The Federal Trade Commission just released a kind of online privacy mission statement in the form of a 112-page document that calls on companies to pledge support for consumer privacy-bolstering policies. Employing the vernacular of the soft-skills industry, the FTC calls its recommendations “best practices” and says they’re designed to give us “greater control over the collection and use of [our] personal data through simplified choices and transparency.” By doing so, the FTC says companies can “enhance trust and stimulate commerce.”
The FTC basically wants companies that collect information about you when you’re online — including key-holder browser manufacturers — to commit to complying with these rules: to “self-regulate.” Companies that adhere to the guidelines will be viewed “favorably” by the FTC, while the agency says it will “take action against” companies that “engage in unfair or deceptive practices” or that pledge compliance but violate the rules anyway.
The most significant principle in the report is probably the “Do Not Track” rule, the online equivalent of the national “Do Not Call” registry — a way for you to opt out of information collection as you browse websites or encounter ads. Giving itself a pat on the back, the FTC claims that browser-makers “have [already] developed tools that consumers can use to signal that they do not want to be tracked” and notes the W3C (the World Wide Web standards organization) “has made substantial progress in creating an international standard for Do Not Track.”
I’m a Safari user, and I’d argue that’s an oversimplification of how things actually work today. In Safari, for instance, you can enable “Private Browsing,” but all that does is disable your local browsing history. If you want to fully shut down website tracking, you have to dig into your browser’s privacy settings and disable cookies, and even then, sites still track your IP address. What’s more, if you disable cookies entirely, you’ll make it impossible to browse most websites or access basic web tools. At the browser level, the line between “what you can do” and “what you ought to do” is as nebulous as ever.
How far should we reasonably expect a “Do Not Track” option to protect us, while still allowing us to access online sites and services? If much of the Internet depends on advertising and the FTC’s guidelines “break” that relationship — that is, between consumer and consumable — what then?
According to Information Technology & Innovation Foundation senior analyst Daniel Castro, the FTC’s latest rules are “misguided.” “The new report shows the FTC still does not understand the fundamental economics of the Internet,” said Castro in a statement. “The FTC’s recommendations would create economic burdens that could stifle the efficiency and innovation that consumers also want from the Internet.”
By contrast, the FTC report is being celebrated by groups like nonprofit Consumer Watchdog, whose director John Simpson said in a statement: “The FTC’s support of Do Not Track means that consumers should have a meaningful way to control the tracking of their online activities by the end of the year.”
I can’t stand online ads, auto-play videos, pop-ups windows or frankly anything that happens in my browser without my explicit permission, and so I use several effective third-party ad-blocking extensions and blacklists. I don’t view companies as inherently good or bad, but as engines of commerce that’ll do whatever the law allows to improve their position. In a consumption-driven economy, with online information easily had, that means gleaning whatever the law allows them to about us, from tastes to habits, then employing targeted ads and so forth. However you feel about the government’s involvement as a regulatory force, it’s still incumbent on us to protect ourselves by effectively using the tools to hand. And there should never be a requirement, or even a sentiment, that we feel obligated to trade away basic privacy rights for the sake of “efficiency and innovation.”
In any case, the FTC’s report is still just a collection of recommendations, a “take this under advisement” document and not a list of formal regulatory protections. Scan through the document and you’ll find a lot of “companies should” rhetoric. “Companies should comply with…,” “Companies should adopt…,” “Companies should give…” and so forth. The question remains whether companies are going to take any of those “shoulds” seriously.