Privacy Mandates are Bad News for Web Users

When Congress returns from its summer recess, Internet privacy will be high on its agenda. Half a dozen bills introduced this session aim to address the privacy “crisis” by imposing new regulations on businesses. Amid this panicked flurry of legislative activity, lawmakers need to slow down and take a deep breath. While the state of Internet privacy today is far from perfect, federal meddling with the thriving online ecosystem will only hurt consumers.

One bill seeking to regulate how websites use and share user information, the Do Not Track Me Online Act, would task the Federal Trade Commission (FTC) with forming new rules mandating that Web browsers give users a mechanism for opting out of many kinds of information collection. The bill, introduced in February by Rep. Jackie Speier, California Democrat, would also require companies to inform consumers of their collection and use practices and provide consumers with access to information collected about them. Another bill, the Do-Not-Track Online Act, introduced by Sen. John D. Rockefeller IV, West Virginia Democrat, would impose similar rules, but does not specify what information would be covered or whether consumers would be enabled to opt in or opt out.

To lawmakers who are not familiar with modern Internet markets, these kinds of legislative proposals may sound like sensible approaches to privacy protection. Unfortunately, the bills threaten to disrupt the growing market for free online content and services.

Interest-based, or behavioral, advertising allows online companies to deliver increasingly relevant ads to users. Legislative rules that constrict individualized advertising will not only hurt businesses, but consumers as well. Imposing costly mandates on businesses and encouraging users to opt out of sharing their information will mean less revenue for content creators, forcing them to resort to “paywalls” and other paid business models to stay afloat. Small businesses stand to suffer the most from such regulation, as they lack the means to analyze their user base to maximize their advertising effectiveness.

It is no accident that using the Internet entails a great deal of information-sharing, much of which occurs behind the scenes. Each time a user visits a website, several pieces of information are transmitted across the Internet to various companies, including third-party advertising networks such as DoubleClick and Yahoo!

This ubiquitous data collection may strike some as nefarious or “icky,” but it is, by and large, innocuous. Information collected by ad networks is almost never tied back to users on a personally identifiable basis. After all, advertisers don’t care who you are – they simply care about what someone like you wants to buy. Consider that literally billions of data points about users reside on firms’ servers, yet actual abuses of such information are vanishingly rare.

Not all companies’ privacy practices are scrupulous, and mistakes happen from time to time. But the FTC and state attorneys general are already empowered to pursue unfair or deceptive business practices. Firms that make mistakes also face class-action lawsuits, as Google learned the hard way last year when it settled an $8.5 million lawsuit regarding privacy violations involving its “Buzz” social-networking tool.

Privacy is important, to be sure, but regulatory mandates are ill-equipped to account for the dynamism of the digital age. Not all consumers demand the same level of privacy protection. For the many consumers who deeply value their privacy, the market is responding accordingly. Increasingly, firms compete on privacy protection. Microsoft, for instance, touts its Trustworthy Computing effort as a core feature of many of its software and online products.

Consumers also enjoy an array of tools and services that deliver the level of privacy they demand. Several Web browsers already incorporate “do-not-track” features, while independent software developers are constantly experimenting with technologies that give users control over what they reveal online. Organizations, including PrivacyChoice and TRUSTe, inform consumers about how numerous sites collect data, enabling users to opt out of tracking activities they don’t like.

Consumers and firms can sort out the privacy problems of the information age far better than lawmakers seeking to score political points. Businesses that do not deliver on privacy will suffer market discipline – a fate far worse than regulatory intervention. In the evolving online world, consumer privacy and digital commerce can flourish if government’s role is limited.