Microsoft has proposed a tiered approach to protecting the privacy of people targeted
by online advertising, saying advertisers should get permission before using sensitive,
personally identifiable information to deliver ads.

Microsoft filed comments on Friday in response to the U.S. Federal Trade Commission's
request for comments on its proposed
privacy principles that would be self-administered by the online advertising
industry. Microsoft's proposal operates under the idea that the greater the
risk to privacy, the greater the protection data should receive, Microsoft officials
said.

Microsoft agrees with the FTC's decision to focus on an industry self-regulatory
approach, but the company has also called for Congress to pass comprehensive
consumer privacy legislation, noted Frank Torres, Microsoft's director of consumer
affairs.

"We're supporting what the FTC is proposing, but we also believe that
privacy is important for consumers," Torres said. "We're not opposed
to going even further" than the FTC self-regulatory proposal.

Microsoft's proposals would give consumers control over how their personal
data is used, Torres said. "When it comes to online advertising, consumers
should be in the driver's seat," he said.

Among the Microsoft proposals:

-- Companies that keep records of page views or collect other information about
consumers for the purpose of delivering ads should post a privacy policy on
the home page, implement reasonable security procedures, and retain data only
as long as necessary to fulfill a legitimate business need.

-- Companies that deliver ads or services to unrelated third-party sites should
ensure that consumers receive notice of the privacy practices of those sites.

-- Companies that develop profiles of consumer activity to deliver advertising
across unrelated third-party sites should also offer consumers a choice about
the use of that information.

-- Third parties should be required to obtain consent from consumers before
using sensitive, personally identifiable information, such as health conditions,
sexual behavior or religious belief, for behavioral advertising.

Several other companies and groups, including Google, the American Advertising
Federation and the Consumer Federation of America, have filed
comments on the FTC's proposed rules. Google's
filing last week appears to look for a narrower scope to regulations, although
it said it has in the past called for a federal privacy law that would penalize
offenders. Google suggests that the agency narrow its definition of behavioral
advertising and distinguish between personally identifiable information and
information that's not personally identifying.

The Consumer Federation of America's filing on Thursday called for stronger
rules than the set of self-regulatory principles proposed by the FTC.

"Simply put, there is a fundamental mismatch between the technologies
of tracking and targeting and consumers' ability to exercise informed judgment
and control over their personal data," the consumer group said in its filing.
"It is clear that after seven years of industry self regulation, neither
the voluntary organizations nor the individual companies' approaches to privacy
protection are working. Only if consumers are strongly interested, extremely
literate, well-informed and highly skilled can they negotiate the opaque, inconsistent
morass of opt-out procedures."

Charles Cooper, a Web user from Illinois, wrote that the FTC's proposals don't
go far enough. "I think that most people would rather pay to access certain
sites than have to deal with constant ads that remind us that what we do on
the Internet is far from private," he wrote in a filing with the FTC. "The
collection of any personal data should be something initiated by the consumer
so, at the very least, consumers should have an opt-in option rather than the
proposed opt-out."

But Torres said self-regulation, combined with a watchful FTC, should keep
advertising companies focused on good privacy practices. If a company promises
privacy protections and fails to deliver, it could face FTC sanctions, he said.

"We hope that just by being transparent about what we do, that folks will
see we're serious about this," he added. "Even in this evolving marketplace,
we do believe there are perimeters around privacy and principles and practices
that should be put in place."

However, the threat of real enforcement could make consumers more comfortable
with behavioral targeting, according to a researcher involved with a recent
study. Nearly 60 percent of survey respondents said they are not comfortable
when Web sites like Google, Yahoo and Microsoft use information about their
online activity to tailor advertisements to them, said Harris Interactive, which
released results
of the survey on Thursday.

That number improves to about 45 percent when consumers hear that the sites
follow certain privacy and security policies. More people weren't assured by
the policies perhaps because they don't trust that the companies will follow
voluntary guidelines and because there aren't any regulatory or enforcement
mechanisms, said Alan Westin, a professor at Columbia University who helped
design the survey.

IDG News Service

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine