When most users think of online privacy invasions, they think of companies like ubiquitous Internet advertising firm DoubleClick. After the company completed its purchase of direct-marketing firm Abacus Direct last year, it announced plans to build a database of consumer profiles, including names, addresses, purchase histories, and demographic data, which would help Abacus to perfect its target marketing. Privacy groups were up in arms, noting that the ability to track consumers' movements on line and attach that data to names and addresses represented a violation of privacy.
Doing what DoubleClick proposed required a lot of complex technology - and quite a bit of nerve. DoubleClick's database depended on the 100 million cookies the company placed on the computer of Internet users, who were not informed that they were receiving such cookies unless their browsers were preset to do so. The move was a reversal of DoubleClick's previous policy of not associating personal information with cookies.
In Their Business
As long as they inform customers of their intentions, 'businesses, theoretically, can collect as much information as they want,' says Becky Richards, director of compliance and policy at Truste, a non-profit privacy organization. 'That being said, I don't know that that's always the best business practice. If you ask too many questions, people will go to a different Web site.'
On the Table
Several online consumer privacy bills are making their way through Congress, but so far the federal government has been reluctant to restrict the types of consumer information companies can collect. The Consumer Internet Privacy Enhancement Act, introduced to Congress in January by Chris Cannon (R-Utah) and Anna Eshoo (D-Calif.), would make it illegal for a commercial Web site to collect personal information unless it provides notice that it's collecting the information and an opportunity to allow the consumer to limit the use of that information for marketing purposes. It's similar to the McCain-Kerry bill, introduced last year, and the Online Privacy Protection Act of 2001.
'A lot of the proposals being introduced in Congress are likely to be different from what ends up being written into law,' says Andrew Shen, senior policy analyst at the Electronic Privacy Information Center, a Washington-based public interest research center. 'Most of the bills start from the framework of fair information practices, the basic rubric of how information is collected and used with the goal of making the consumer an active participant in how that information is collected.' Under many of these bills, Web sites would have to provide notice to consumers; some stipulate that sites ask permission to gather information that is used beyond the original purpose.
There are also international concerns. The Internet is, of course, a global medium, but that doesn't mean one set of rules applies to privacy. 'The European Union takes a much stricter approach to privacy than this country,' Rothman says. 'There are regulations about what information you can keep and how long you can keep it, plus protections for that information that don't exist here.'
Privacy experts note that many customers are willing to disclose such information for better customer service. Visitors to Amazon.com, for example, may appreciate the personal recommendations provided when they go to the site. The 1-Click shopping button wouldn't be possible if consumers weren't willing to let Amazon maintain their personal and financial data.
On the one hand, businesses are loath to have any restrictions placed on what types of information they collect. Online tracking allows businesses to provide more personalized services to customers, and it allows them to target their ads to customers who are more likely to be interested in their products or services. But they need to earn consumers' confidence. Many companies choose to use opt-in promotions, in which promotional e-mail is sent only to consumers who have specifically requested to receive such information.
Opt-in companies, such as Opt-In Inc. or Snipermail, maintain lists of people who have agreed to receive solicitations, usually as part of a sweepstakes. Opt-in companies rent e-mail lists to businesses looking to promote their products or services, typically priced at rates per 1,000 e-mails sent.
'Businesses like to outsource e-mail marketing programs because they tend to provide a good return on investment,' Rothman says. He cautions, however, that small businesses need to be careful, since they don't handle the information themselves.
While customers might prefer an opt-in service, businesses will still want to collect information with as robust online profiling tools as are available.
'There's certainly a very clear understanding on the part of sophisticated businesses that they have an obligation to notify their customer base, and in fact it's good public relations to do so,' says Virginia Richard, a partner with Winston & Strawn. 'At the same time, they're very reluctant to give up what is considered to be a huge marketing advantage.'
Collecting customer information can be an invaluable practice. So be up-front about the information you're collecting and the purposes for which you intend to use it.
Non-profit privacy organization whose third-party oversight 'seal' program is designed to alleviate users' concerns about online privacy.
Electronic Privacy Information Center
Public interest research center that focuses on privacy issues.
Company that rents opt-in e-mail lists to businesses.
Opt-in e-mail provider.
In his last piece for SBC, John Frederick Moore took a look at search engine listings.