"Cookies" targeted as Congress, advocates address Net privacy

Propelled by a spate of high-profile privacy flaps, consumer advocates are hopeful that this year their cries for online protections will finally capture Congress' attention.

4 min read
Propelled by a spate of high-profile privacy flaps, consumer advocates are hopeful that this year their cries for online protections will finally capture Congress' attention.

"We cross our fingers every year, but it's looking like this will be the year we get some privacy laws," said Beth Givens, director of San Diego's Privacy Rights Clearinghouse.

Alleged breaches at three major companies--media firm RealNetworks, software maker Comet Systems and online advertising network DoubleClick--have lent the issue momentum, Givens said. "These privacy gaffes have raised people's awareness about their vulnerability on the Net--and that awareness is translating into political activism on the part of state and federal lawmakers."

But privacy legislation has been something of a political football in Congress. In recent sessions, members of the House and Senate have introduced a slew of Internet privacy bills, yet only one, the Children's Online Privacy Protection Act, passed into law.

Efforts unveiled this week could face a similar scenario. Online privacy touches on e-commerce, consumer rights and other complex, evolving concepts that can cut across party lines.

Yesterday, Sen. Robert Torricelli, D-N.J., offered a plan that would make it unlawful for companies to collect personal information online without first getting permission from the consumer. On Wednesday, House and Senate lawmakers formed task forces to grapple with Net privacy, noting that the laws have not kept pace with sweeping technological changes.

"The fundamental right to privacy should not be sacrificed to the Information Age," Torricelli said in a statement.

Torricelli's proposed bill specifically targets what are known as "cookies"--digital identifying tags that can track consumer purchases and travels on the Web.

Information compiled from the tags is generally used for sending advertisements based on an individual's preferences. But advocates have long feared that the data could end up in the wrong hands.

Signaling that a political consensus may still be on the horizon, the bill already has run into flak from critics who say targeting cookies may be the wrong way to go about protecting privacy.

"Cookies do a lot of things. Some elements of cookies are not only harmless, but useful," said Robert Gellman, a privacy consultant in Washington. "If a consumer had to give permission every time a site wanted to assign a cookie, it would be maddening. Going after cookies is not the answer."

Still, Torricelli's efforts come at a time when consumer awareness about privacy issues is gaining momentum.

Internationally, the United States and the European Union may be making headway in protracted talks over treatment of personal information collected from consumers via the Net. Undersecretary of Commerce David Aaron said earlier this month that the two sides were drawing together to avoid a dispute that could force European companies to stop exchanging data with U.S. companies. But talks have gone on for years, and an agreement, which was supposed to be reached in October 1998, is still outstanding.

Meanwhile, pollsters have recently found that protection of personal information is one of the highest priorities for Americans, who have expressed concern that their financial data, health records and employment records could be available to the public, according to "Privacy & American Business," a newsletter based in Hackensack, N.J.

DoubleClick in particular has come under fire for its practice of "profiling" customers. Late last month, the company said it plans to correlate online consumer profiles with offline catalog purchases.

The news was met with widespread criticism, even prompting the Center for Democracy and Technology to encourage the public to send DoubleClick email complaining about its privacy policy. Many consumers also went through the trouble of asking the company not to assign them cookies, DoubleClick has confirmed.

DoubleClick says the information is used to target advertisements to specific households and nothing more. The company also has said it will not associate any personally identifiable medical, financial or sexual-preference information with an individual, nor will it associate data collected from children.

But privacy advocates say the information could be used for non-advertising purposes. For example, the information could be subpoenaed in either a criminal or a civil court case.

For that reason, many consider Torricelli's efforts a positive step.

Marc Rotenberg, the executive director of online privacy watchdog the Electronic Privacy Information Center (EPIC), said that after two years of a dismal congressional track record regarding Internet privacy, this could prove to be the year some of these laws get passed, given that awareness is so acute.

Torricelli "recognizes that we need a system that's fair and less burdensome for consumers," Rotenberg said. "He's showing a great deal of interest and communication in privacy, and that's what we need."