The popular and successful "Do Not Call" list is back on the Washington agenda, this time as a proposed solution to online privacy concerns. A so-called "Do Not Track" approach for online information, first touted by privacy and consumer groups several years ago, appears to be gaining traction with regulators and legislators. But political and practical challenges will make it difficult to translate the centralized, government-mandated opt-out approach from telemarketing to online advertising.
"Do Not Call" Concept
The Federal Trade Commission (FTC) launched the "Do Not Call" program in October 2003 to combat unpopular telemarketing calls. Consumers can add their phone numbers to a national registry, and telemarketers (with a few exceptions) have an affirmative obligation to avoid calling numbers on the list. As of July 2010, the registry included more than 200 million numbers. Moreover, the FTC has been aggressively enforcing the regulations, bringing more than 60 complaints and obtaining penalties reaching $5.3 million.
"Do Not Track" would apply the principles behind "Do Not Call" to online advertising. Currently, advertisers use online tracking tools (such as cookies, Flash cookies and clear GIFs) to determine with a high degree of certainty a user's age, gender, income, home value and other demographic information. Online advertisers then use this information to deliver relevant advertising. For example, a sports fan with no children and no pets is more likely to see an advertisement for a ticket broker than for pet products or baby food. This ability to reach narrow consumer demographics makes online advertising more valuable for both advertisers and online content providers.
"Do Not Track" would target the information collection practices that make such targeting possible by either creating a central registry (à la "Do Not Call") or, more likely, requiring modifications to Web browsers so they can transmit information to websites telling them that the user does not want to be tracked. FTC Chairman Jon Leibowitz told Congress in July that the FTC is considering whether to propose a "Do Not Track" policy that was recommended by the preliminary FTC staff report released on December 1. "Do Not Track" also was the subject of a December 2 Internet privacy hearing before the House Subcommittee on Commerce, Trade and Consumer Protection.
Despite its current momentum, "Do Not Track" may not have the same political appeal as "Do Not Call." For one thing, online advertising is less intrusive than telemarketing. Unlike phone calls designed to come right in the middle of dinner, online advertisements are a small part of most websites that users voluntarily visit, and (in stark contrast to telemarketing calls) many people are unaware that tracking is occurring at all. Moreover, many consumers actually prefer receiving advertisements relevant to their interests.
Furthermore, the ability to compile user information offers many benefits with limited actual harm. Targeted advertising constitutes a critical revenue stream for many websites; limiting its value could lead to less online content or greater consumer costs. Despite the "creepiness" factor that comes from knowing that advertisers are tracking your movements online, privacy advocates have difficulty demonstrating any actual harm. Online tracking has not been linked to identity theft, and the information involved is typically demographic, not personal.
The FTC has considered extending the "Do Not Call" concept before as a way to target e-mail spam. A "Do Not Spam" registry never came to fruition, however, due to concerns about lists of registrants getting into the wrong hands.
Republicans poised to take over the House of Representatives in the 112th Congress continue to indicate that they will make addressing online privacy a priority. Recent statements indicate that this initiative is likely to take the form of rhetoric and hearings designed to function as a soft deterrent rather than actual legislation. While this approach may induce the industry to voluntarily adjust some of its practices, it seems unlikely to lead to a legislative mandate for a "Do Not Track" system anytime soon.