First-party relationships would be created if the user “intends to interact” with the web company (or a service provider acting on behalf of that company). For example, logging into Facebook would count as a “user action” that would allow Facebook to track your activity “across multiple distinct contexts,” including other websites.
In contrast, companies with third-party relationships would have far more limited tracking abilities. For example, if a user visits a site that integrates an advertisement with content from other sources, the ad server would not be able to place a tracking “cookie” for marketing purposes on your device without your consent.
This dubious distinction would harm competition in the online ad market by turning “Do Not Track” into “Do Not Track for small ad companies only.” Google, Facebook and other large companies that operate both first- and third-party businesses would be able to use data they gather through their first-party relationships to compete in the third-party ad market. Smaller ad tech companies would be at a severe competitive disadvantage and could even be driven out of the market.
The Federal Trade Commission shouldn’t help pick winners and losers through a murky process that has devolved into an effort to protect the positions of Internet giants. It should stay focused on policing the behavior of companies that short-shrift consumers or restrict competition. If the industry group recommends a lopsided version of “Do Not Track,” as expected, the commission should not go along with it. The correct balance between privacy and competition is a decision better left to Congress than to a feckless regulator.