A bill introduced by Rep. Edward J. Markey, D-Mass., seeks to force Internet companies to dump customer data after a certain period of time. If made law, the initiative will weaken the intelligence-gathering mechanism that makes the $15.6 billion online advertising business effective.
Rep. Markey, a lightning rod for a number of pieces of legislation having to do with consumer privacy and personal data, said in a statement that Internet companies cannot "rely on a bottomless, timeless database that can do great damage despite good intentions."
But the bill, if adopted, would particularly restrict search engines and portals, and their clients' current way of doing business, said policy experts, endangering what online-research firm eMarketer anticipates will be a $6.7 billion search market this year.
They point to the fact that such data online is the basis of marketers' ability to target customers and measure the effectiveness of campaigns. Yahoo, for example, keeps a database of all its registered customers' past behavior to help advertisers pinpoint the right audience for a product or service. Google is certainly building a database of registrants as it signs up users for services such as Gmail and Google Video, experts said.
As a result, the legislation could cost marketers-and subsequently consumers-millions of dollars, said Joe Rosenbaum, partner and head of the e-commerce and information technology group at law firm Reed Smith. "Imagine if all credit-reporting agencies had to dump all historical data-consider what the cost of loans and mortgages would be?" he said. "In the same vein, marketing folks would have to increase the cost for getting good responses. Instead of e-mailing to 100,000 people, I'd have to mail to 200,000 to get the same response rate."
Rep. Markey's bill is driven by media attention on the government's subpoena to get Google to give up its search data, as well as the publicity surrounding security breaches and robberies of customer data, such as the 145,000 customer profiles stolen from ChoicePoint last year.
"Data is an enormous point of contention for consumers and marketers," said Trevor Hughes, who heads up marketing associations the Network Advertising Initiative and the International Association of Privacy Professionals. "Everyone needs to pay close attention to this. If they don't, then consumers start to complain, and that's when we end up with restrictions in a channel that was once free and clear."
No marriage yet
Neither Google nor Yahoo have publicly rolled out services that would marry customers' personally identifiable behavior elsewhere on their sites to better target paid-search ads, but many believe it's not far off. And Microsoft, in retooling its strategy to rely on Internet advertising, is gearing its new products on asking consumers what sort of advertising they want and directing marketers to deliver ads based on that data.
But according to Marc Rotenberg, executive director, Electronic Privacy Information Center, some companies "are not doing a very good job protecting privacy, so it makes sense that the public would be as concerned as they are. I don't think they should keep data for any length of time."
Reed Smith's Mr. Rosenbaum said "I don't think a consumer is necessarily presuming that dumping the data is the only way to protect them. This is not the type of legislation that targets the problem at its root cause. It gets rid of the data but doesn't really address the problem of making sure the data is secure."
The solution is a more encompassing, but less strident law that sets standards for the entire industry, said Microsoft in a statement. Microsoft is calling for a federal law that would preempt all state laws. Google did not return calls for comment, and Yahoo declined comment.
The Direct Marketing Association, which represents a $161 billion industry, accounting for 10% of the GDP in 2005, believes in setting standards, but stopping short of an overarching law. "The idea is if there's a breach, to notify consumers and figure out some way to prevent further breaches," said Jerry Cerasale, senior VP-government affairs, DMA. "The economy runs on these databases," he said.
Bill demands that Internet companies destroy personally identifiable data such as:
* Credit card numbers
* Bank numbers
* Date of birth
* Social Security numbers
* Home addresses