The call for action comes ahead of Federal Trade Commission hearings scheduled for Monday on the practice, in which companies gather data from individuals to target them with Internet advertising.
In a statement, privacy groups warned that mergers--such as the $1 billion deal between online advertising network DoubleClick and offline market researcher Abacus Direct--increase the likelihood of corporate abuse of customer data. The proposed merger will bring together online profiles obtained from an estimated 850 million Internet advertisements per day and 2 billion consumer catalog transaction histories.
A DoubleClick spokesperson said the company does not collect personally identifiable information on consumers. Many members of its advertising network, however, are e-commerce sites that gather sensitive details from consumers.
Kevin Faulkner, the vice president of marketing for online profiling firm RightPoint, agreed that the potential sharing of confidential information between companies without the consent of consumers poses the biggest privacy problem facing the industry.
"The more my insurer and my bank knows about me, the better they can service me," he said. "But I don't want them to share that information with each other."
Under rules approved last month, sites targeting children under age 13, such as Kids.com or Disney's sites for children, will have to post their data-collection practices and in most cases will also have to get "verifiable parental consent" before gathering children's personal information or sharing it with a third party. Sites also will have to give parents access to their children's personal information and allow them to prevent further use of the data. The new rules take effect in April.
Although privacy groups have been lobbying for new legal protections for all computer users, the Clinton administration favors industry self-regulation. The most popular sites on the Net usually have privacy policies explaining what type of information they collect and how they plan to use it, but the recourse for violating voluntary principles usually involves losing an industry privacy seal or, at worst, being turned over to the FTC.
In an FTC privacy report to Congress in July, the four-member commission said that no new laws are needed at this time. "The implementation of fair information practices is not widespread among commercial Web sites," the report stated, but it added that "legislation to address online privacy is not appropriate at this time." Privacy groups, however, argue that self-regulation has proven insufficient protection for individual privacy. "The idea of self-regulation was always implausible and has been allowed to fail in practice far too often in recent years," Jason Catlett, president of consumer advocacy group Junkbusters, said in a statement.