Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?
Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?
New York Times
By Riva Richmond
July 31, 2009
When Internet giants team up, civil-liberties advocates tend to worry that their consolidated power will end up hurting the privacy of average users.
An agreement between Microsoft and Yahoo to work together on Web search is no different. But at least one expert thinks it could re-energize a three-year trend that has delivered to consumers more privacy protections around the search data Internet companies store.
Jules Polonetsky quoted:
Jules Polonetsky, director of the research group Future Privacy Forum and formerly chief privacy officer at AOL and DoubleClick, thinks the tie-up could restart competition among the big search providers for bragging rights to who has the best practices.
He’s optimistic because, he says, Yahoo currently has the most stringent privacy policy, and Microsoft has agreed to adhere to it for search queries that originate from Yahoo. Scrutiny of the deal by government regulators could push Microsoft to match Yahoo, Mr. Polonetsky says, which might pressure Google to make its policy stricter, too.
July 31, 2009 – Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?, NY Times
Search Privacy and the Microsoft-Yahoo! Agreement
As we have followed the rumors of a Microsoft-Yahoo deal over the last few months, the area we were most concerned about was the future of Yahoo’s leading search data retention policy. We have repeatedly praised Yahoo for implementing a data retention policy that seeks to anonymize search queries after 3 months and we have urged others to follow suit. We understand why companies need to retain data to improve their services and for the related advertising that supports these services. Analyzing what results are selected by users in response to certain queries over time is essential to providing increasingly relevant results. But search queries are sensitive and provide an unusually rich record of user activities online. Yahoo proved that it was serious about privacy when it adopted a policy of deleting information as soon as it was not needed. Would Yahoo’s policy survive the deal?
We are pleased to report that it will. In emails from the Microsoft and Yahoo privacy leads this morning and after a more detailed discussion with Yahoo privacy lead Anne Toth, we were pleased to learn that Microsoft will maintain Yahoo’s retention period for the search data from Yahoo that it will now receive. We hope that this search deal leads to a period of aggressive privacy competition between Google and Microsoft and that consumers benefit from efforts to provide relevant services in a privacy smart manner.
(You can see FPF’s Gallery of leading practices for an overview of some of the other more progressive privacy practices we have highlighted.)
What about anti-trust issues? We think that the question of whether and how privacy issues should be considered in conducting an anti-trust is critical. When the FTC approved the Google-DoubleClick merger, it rejected the idea that the merger would have a negative privacy impact, but it clearly said the privacy issues were relevant to be considered in an anti-trust review. Our former advisory board member Professor Peter Swire has done some very interesting thinking and writing in this area. Here are the points he raised last year in anticipation of this deal:
• Will Yahoo’s and Microsoft’s existing databases of personal information be merged?
• How will the pre-merger privacy policies apply after the merger?
• What privacy guarantees arising out of the merger might be incorporated into the post-merger privacy policies?
At initial review, it seems that Yahoo and Microsoft have addressed these points, assuring us that Yahoo search data won’t be available for other Microsoft systems and assuring us that privacy policies will be updated to address this. If we were strategizing this on the corporate side, we might have come up with one or two more privacy advances so as to have something in our pockets to offer later when Congress and the FTC get involved. Perhaps Microsoft adopting the shorter Yahoo policy for retention for its own data as well? The Article 29 group of European data regulators is aggressively pressing all the search providers to anonymize data after 6 months regardless, so this would be responsive to them and it would almost certainly obligate Google to match this policy.
We do not discount the concerns some will have about the consolidation of data in the hands of two companies. But, to be pragmatic, it often requires real competition to kick-off privacy progress. Consider the progress Internet Explorer has made in the recent years as Firefox has become a serious competitor. We expect the same could happen here.
White House Asks Public If It Wants Cookies
White House Asks Public If It Wants Cookies
Media Post
By Wendy Davis
July 24, 2009
The Obama administration is asking the public to weigh in on whether the government should liberalize its 9-year-old policy limiting the use of persistent cookies. In a blog post issued Friday, administration officials asked for opinions about matters including what basic principles should govern cookies, the choice between allowing consumers to opt out and requiring opt-in consent, and whether the use of cookies raises any non-obvious privacy issues….
Earlier this year, groups including the think tank Future of Privacy Forum and digital rights organization Center for Democracy & Technology proposed that the White House should loosen restrictions on cookies.
The government’s use of cookies and other technology that potentially identifies particular computers is seen as raising more significant civil liberties issues than tracking by private companies who engage in ad targeting. But the government’s decision regarding cookies could still affect Web companies’ policies, says Jules Polonetsky, co-chair and director of the Future of Privacy Forum. “The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.
Jules Polonetsky quoted:
“The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.
Kim Hart of Washington Post wrote her last piece today, before she moves on to a new tech related effort at “The Hill” newspaper. Kim has done some great reporting on privacy issues and is one of the savviest young journalists covering tech issues around. So nice to see her on the rise. Good luck Kim!
July 24, 2009 – White House Asks Public If It Wants Cookies, MediaPost News
White House Cookies Update
So turns out that we don’t yet have a draft cookie policy to react to, but today we have a more formal request for comment that lays out the framework OMB is looking at and guidance on the more specific input OMB is seeking. See Open Government Blog.
Here are the details:
Under the framework we’re looking at, any Federal agency using web tracking technologies on a Federal Government website would be subject to basic principles governing the use of such technologies and would be required to:
Adhere to all existing laws and policies (including those designed to protect privacy) governing the collection, use, retention, and safeguarding of any data gathered from users;
Post clear and conspicuous notice on the website of the use of web tracking technologies;
Provide a clear and understandable means for a user to opt-out of being tracked; and
Not discriminate against those users who decide to opt-out, in terms of their access to information.
OMB is considering a three-tiered approach to the use of web tracking technologies on Federal Government websites:
1st – Single-session technologies, which track users over a single session and do not maintain tracking data over multiple sessions or visits;
2nd – Multi-session technologies for use in analytics, which track users over multiple sessions purely to gather data to analyze web traffic statistics; and
3rd – Multi-session technologies for use as persistent identifiers, which track users over multiple visits with the intent of remembering data, settings, or preferences unique to that visitor for purposes beyond what is needed for web analytics.
We expect that there would be more stringent restrictions or review of the technologies within the tiers that might have higher privacy risks.
To share your comments on this approach, you can post a comment here, submit comments directly in response to the Federal Register notice mentioned above, or email them to: [email protected]. Comments submitted by August 10, 2009 in one of these three ways, will be taken into consideration though we strongly encourage you to comment here so that others can respond. Comments submitted via email will also be republished here. We’re hoping to hear your thoughts on:
The basic principles governing the use of such technologies;
The appropriate tiers;
The acceptable use and restrictions of each tier;
The degree of clear and conspicuous notice on each website that web tracking technologies are being used;
The applicability and scope of such a framework on Federal agency use of third-party applications or websites;
The choice between an opt-in versus opt-out approach for users;
Unintended or non-obvious privacy implications; and
Any other general comments with respect to this issue.
The White House is hosting a call we are joining later today with stakeholders to discuss this further, so we will update if there is anything more to report.
New White House Policy on Cookies On the Way
Look out today for a Federal Register request for comment and a post at the White House Open Government site about ways for revising the current prohibition on persistent cookies. The goal is to continue to protect the privacy of people who visit Federal Government websites while at the same time making these websites more user-friendly, providing better customer service, and allowing for enhanced web analytics. We have commented extensively on this issue at this site and in submissions to the Administration, and CDT and EFF have produced a useful report here as well. (search cookies at this site to find early links and posts). Check back here later for an update.
Borrow this Privacy Policy, Please
Ad-targeting network Lookery includes the following language in its privacy policy:
“Thank you to TACODA, from whose privacy policy this one was derived.”
First time we have seen a company give credit like this!
When is it Acceptable for Pharma Marketers to Use Behavioral Targeting? | Pharma Marketer
Our readers may be very interested in this article about creating profiles of people who search or read about topics ranging from Viagra to asthma. Take the survey at the end to see the results so far.
*When is it Acceptable for Pharma Marketers to Use Behavioral Targeting? | Pharma Marketer*. (link expired)