The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week�? posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

Privacy Law and Online Advertising: Legal Analysis of Data Gathering By Online Advertising Such As Double Click and NebuAd
Report number: RL34693
Date: January 16, 2009

Behavioral advertising remains popular with online advertisers, and this CRS Report explains how current privacy law governs the practice. The two laws relevant to behavioral advertising are the Electronic Communications Privacy Act (ECPA) and the Communications Act; however, both predate the rise of behavioral advertising. Currently behavioral advertising practices are under no federal regulations; the FTC has put out guidelines and the Network Advertising Initiative, an industry group, have released a set of self-regulatory principles.

Onlince behaviorial advertising occurs when Internet users have their online activity tracked and used to create a profile of their interests. These profiles are then used to serve up ads targeted to a particular user’s interests.

Behavior advertising can be generally divided into two categories: when the advertising partnership is between the advertiser and a website or when it’s with an ISP. The difference is who tracks the Internet user’s behavior and tells the advertiser–the website the user visits or the ISP. This report explains to what extent ECPA applies to each scenario. The nature of the partnership is critical–it determines what kind of consent needs to be obtained from the Internet user. In the website partnership case, the data collection is acceptable since the website is a party in the communication with the user. When it comes to an ISP partnership however, this report argues that affirmative opt-in consent is necessary. The Communications Act, Section 631 applies to cable operators who also act as ISPs and forbids them from disclosing personally identifiable information without consent. But since Section 631 is judicially enforced, many of the questions about the details of cable operator/ISPs and behavior advertising have yet to be addressed.

This entry was posted on Friday, July 31st, 2009 at 3:43 pm and is filed under CDT, Consumer Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.