With an estimated 62 million American adults online, according to IntelliQuest Information Group, the privacy bar has been raised to challenge whether marketers have legitimate reasons to gather personal information from online users.
How to address data collection has become one of the most pressing topics for online marketers, with the U.S. Department of Commerce last week holding hearings on the topic (AA, June 8)
"Marketers care about what you are, not who you are," said Daniel Hamburger, VP of Metromail Corp.'s Internet division, noting that savvy marketers are moving away from personal-data gathering to collecting surveys based on users' general interests.
ANONYMOUS PROFILE DATA
Metromail, a database marketing, direct marketing and reference services company based in Lombard, Ill. (www.metromail.com), is involved in developing privacy guidelines along with the Electronic Frontier Foundation, the Direct Marketing Association and TrustE.
"In our case, we don't need to know who the user is. We just want to know that certain information is associated with a certain anonymous profile and is being used to tailor their online experience," said Dan Jaye, chief technical officer for ad management and targeting company Engage Technologies, Andover, Mass. Engage, which has 12 million names in its database, offers "anonymous personalization" solutions, enabling a Web marketer to reach a targeted audience without having access to identifying information.
For instance, Engage analyzes how a consumer navigates through a site without obtaining an e-mail address and name.
Another solution is to put the power into users' hands. One standard now open to public comment is a new browser technology the World Wide Web Consortium has issued under the auspices of the Platform for Privacy Preferences Project.
"We're trying to create a technology infrastructure that would allow users [to have] control of information," said Mr. Jaye, who is a contributor to the World Wide Web Consortium's privacy project working group.
CONTROLLING THE BROWSER
When a Web site gathers information, a user's browser could tell if the site is compatible with his or her privacy preferences. Currently, users have limited ability to stop a site from collecting information from them.
Vendors have already started implementing prototypes of the technology.
"I would expect to see components of the platform in the next releases of the browsers," Mr. Jaye said. "But a full solution, where any browser could talk to any site and enact privacy options, probably won't be available for at least six months to two years."
In addition, the Internet Engineering Task Force, the group that sets Internet protocol standards, is reviewing a complementary standard called TrustLabels.
Authored by Engage Technologies and Mr. Jaye, the TrustLabels specification is designed to extend Platform for Privacy Preferences Project standards to cookies, the small files that sites store on visitors' computers to send ads and content to them. Currently users have the option to accept or reject cookies without knowing a site's privacy policies. This would allow users to evaluate a site's policy before making a decision.
Engage submitted TrustLabels for inclusion in Netscape 5.0, but there's no word yet as to whether TrustLabels will be part of it.
In the meantime, companies are looking to third-party organizations to certify their sites as compliant with developing privacy standards.
EARNING SEAL OF APPROVAL
To participate in the TrustE commercial program and be authorized to display its Seal of Trust, a Web site must submit a written application and pay an annual licensing fee ranging from $249 to $4,999.
The process includes an initial privacy statement review to determine if the site can be awarded the mark. Every quarter a licensed site is re-evaluated for compliance with changes in practices and technology to ensure the site brings its privacy statements up-to-date.
"We ensure that [licensees] conform to emerging standards and meet TrustE's principles," said Susan Scott, executive director of TrustE. "By participating, a site limits its liability because you don't want to articulate what you're not doing."
On June 22, TrustE announced Microsoft Corp. had joined TrustE as a premier sponsor and licensee. "We have all the Internet consumer gateways as licensees," Ms. Scott said, noting that TrustE's licensed sites will reach 90% of Internet users. "We think it's a very positive first step that the industry leaders have stepped up to industry self-regulation."
Also last week, the Council of Better Business Bureaus and its subsidiary, BBBOnLine, announced its online privacy initiative. The BBBOnLine (www.bbbonline.org) allows Web sites to leverage the well-established Better Business Bureau brand through self-assessment. Participating sites get to display the organization's seal of approval.
A RIVAL AUTHORITY
BBBOnLine wants to make participation fees affordable for small businesses. Still, they could range from a couple hundred to a couple thousand dollars for participation, although exact fees are yet to be determined. The BBBOnLine program is planned for beta testing at the end of September and will open to all companies at the end of the year.
"The industry does want to do the right thing and help consumers feel comfortable on the Internet," said Russ Bodoff, general manager of BBBOnLine.
Since 1995, the Federal Trade Commission has called for self-regulation among Web marketers. That effort, however, has met with mixed results. A commercial Web site addresses the issue of informed consent by disclosing its information gathering and use practices to visitors. The FTC said only one in seven sites now does that.
"The [FTC] report [issued June 4] failed to point out that in the most important parts of the Web, very significant progress has been made in dealing with user privacy concerns," said Mr. Jaye. "More than 70% of the high-volume sites, such as Yahoo! and Lycos, actually do have privacy statements."
FAILING TO ADDRESS ISSUES
On June 22, in response to widespread criticism that Web businesses are not addressing online privacy issues adequately, the Online Privacy Alliance, a group of 50 American companies and associations, published its guidelines for online privacy, self-regulation and safeguarding children's privacy.
Still, legal experts said they believe the industry has failed to adequately address privacy concerns in a timely fashion.
"You can expect that the government will come after companies with a bludgeon rather than a scalpel," said Paul F. Lewis, a partner with law firm Moye, Giles, O'Keefe, Vermeire & Gorrell, which specializes in Internet law. "The FTC has already made a determination that self-regulation isn't working and it is licking its chops [to begin regulation]."
For the Web to continue to develop into a viable e-commerce solution, the industry will have to move quickly, especially if "most businesses we've all come to know and love will continue to exist," said Metromail's Mr. Hamburger. "Call me an optimist. I think [the industry] will."