Prying Eyes

Kiplinger's Personal Finance Magazine, August, 2000 by Ronaleen R. Roha

Look for sites with opt-in policies.

Privacy advocates argue that companies should ask permission before tracking your online travels. Only second best, according to privacy advocates, is a policy that lets you say no to tracking. For example, DoubleClick lets you opt out (go to www.doubleclick.net/privacy_policy/ privacy.htm). But there's a potential Catch-22. Opting out of the DoubleClick system puts an opt-out cookie on your hard drive. If you ever delete all of your cookies and then enter a DoubleClick-network site, you'll start being tracked all over again.

Where privacy is headed

REGULATORS ARE starting to push for enforceable standards. "It is always difficult to have self-policing," says Michigan's attorney general, Jennifer Granholm, whose office is in negotiations with DoubleClick. "It's like the fox guarding the chicken coop."

For example, starting next July, financial institutions are legally required under the new federal Financial Service Modernization Act to disclose their privacy policies when people open accounts (online or off-line), and notify them annually after that in writing or electronically. If you don't want information about you passed on to others the institution deals with, you have to opt out.

This spring, in its third report to Congress on the state of online privacy and industry self-regulation, the FTC acknowledged that online privacy has gotten better since its survey a year ago. But the agency concluded that Internet businesses are not buying into self-regulation fast enough.

In the survey, which included 91 of the Net's 100 busiest sites, just 42% of the busiest sites use all of the fair information practices that the FTC advocates. Of the remaining 335 sites surveyed, only 20% take the FTC's advice. So the FTC is asking for legislation that would work with self-regulatory programs, including such privacy-seal programs as TRUSTe and BBBOnline, to establish a basic level of privacy protection for commercial Web sites aimed at consumers.

* Notice. Sites would have to post clear and conspicuous descriptions of what information they collect, how they collect it (such as on forms or through cookies), how they use it, with whom they share it and whether other companies are collecting information through the site.

* Choice. You would have a choice about how your personal information is used. For example, you could choose not to receive offers from certain sites and instruct them not to disclose your information to third parties.

* Access. You would have access to information about yourself to review, correct and delete.

* Security. Sites would have to be responsible for protecting information they gather about you.

Congress isn't likely to pass an online-privacy law this year, but Catlett predicts that a bill with provisions similar to the FTC's proposals will pass by summer 2001.

In an attempt to forestall federal or state action, members of the online industry created several consortiums, including the Network Advertising Initiative (NAI), of which DoubleClick is a member, to develop guidelines for collecting and using personal information. The FTC and the NAI are working together to develop voluntary guidelines for tracking and profiling consumers. But if the current conflagration lasts, they may be too late. In addition to the FTC's push for federal legislation, at least 17 states have pending proposals that address the safeguarding of financial information alone. Stay tuned. --Reporter: SEAN. O'NEILL