July 31, 2009 – Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?, NY Times

 

 

Search Privacy and the Microsoft-Yahoo! Agreement

As we have followed the rumors of a Microsoft-Yahoo deal over the last few months, the area we were most concerned about was the future of Yahoo’s leading search data retention policy. We have repeatedly praised Yahoo for implementing a data retention policy that seeks to anonymize search queries after 3 months and we have urged others to follow suit. We understand why companies need to retain data to improve their services and for the related advertising that supports these services. Analyzing what results are selected by users in response to certain queries over time is essential to providing increasingly relevant results. But search queries are sensitive and provide an unusually rich record of user activities online. Yahoo proved that it was serious about privacy when it adopted a policy of deleting information as soon as it was not needed. Would Yahoo’s policy survive the deal?

We are pleased to report that it will. In emails from the Microsoft and Yahoo privacy leads this morning and after a more detailed discussion with Yahoo privacy lead Anne Toth, we were pleased to learn that Microsoft will maintain Yahoo’s retention period for the search data from Yahoo that it will now receive. We hope that this search deal leads to a period of aggressive privacy competition between Google and Microsoft and that consumers benefit from efforts to provide relevant services in a privacy smart manner.

(You can see FPF’s Gallery of leading practices for an overview of some of the other more progressive privacy practices we have highlighted.)

What about anti-trust issues? We think that the question of whether and how privacy issues should be considered in conducting an anti-trust is critical. When the FTC approved the Google-DoubleClick merger, it rejected the idea that the merger would have a negative privacy impact, but it clearly said the privacy issues were relevant to be considered in an anti-trust review. Our former advisory board member Professor Peter Swire has done some very interesting thinking and writing in this area. Here are the points he raised last year in anticipation of this deal:

• Will Yahoo’s and Microsoft’s existing databases of personal information be merged?

• How will the pre-merger privacy policies apply after the merger?

• What privacy guarantees arising out of the merger might be incorporated into the post-merger privacy policies?

At initial review, it seems that Yahoo and Microsoft have addressed these points, assuring us that Yahoo search data won’t be available for other Microsoft systems and assuring us that privacy policies will be updated to address this. If we were strategizing this on the corporate side, we might have come up with one or two more privacy advances so as to have something in our pockets to offer later when Congress and the FTC get involved. Perhaps Microsoft adopting the shorter Yahoo policy for retention for its own data as well? The Article 29 group of European data regulators is aggressively pressing all the search providers to anonymize data after 6 months regardless, so this would be responsive to them and it would almost certainly obligate Google to match this policy.

We do not discount the concerns some will have about the consolidation of data in the hands of two companies.  But, to be pragmatic, it often requires real competition to kick-off privacy progress.  Consider the progress Internet Explorer has made in the recent years as Firefox has become a serious competitor.    We expect the same could happen here.

White House Asks Public If It Wants Cookies

White House Asks Public If It Wants Cookies

Media Post

By Wendy Davis

July 24, 2009

The Obama administration is asking the public to weigh in on whether the government should liberalize its 9-year-old policy limiting the use of persistent cookies. In a blog post issued Friday, administration officials asked for opinions about matters including what basic principles should govern cookies, the choice between allowing consumers to opt out and requiring opt-in consent, and whether the use of cookies raises any non-obvious privacy issues….

Earlier this year, groups including the think tank Future of Privacy Forum and digital rights organization Center for Democracy & Technology proposed that the White House should loosen restrictions on cookies.

The government’s use of cookies and other technology that potentially identifies particular computers is seen as raising more significant civil liberties issues than tracking by private companies who engage in ad targeting. But the government’s decision regarding cookies could still affect Web companies’ policies, says Jules Polonetsky, co-chair and director of the Future of Privacy Forum. “The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.

Jules Polonetsky quoted:

“The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.

Click here to view the full article.

Kim Hart Moves on from the Washington Post

Kim Hart of Washington Post wrote her last piece today, before she moves on to a new tech related effort at “The Hill” newspaper.  Kim has done some great reporting on privacy issues and is one of the savviest young journalists covering tech issues around. So nice to see her on the rise.  Good luck Kim!

July 24, 2009 – White House Asks Public If It Wants Cookies, MediaPost News

 

 

White House Cookies Update

So turns out that we don’t yet have a draft cookie policy to react to, but today we have a more formal request for comment that lays out the framework OMB is looking at and guidance on the more specific input OMB is seeking.   See  Open Government Blog.

Here are the details:

Under the framework we’re looking at, any Federal agency using web tracking technologies on a Federal Government website would be subject to basic principles governing the use of such technologies and would be required to:

OMB is considering a three-tiered approach to the use of web tracking technologies on Federal Government websites:
We expect that there would be more stringent restrictions or review of the technologies within the tiers that might have higher privacy risks.
To share your comments on this approach, you can post a comment here, submit comments directly in response to the Federal Register notice mentioned above, or email them to: [email protected] .  Comments submitted by August 10, 2009 in one of these three ways, will be taken into consideration though we strongly encourage you to comment here so that others can respond.  Comments submitted via email will also be republished here.  We’re hoping to hear your thoughts on:

The White House is hosting a call we are joining later today with stakeholders to discuss this further, so we will update if there is anything more to report.

New White House Policy on Cookies On the Way

Look out today for a Federal Register request for comment and a post at the White House Open Government site about ways for revising the current prohibition on persistent cookies.  The goal is to continue to protect the privacy of people who visit Federal Government websites while at the same time making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics. We have commented extensively on this issue at this site and in submissions to the Administration, and CDT and EFF have produced a useful report here as well. (search cookies at this site to find early links and posts). Check back here later for an update.

Borrow this Privacy Policy, Please

Ad-targeting network Lookery includes the following language in its privacy policy:

“Thank you to TACODA, from whose privacy policy this one was derived.”

First time we have seen a company give credit like this!

When is it Acceptable for Pharma Marketers to Use Behavioral Targeting? | Pharma Marketer

Our readers may be very interested in this article about creating profiles of people who search or read about topics ranging from Viagra to asthma.  Take the survey at the end to see the results so far.

*When is it Acceptable for Pharma Marketers to Use Behavioral Targeting? | Pharma Marketer*. (link expired)

 

Zittrain and Cloud Computing

Our friend Jonathan Zittrain’s piece in today’s New York Times entitled “Lost in the Cloud”, raises pertinent and important privacy and competition issues about cloud computing. His main focus is on the concerns for individuals and the ability of companies to innovate if they are subject to the guidelines of the cloud operators. The great irony may be that guidelines for privacy and security enforced by cloud operators may be exactly what is needed to provide individuals with a trusting experience. But, as Zittrain discusses in his book The Future of the Internet and How to Stop It, navigating the decisions that help protect users without stopping innovation is key to the future of the internet. Last week’s action by the Privacy Commissioner of Canada against Facebook for not doing enough to enforce rules over the application developers would use in its platform is an example of how government will be seeking to play a role in these decisions.

We would add to Professor Zittrain’s analysis a discussion of how business-to-business cloud computing has the real potential to enable innovation that would otherwise be impossible because of how it can reduce costs for many businesses, improve service delivery and promote innovation because of the economies of scale. Countless business models and services will exist only if they have the capability to make use of sophisticated programs and infrastructure that can serve millions of users at low cost

The contracts that sophisticated businesses are putting in place with major providers of cloud computing services, like IBM, address many of the concerns about privacy, security and intellectual property rights, as well as the location of services (so as to reduce the risk of foreign government tampering with private information). But as Zittrain has been advocating, and as remarks from Julius Genachowski reported today make clear, the success of the interaction between the innovators at the edge and the providers of the platforms of the future will be be essential to the future of privacy, security and the vitality of the internet.