Microsoft among targets in online privacy complaint
Advocacy groups claim ad operations of companies such as Microsoft track users in "unfair and deceptive" ways.
The Washington-based U.S. Public Interest Research Group and the Center for Digital Democracy have asked the Federal Trade Commission to review--and ideally restrict--what they describe as a growing online business model dependent on technologies that "aggressively track us wherever we go, creating data profiles to be used in ever-more sophisticated and personalized 'one-to-one' targeting schemes."
"Consumers entering this new online world are neither informed of nor prepared for these technologies and techniques--including data gathering and mining, audience targeting and tracking--that render users all but defenseless before the sophisticated assault of new-media marketing," the groups charged in a 50-page complaint (click for PDF) filed with the FTC.
Even if ad networks don't rely on what would traditionally be considered "personally identifiable information," such as a person's name, companies effectively know enough about users to track every move they make, erasing the possibility of truly anonymous browsing, the groups argued.
Microsoft's new advertising ventures are of particular concern and should be the first to undergo scrutiny, the complaint said. One property, called Microsoft Digital Advertising Solutions, is billed as a one-stop shop for buying ads to target Windows Live, Xbox Live, Office Online, Live Search and MSN users through computers, smart phones, handheld computers and Xbox game consoles. Another, called AdCenter, positions ads among search results in a manner similar to Google's AdSense operations.
So why not target Google or Yahoo's activities as well? Microsoft's tactics have been particularly "egregious," said Jeff Chester, the Center for Digital Democracy's executive director. "It was telling advertisers and marketers: We will provide you with more personal information, we will provide you with more precision pinpoint information than either Google or Yahoo," he claimed.
Microsoft's policy
Microsoft dismissed the allegations, saying it is committed to protecting consumers' privacy and spells out policies for all of its services in a "unified privacy statement" available through its Web site.
"Providing consumers with this type of transparency and control is extremely important to Microsoft and will continue to be a central focus of how we design and deliver online services for customers," Mike Hintze, a senior attorney in the company's privacy unit, said in a statement, adding: "We would be happy to brief the Center for Digital Democracy and others about how AdCenter works."
The advocacy groups would ultimately like to see Congress pass sweeping new laws requiring companies to get an explicit "yes" from anyone whose data they plan to collect and give notice of what exactly they plan to do with it. (Chester was among the chief lobbying forces behind the Children's Online Privacy Protection Act, a 1998 law that requires parents to give permission before allowing Web sites to collect information about children younger than 13.)
But for now, the groups would be content to see federal regulators slap an "unfair and deceptive" label on companies that engage in sophisticated collection and analysis of user data without, they claim, allowing users to opt in or out.
Chester admitted to doubts that the latest complaint will take down a global advertising industry whose "new metric is engagement and personalization." With the FTC scheduled to hold three days of public hearings in Washington next week on Internet consumer protection issues, he said he hoped the complaint would at least deliver a needed "reality check" on an issue he said has not gotten enough attention.
FTC spokeswoman Claudia Bourne Farrell said the agency planned to review the complaint carefully, adding, "Privacy is a priority at the FTC."
It's not the first time Microsoft has been entangled in a privacy complaint before the federal agency. In 2001, the Electronic Privacy Information Center led a high-profile charge against the company's Windows XP operating system and Passport online authentication system, accusing the tools of collecting information about and tracking users "unfairly and deceptively." Microsoft reached a settlement with the FTC the next year and agreed to make changes to its privacy policy statements to more accurately reflect what information Passport collected and how it was used.
Advocacy groups, for their part, have also profited in the past from privacy-related settlements with large Internet companies.
In 1999, an Internet security consultant filed a complaint with the FTC alleging that Amazon.com's Alexa Internet subsidiary was sending confidential information about Alexa users to Amazon without their consent, after which at least five different class-action lawsuits lodged similar charges. Organizations like the Electronic Frontier Foundation and the Center for Democracy and Technology went on to receive grants ranging from $50,000 to $250,000 as part of the suits' settlement in April 2001.