Dear John Letter

John Squire

Chief Strategy Officer

Coremetrics

Dear John:

Whassup? I read on the privacychoice blog that you take privacy seriously.  That is good to hear.  There is another Jon who like you takes privacy seriously.  He is at the FTC.   I think he might say that if you are helping your clients sell clickstream profile data about what their users do online, you want to require that they let users know about it.   That Jon might consider it deceptive if you were to claim you take privacy seriously, but then continue to help a client sell user data after you were told that they weren’t letting users know about it.   That Jon has many enforcement cases keeping him busy and probably doesn’t have time to read blogs, but he has staff who help him out.  So, please, on behalf of those of us who do believe that companies who do care about privacy can get this right, get on your clients before Jon does.

Readers can follow the exchange between Coremetrics and Jim Brock of Privacychoice.org here.  Be sure to read the exchange in the comments.

From Webtrends: Thoughts on Web 2.0 Cookie Transparency and Control

One analytics company, Webtrends,  speaks up about how the federal government can use cookies.  In a blog post and in a comment at the White House Open Government, site they make some sensible points about transparency and the use of first party domains.  The ideas echo some of the proposals we and CDT have previously made and underscore the opportunity to update the current OMB cookie policy in a progressive manner.

Op-Ed in Roll Call: Behavioral Advertisers Need to Change Their Behavior

Jules had an op-ed published in Roll Call today, let us know your thoughts.

Behavioral Advertisers Need to Change Their Behavior – Roll Call.

Behavioral Advertisers Need to Change Their Behavior

Behavioral Advertisers Need to Change Their Behavior

Roll Call

By Jules Polonetsky

June 22, 2009

On Thursday, two House Energy and Commerce subcommittees held a joint hearing to discuss something called “behavioral advertising,” the tracking of users’ Web site visits and searches in order to deliver tailored online advertisements. Almost a decade ago to the day, I testified before the Senate Commerce Committee on the very same topic as the chief privacy officer of DoubleClick. At the time, I said:

“Consumers have the right to know what kind of data net advertisers are using, and they have the right to have control over that use. There are significant steps that industry can and should take to give consumers more confidence in and more control over their Web experience. Primary among them are notice and choice. Consumers need and deserve real choice. They need to know the type of data that is being collected about them and they need to have the ability to opt out, to choose not to participate if they want to.”

Today, I would admit to being less confident that old-fashioned notice and choice is still the right model. After years of working more directly with consumers at AOL, I am convinced that companies need to be more honest and open with users about how they collect and use their data.

Click here to view the full article.

FTC Considering New Privacy Paradigms

A few articles covering remarks by new FTC Bureau of Consumer Protection Director Dave Vladeck have described some of the latest thinking at the Commission.  Here is a synopsis from the law firm of Perkins Coie.

–Over the past ten years the agency has followed two approaches. Neither has worked well. The first was notice and consent. But consumers don’t know what they are consenting so, especially regarding secondary uses of their data. The second was a “harm” approach like GLB. Certain data collection practices pose privacy risks so great that we protect consumers by banning or imposing defined obligations on the practices, regardless of what the collecting firm has disclosed to consumers or asked them to consent to. But the “harm” model doesn’t address “non-quantifiable” harms (he didn’t define those harms). So we need a new approach.—

This could indicate a major turning point and is – IMHO – big news.

Could Bozeman Montana city officials be prosecuted for Facebook snooping?

Bozeman city officials are requiring certain applicants to hand over social media passwords for background checks.

From the Lori Drew case, we know that violating a social network site’s Terms of Service could be charged as a crime. Here is the relevant language in the Facebook Terms of Service.

“You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.”

So are the applicants violating the law? Or perhaps the Bozeman officials are for inducing this violation?

Should Facebook spell out in its that systematic access to users profile for the purpose of an employment background check is not a permitted use of the service?

The folks at the Electronic Frontier Foundation tell Ars Technica it may be illegal for many other reasons as well.

“I think its indefensibly invasive and likely illegal as a violation of the First Amendment rights of job applicants,” said Kevin Bankston, an EFF attorney. “Essentially they’re conditioning your application for employment on your waiving your First Amendment rights…and risking the security of your information by requiring you to share your password with them…Where does it stop? How about a photocopy of your diary?”

Privacy Update From France – June 24, 2009

Please join us for a

Privacy Update from France

Featuring

Florence Raynal

Head of International & European Affairs,

Albine Vincent

Legal Expert, Inspection Department,

Commission Nationale de L’informatique et des Libertés

Cocktails, Brie, and Brief Remarks

Wednesday, June 24, 2009

5:30pm

Future of Privacy Forum’s New Offices

919 18th Street NW

Suite 925

Washington, DC 20006

Please RSVP to [email protected]

The Future of Privacy Forum (FPF) is a Washington, DC based think tank that promotes transparency in data practices that are practical for businesses and ensure personal autonomy for consumers. The forum is led by Internet privacy experts Jules Polonetsky and Christopher Wolf and includes advisory board comprised of leading figures from industry, academia, law and advocacy groups. FPF was launched in November 2008, and is supported by AOL, AT&T, Deloitte, eBay, Facebook, Intel, Microsoft, The Nielsen Company, Verizon and Yahoo.

FTC Cites FPF Work in Letter to Congress Regarding Behavioral Ads

Today, the Commission sent the Energy and Commerce Subcommittees holding a joint hearing examining behavioral ads a letter, noting that the FTC is closely monitoring industry efforts to step up privacy efforts.  Within the letter, they also reference the FPF research project underway.  After members gave opening statements, the hearing was interrupted by a series of floor votes, leaving witnesses from Google, Yahoo, Facebook and the NAI waiting to see if they would get a chance to speak.  A little after 6:00 PM, the hearing finally resumed…

FTC Letter to Congress regarding Behavioral Ads

The Commission today sent the Energy and Commerce Subcommittees holding a joint hearing looking in to behavioral ads a letter ,  noting that it is closely monitoring industry efforts to step up privacy efforts.  They also reference the FPF research project underway.  After members gave opening statements, the hearing  was interrupted by a series of floor votes, leaving witnesses from Google, Yahoo, Facebook and the NAI waiting to see if they would get a chance to speak.  Stay tuned.

FPF Launches Leading Practices Gallery

Today, two House Energy and Commerce Subcommittees are holding a joint hearing to discuss behavioral advertising. Clearly, Congressional leaders continue to have concerns about the technologies used to track users Web activity and are dissatisfied with current practices. The FTC has repeatedly expressed its dissatisfaction with the status quo. And significant numbers of consumers themselves make their discomfort clear by deleting cookies. In response, privacy legislation could be on the way.

How are companies responding? Some argue that stricter standards will disrupt the economic model of internet advertising supporting free content. Some claim that self-regulation is working. Some support national privacy legislation. And others are beginning to explore opportunities to improve current practices. We think that regardless of whether legislation or better self-regulation is the right answer, companies need to be focused on maintaining the trust and confidence of their users if they hope to be able to succeed in the long run.

In order to encourage companies advance trust by finding innovative ways to engage and communicate with users about data use, FPF has decided to create a “Leading Practices Gallery”. Our goal is to highlight the companies that are going a bit farther to provide transparency and control to their customers with the hope that other industry players will follow in their footsteps. We recognize that not all the practices highlighted will be the best solution for every business. We appreciate that some of these examples are only baby steps in the right direction. But, all too often, privacy progress by businesses is stalled by critics who deride any minor progress because it isn’t the perfect solution or because the advances are perceived to be an ingenuous attempt to deter the holy grail of legislation. We take a different view. We think that by recognizing some of the positive methods that some businesses are taking, we can inspire other companies looking to increase transparency and control and support those who are trying to get it right. Soon, we will be consumer testing some of these efforts and will be trying to design some of our own.

So take a look at the Leading Practices Gallery to see which companies and practices are working to improve consumer trust.