18 Dic CDT calls for Do Not Track list as advertisers self-regulate
Ars Technica, By Nate Anderson, December 17, 2008
Online advertisers have overhauled their voluntary code of conduct for the first time since 2000, but critics say that it’s only a small step down a long road. What’s still needed, they say, is baseline federal laws on data privacy, possibly including a national Do Not Track list. The Network Advertising Initiative (NAI) counts Google, Yahoo, and various ad-serving “networks” among its members. Earlier this year, after the Federal Trade Commission had spent a good deal of time working out ideas for self-regulation of behavioral online advertising, NAI decided to overhaul its eight-year old rules. What it came up with this week was a new “self-regulatory code of conduct” that all members must follow. The actual list of responsibilities is fairly short, but it includes important components such as online notification of privacy policies, data collection opt-out requirements, and a requirement that all third parties and contractors also follow the principles. The overhaul also gets credit for being done in public by opening a draft version to comments from privacy watchdogs; the final report includes detailed responses to the comments made. It’s not enough to satisfy groups like the Center for Democracy & Technology (PDF), however, which calls the rules “clear progress” over the 2000 version. But “robust self-regulation in the behavioral advertising space does not obviate the need for a baseline federal privacy law covering data collection and usage of all kinds,” wrote CDT. In large part, that’s because NAI continues to demand only “opt-out” provisions from its members, which the CDT calls a “discredited practice,” especially when these are cookie based. “Since the industry cannot agree on a better opt-out mechanism,” says CDT, “we believe that it is incumbent on the government to help them do so, such as by instituting a Do Not Track list.” Such a list has been a longstanding goal of groups like CDT and the Electronic Frontier Foundation. CDT also worries that the revised principles don’t address “behavioral advertising that makes use of Internet traffic content from ISPs,” though this business model appears dead (for now) in the US.