With the new policy, DoubleClick does not promise to change any of the practices that have drawn barbs from consumer advocates such as a controversial requirement that consumers "opt out" of its programs to avoid having data collected. But the policy does spell out more clearly how it collects consumer data and what it does with that information.
Changes from the previous policy include expanded definitions for a number of its practices and explanations for new areas of business and technology, including electronic tracking tags known as cookies and Web bugs.
"Hopefully it's understandable," said Jules Polonetsky, DoubleClick's chief privacy officer. "Our goal was to be simple enough for the new user and complex enough for the technological user."
DoubleClick has been in the hot seat for privacy issues for nearly a year and a half following its acquisition of Abacus Direct, an offline marketing company. Privacy advocates started to bite their nails after the company announced plans to merge offline consumer profiles with data about online surfing habits. The proposal touched off a flurry of media attention and scrutiny from lawmakers about profiling practices on the Web.
Last year, the Federal Trade Commission launched an investigation to determine whether DoubleClick's tracking practices violated its published privacy policies.
The FTC closed its investigation of DoubleClick earlier this year, concluding that the company had done nothing wrong.
Despite the controversy, DoubleClick has said that it plans to launch an anonymous customer profile service, which would gather data about Web surfers and match it to offline data from Abacus.
Polonetsky said the company has received hundreds of responses to its new policy since it was posted Friday, including requests for grammatical changes and further clarifications on policies.
One of the most barbed responses came in the form of an open letter from anti-spam group Junkbusters.
In the letter, Junkbusters President Jason Catlett dismissed the DoubleClick's claims of openness as propaganda.
"I have repeatedly asked DoubleClick to show the 88 million Americans what is kept in Doubleclick's Abacus Direct database about them, and I have met with repeated refusal," according to Catlett's objections contained in the letter.
"How could keeping billions of records in secret electronic dossiers constitute executing business in 'the most open manner possible?'"
In the letter, Catlett asks for several revisions to the policy, including that DoubleClick obtain consumer consent before collecting data on an individual, or getting consumers to "opt in." He also asks that DoubleClick give consumers access to the data and the right to delete anything they so choose.
DoubleClick's new policy outlines practices in its revamped e-mail marketing business, which after two acquisitions, is the largest in the industry. The policy also tells consumers how they can opt out of being tracked by cookies and how not to receive catalogs from Abacus. In addition, it gives consumers an idea of what a marketing profile looks like, but does not give access to those profiles.
Among other things, the policy states:
"DoubleClick does not use your name, address, e-mail address or phone number to deliver Internet ads."
"If DoubleClick collects personal information from you for our own purposes...we will provide you with reasonable access to that information."
Richard Smith, chief technology officer of the nonprofit Privacy Foundation, said that he is still reviewing the policy but that it "appears to be much more thorough than the older one." However, Smith said he "fundamentally disagrees" with the consumers having to opt out of data gathering practices by Internet companies.
"If you're snooping on people, you've got to let them know," Smith said. The Privacy Foundation and DoubleClick "will have to agree to disagree" on their opt-out policy, he said.