Watch CBSN Live

Google, Yahoo Bow to Congressional Online Privacy Pressure

House letter about online privacyCongress has been turning a critical eye on consumer privacy concerns in online advertising. Last week, the House Committee on Energy and Commerce started to put pressure on leading companies in the industry, and this week Google and Yahoo both responded by strengthening opt-out provisions for consumers who don't want their activities track to better serve advertising. The question is if this will be too little, too late, and whether Congress might move toward privacy regulation.

On August 1, the House Energy and Commerce Committee, which oversees Internet issues, sent a letter to 33 companies in the online ad industry about whether they track consumer web surfing to better target advertising. The companies have until today to answer 11 sets of questions, including:

  • Has your company at any time tailored, or facilitated the tailoring of, Internet advertising based on consumers' Internet search, surfing, or other use?
  • Has your company conducted a legal analysis of the applicability of consumer privacy laws to such practice? If so, please explain what that analysis concluded.
  • How did your company notify consumers of such practice? Please include a copy of this notification.
  • Please explain whether your company asked consumer to "opt in" to the use of such practice or allowed consumers who objected to opt out." If your company allowed consumers who objected to opt out, how did it notify consumers of their opportunity to opt out? If your company did not specifically or directly notify affected customers of the opportunity to opt out, please explain why this was not done.
The letter went out to such companies as Google, Yahoo, Microsoft, Verizon, and Comcast. A brief glance at the questions suggests that this is not a casual exercise.

The irony here, at least to anyone who has been involved in direct marketing, is that the amount of information collected from off-line activities probably makes the online world pale in comparison. Earlier this year, while covering online privacy issues in marketing, I spoke with Chris Hoofnagle, a senior staff attorney at the Samuelson Clinic of UC Berkeley's law school:

I've tried for years to start a conversation about the privacy problems in the offline targeting world, but those largely have failed to get traction. I think it's a number of factors. One is in the offline world, adding a computer to the consumer's experience heightens privacy concern â€" the realization that some of this tracking is going on. All someone has to do is look at one's cookie list. In the offline context, that's mostly opaque.
Although the amount and range of personal information currently sitting in databases is far larger and more telling than what the online advertisers have, the computer is far more "in your face."

Unfortunately, that couples paradoxically with most consumers having false perceptions of how things work on Web sites. Multiple studies have suggested that a majority (between 50 and 60 percent) of people think that the presence alone of a site privacy policy means that the site owners cannot sell anyone's personal information, even though the details of the policy might run to the contrary.

Of course, even if consumers did read the policies, they would have a hard time knowing exactly what is going on. "They're considered legal documents, so you have to cover every possible contingency, and they're written by lawyers for lawyers," says Alan Chapell, president of Chapell & Associates, a privacy consultancy to interactive technology companies.

Given the increasing pressure, what is surprising is not that Yahoo and Google took the steps they did, but that more of the 33 companies receiving the letters did not. This will only add fuel to an already hot Congressional boiler. According to Douglas Wood, a Reed Smith partner with extensive experience in law governing advertising, Congress is reaching the end of its patience with a self-regulatory approach to privacy issue, which means that the letter may be another step on the way to federal regulation of online advertising. Could that mean a future of opt-in only?

Europe already has data directives "that are violated every single day," Wood says.

Sooner or later, with the typical cavalier of marketers, they keep increasing their risks when there's no resistance until there's an explosion and someone gets burned. There will be a major case in Europe sooner or later, and someone is going to be the poster child.
And it may already be too late for the major players to keep more scrutiny, and more regulation, from happening.