Services & Software

Ad firms set rules for Web tracking bugs

In a relatively late effort to promote consumer privacy, a coalition of Internet-ad companies issues guidelines for Web sites that use tiny electronic tags to gather data on visitors.

In a relatively late effort to promote consumer privacy, a coalition of Internet-advertising companies issued on Tuesday guidelines for Web sites that use tiny electronic tags to track visitors' surfing habits and gather other data.

The Network Advertising Initiative, a group of eight Web advertising technology companies, including DoubleClick and 24/7 Media, set industry standards that require Webmasters to notify visitors when they use the surveillance tags, also known as Web bugs or beacons, and what they are used for. The rules also mandate that sites obtain a consumer's permission before using the technology to collect and share data that could identify that consumer.

Web site operators use Web bugs--fairly undetectable strings of code in the form of 1-by-1-pixel tags--to track site usage, count the number of visitors to a page or monitor visitor behavior. Ad software companies often use the beacons in conjunction with cookies--another, more apparent, monitoring tool--to track the effectiveness of marketing campaigns or collect profiles on Web surfers, which they use to customize future promotions.

For example, search engines often use the tags to keep track of the query terms people type into their navigational tools. They use the data to sell targeted-advertising opportunities, which include the chance to create specialized ads that supposedly promote a better response from surfers.

Privacy advocates have long cautioned that the tags could be used for nefarious purposes, however. For instance, by using the tags in HTML-based e-mail messages, hackers have been able to exploit a security glitch in scripting languages and allow an e-mail's author to read private comments attached to the original message as it gets forwarded to new recipients, a problem called "e-mail wiretapping."

The NAI, in partnership with 25 other participants, including privacy service Truste and data analysis company Websidestory, said it set the standards to improve awareness about the technology and dispel some of the negative ideas about its use.

"With the release of the guidelines, we believe that the industry is making progress in building trust with consumers by creating transparency and accountability in privacy practices," said Fran Maier, executive director of Truste. Maier's company plans to recommend the guidelines' "best practice" in using Web bugs to the 1,500 sites that sport Truste's privacy seal of approval.

Better late than never
Privacy advocates said the rules are welcome, even if long overdue--given that Web sites have been using the bugs for more than five years.

"It's about time," said Richard Smith, a privacy advocate who operates the site and hosts a to search for companies using the tags. Still, he said, despite the delay, disclosure should be better.

"Mostly, use of the tags is disclosed in privacy policies that nobody reads," Smith said. "It would be nice if the bugs were visible; if you clicked on one, (a pop-up window) would tell you why it was being used."

The NAI was formed in the summer of 2000 as a self-regulatory industry association designed to stave off potential government regulation involving the collection and sharing of consumer data. At the time, online advertising leader DoubleClick was caught in crossfire from federal regulators and privacy advocates over its intent to merge anonymous consumer information with identifiable personal data for profiling purposes.

The ad network led the effort to build a self-policing industry group and in July 2000, the Federal Trade Commission approved the industry's proposal. The NAI issued rules governing online profiling practices and created a Web site that lets consumers opt out of the profiling by members. Since that time, many of the discussions of privacy concerns have cooled.

But "there's no time like the present," said NAI spokesman Trevor Hughes. "The reason we created the document is because there's a continued confusion related to the technology. It has very important uses, and we want to help businesses understand the technology."