Earlier today CDT joined eight other privacy and consumer groups in urging the Federal Trade Commission (FTC) to take proactive steps to protect consumer privacy in light of the growth of “behavioral targeting” — the practice of collecting and compiling a record of individual consumers’ activities, interests, preferences, and/or communications over time for the purposes of serving advertising based on the information collected. Marketers and advertising networks generally accomplish this sort of tracking by placing a persistent, unique identifier (such as a cookie ID) on a consumer’s computer that can help identify that consumer as he or she visits sites across the Web and over time. As part of the groups’ proposal, we asked the FTC to implement a “Do Not Track List” intended to protect consumers from having their online activities unknowingly tracked, stored, and used by marketers and advertising networks. The idea for the Do Not Track List is reminiscent of the extremely popular Do Not Call list maintained by the FTC. That program allows consumers to submit their phone numbers to the FTC to avoid being called by telemarketers. The FTC maintains these phone numbers in a list, and telemarketers can pay the FTC to get a copy of the list so they know which consumers not to call. Although the Do Not Track List starts from a similar premise – that the FTC can help to facilitate a mechanism for users to opt out of being subject to a particular industry practice – there are important distinctions between the two:

• The Do Not Track List would not require the FTC to collect any information from consumers. Rather, the Do Not Track List would be a list of servers that marketers and advertising networks use to track the behaviors of consumers online. Marketers and advertising networks would provide these server names to the FTC. Consumers could then download this list of server names from the FTC onto their computers and use their Web browsers to block the servers on the list from tracking their activities (as shown below): Thus, consumers would provide no more information to the FTC than they do when they visit the FTC Web site currently, and this information (such as consumers’ IP addresses) would be subject to the FTC’s strict privacy policy. Consumers could then download this list of server names from the FTC onto their computers and use their Web browsers to block the servers on the list from tracking their activities
• The Do Not Track List does not automatically prevent advertisements from being served to consumers who have signed up for the list. Unlike the Do Not Call list – which prevents consumers on the list from receiving most forms of telemarketing calls – the Do Not Track List would not impede the display of advertising to consumers using the list. The Do Not Track List would allow consumers to opt out of being tracked for advertising purposes, but the ads themselves could still be displayed. As shown above, as long as marketers separate their ad servers from the servers used to set persistent unique identifiers for behavioral tracking, consumers using the Do Not Track List would continue to receive advertisements.

The Do Not Track List is just one of several ideas put forth in today’s filing. With the FTC’s behavioral advertising workshop kicking off tomorrow, we look forward to discussing how these ideas can help to better protect consumer privacy amidst the rapidly evolving online advertising marketplace.

This entry was posted on Wednesday, October 31st, 2007 at 3:31 pm and is filed under CDT, Consumer Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.