Privacy

Revising COPPA: A Discussion of the FTC’s Proposals

October 25, 2012 - 12:00pm - 1:30pm
The Information Technology and Innovation Foundation
1101 K Street NW
Suite 610A
Washington
District of Columbia
20005

The FTC has proposed a number of revisions to the Children’s Online Privacy Protection Act (COPPA). In comments recently filed with the FTC, a wide range of voices criticized these proposed changes as undermining the ability of operators to provide websites and services to children and raising First Amendment concerns. Read more »

Revising COPPA: A Discussion of the FTC’s Proposals

October 25, 2012
A discussion with leading experts on the current state of COPPA.

The FTC has proposed a number of revisions to the Children’s Online Privacy Protection Act (COPPA). In comments recently filed with the FTC, a wide range of voices criticized these proposed changes as undermining the ability of operators to provide websites and services to children and raising First Amendment concerns. Join us for a discussion with leading experts on the current state of COPPA as we debate fundamental questions about whether COPPA is even effective, and how it should be reformed.

See video

The Myth of Anonymity

October 23, 2012
| Blogs & Op-eds

It is simply not true that individuals have an expectation of anonymity in public spaces. Rather than attempting to create rules based on false assumptions about anonymity, the FTC would be more effective if it promoted a robust harms-based approach to the use of biometric information that works to identify and close any potential gaps in current law. This would help ensure that individuals are fully protected against potential abuses, while not creating roadblocks to innovation for new technology.

New Survey Shows Some Privacy Scholars Lack Objectivity

October 14, 2012
| Blogs & Op-eds

A close look at the questions in a recent survey of consumer attitudes towards online privacy shows that the strongly-held privacy values of the researchers are likely biasing the results.

ITIF Rejects Your "Do Not Track" Privacy Request

WASHINGTON (September 28, 2012) - Today the Information Technology and Innovation Foundation (ITIF) implemented a new website feature that detects whether visitors have "Do Not Track" enabled in their browser. Users who request that www.itif.org not track their online behavior will receive an alert telling them that their request has been denied-a completely new experience for most users.
  Read more »

Why ITIF Rejects Your “Do Not Track” Request

September 27, 2012

Today ITIF implemented a new feature on our website that detects whether visitors to our website have “Do Not Track” enabled in their browser. Users who request that ITIF not track their online behavior will receive a notice (shown below) telling them that their request has been denied. 

ITIF's Do Not Track warning

Do Not Track is a preference that users can set in some web browsers to inform websites that they do not want to be tracked. Currently, IE8, IE9, and Firefox support various versions of Do Not Track. Do Not Track has been heavily promoted by various groups, including the Federal Trade Commission (FTC) and the White House.  However, as I stated in my Congressional testimony, Do Not Track is a detrimental policy that undermines the economic foundation of the Internet. Moreover, while Do Not Track might work in the short-term, it will be a failure in the long-term.

Let me explain why.

Advertising revenue supports most of the free content, services, and apps available on the Internet. In exchange for viewing online ads, users get access to a wide range of free content (e.g., news, music, movies, and games), free services (e.g., email, storage, and personal productivity tools), and increasingly free mobile apps. Online advertising has improved in recent years thank to behavioral advertising which uses information about Internet users to deliver to them more relevant ads based on their browsing history. For example, someone who spends a lot of time on bridal websites might start to see more ads for local bakeries, photographers, jewelry stores, and dress shops. For the most part, this is done without revealing the identity of users to the advertisers. Not surprisingly advertisers are willing to pay more to advertise to individuals who are more likely to be interested in their products. In general, everyone wins: ad-supported websites increase their revenue, users receive fewer irrelevant ads and more free content, and advertisers get to be front of their target audiences.

However, privacy advocates do not like this so they have been pushing for the creation and implementation of a Do Not Track standard. The problem is that if users are not tracked, then websites cannot deliver targeted advertising. Instead, websites would only be able to use non-targeted advertising which does not generate as much revenue. Less revenue means less free content and services for Internet users. But privacy advocates are pushing forward, regardless of the consequences.

Realistically, these advocates face many challenges. To be effective, privacy advocates must get Do Not Track adopted as a universal standard on the Internet, implemented by millions of websites, and enforced by the FTC (or another regulatory body). However, even if they succeed at that, Do Not Track is simply not sustainable long term.

Let’s consider how this might play out over the next few years.

First, users must decide whether to enable Do Not Track in their browsers. If this happens on a small scale, nothing really changes. If only a small minority of users enable Do Not Track (and consequently opt out of targeted advertising), then websites may experience a minimal decrease in revenue, but the overall impact will be fairly minor and dispersed.

The real problem occurs if this happens on a large scale. If this occurs on a large scale, i.e. if large numbers of users enable Do Not Track, then website operators will see a substantial decrease in revenue (and potential revenue growth). A substantial decrease in revenue means a corresponding substantial decrease in free (or low-cost) content, apps and services. Or websites could try make up lost revenue by filling their websites with more untargeted ads.

So which is more likely? I think that if Do Not Track were widely available today most users would enable Do Not Track, especially if it was turned on by default in their browsers. The average user will likely believe that the benefit from protecting their privacy (or at least the perception that they are doing so) outweighs any cost to them in terms of less relevant advertising. This is especially likely given the typical fear-mongering that privacy advocates tend to engage in (and that the media tends to subsequently report). This is a classic case of economic externalities:  individuals may receive a small benefit from enabling Do Not Track, but in doing that, they impose costs on the rest of Internet users.

So what will happen if website operators who rely on ad revenue face a substantive number of users accessing their sites with Do Not Track enabled? The assumption of privacy advocates seems to be that websites will not do anything in response.

However, one possible response is for websites to block users who enable Do Not Track in their browsers. Just as some websites have enacted paywalls to block non-paying users from their content, similarly websites can block users who refuse to allow targeted ads. There are already many plugins for WordPress, a common blog platform, that allow website owners to easily block users who run ad-blocking software (see here, here, and here). Website owners will likely have similar tools if Do Not Track becomes widespread.

But if websites block users who have enabled Do Not Track, this drastically changes the cost-benefit calculation for most users. Is enabling Do Not Track worth not being able to access free content on the Internet for most users? Probably not. So users who wanted to access sites for free would have to disable Do Not Track. And that would bring us back full circle to where we are today.

Really, the only way that Do Not Track would be viable is if policymakers passed legislation that would require websites to allow users who opt out of tracking to access to their sites. Would that ever happen? It’s certainly within the realm of possibility. After all, COPPA includes a similar provision for children’s privacy. But I’m still optimistic that such insanity would not prevail.

Right now the likely situation is that companies will spend millions of dollars developing Do Not Track standards, incorporating these standards into web browsers, educating users about their options, and implementing these features on their websites so that we basically end up exactly where we are today…less all the time and effort that went into this.

Is it possible to stop the madness? Perhaps. If websites preemptively block users who enable Do Not Track, we might avoid getting sucked into this black hole. It is my hope that with this alert ITIF will be able to remind people how easy it would be for sites to block users who enable Do Not Track, and by outlining how this will likely play out, policy makers will realize this is a useless endeavor. Instead of chasing a proposal that is doomed from the start, they should focus on meaningful efforts to protect user privacy that do not undermine the economic system that has supported decades of innovation on the Internet.

ITIF Files Comments with FTC on Child Privacy: “The Kids Are Not All Right”

WASHINGTON (September 24, 2012) – In response to the Federal Trade Commission’s (FTC) request for comment on proposed changes to the Children's Online Privacy Protection Rule (“COPPA Rule”), the Information Technology and Innovation Foundation (ITIF) filed comments calling on the FTC to rethink its failed strategy on protecting the privacy and safety of children online. Read more »