Tom Regan
'Personalization' industry launches movement to regulate itself
|
SPRING INTERNET WORLD IN LOS ANGELES -- In a move designed to head off government attempts to legislate privacy protection for Internet users, a group of 26 Internet companies and brick-and-mortar businesses Wednesday announced the creation of an international industry advocacy group called The Personalization Consortium.
The group, which includes Internet ad company DoubleClick (which has suffered much negative attention recently because of the way it gathers information about Internet users), describes itself as "an advocacy group formed by businesses to promote the responsible and beneficial use of technology for personalizing consumer and business relationship."
Personalization allows companies to tailor content and advertising to individual users based on information gathered about them. The consortium, announced at Spring Internet World 2000, is made up of companies that either provide personalization services or rely heavily on it to conduct business.
I have mixed feelings about this new endeavor, which I'll explain later in this column.
The personalization industry has been taking a terrible pounding in the media about the way it gathers and uses information from Internet users, and those engaged in personalization activitities want to head off more trouble at the pass by "educating" users – and politicians – about the real benefits of personalization. But a key part of it mission, the group says, is to create a legitimate, verifiable method of protecting people's online information.
"For the personalization movement to suceed – and it is a movement – we know we need to have the trust of the public, the press, and the government," said Don Peppers, co-chair of the group.
"In my experience as a member of the Federal Trade Commission Online committee, we're seeing that without independent verification, privacy policies just aren't working," added Larry Ponemon of PricewaterhouseCoopers, who described himself as a "privacy" geek. "Consumers need to understand the benefits if personalization, while on the other hand, they need straight-forward, accurate information so that they can access the risks of giving personal information."
The group plans to create a seal of approval. Member companies will receive a "self-assessment mechanism" that will "gauge the degree of consumer protection and compliance with state privacy practices and policies." If they do so, the will receive a "Seal of Compliance."
But as recent problems with TrustE (another Internet privacy verification group) have shown, giving someone a seal of compliance (especially one that is given based on self-assessment) doesn't mean much if Internet companies play fast and loose with the rules.
"TrustE has a real problem," Mr. Ponemon said. "People don't understand what they are getting when the see a TrustE seal on a site. A seal of compliance is not an audit. People can still fool auditors, of course, but normally only once. Auditors have standards that they use to measure whether a firm is in complaince. So we will be making sure that our members have their privacy policies audited."
While the Consortium is at least making the right noises about privacy, there were rough spots during the press conference that pointed to potential problems and future conflicts with privacy advocates.
The Consortium conducted an e-mail survey of 4,500 Internet users, the results of which they shared at the news conference as evidence that the public clearly supports some level of personalization. Which was true – to a degree. For instance, those surveyed showed little hesitation in sharing information like their names, e-mail addresses, or hobbies and interests. But they were far less likely to provide information like social security numbers, mother's maiden name, their incomes, or their phone numbers.
And when I asked Mr. Peppers why the survey didn't include questions on issues like sites giving personal information to third parties, or what people thought about Internet ads that tracked their movements on the Web. He said those subjects are "too complicated for right now," and that people might not understand the questions.
Which is, I'm afraid, just a lot of baloney. I suspect the questions weren't asked because the Consortium knew that they would receive overwhelming negative numbers. No doubt they want to "educate" people before they tackle these complicated questions.
Another bump in the road may be the new group's future relationship with privacy organizations like the Electronic Privacy Information Center (EPIC) or the Electronic Freedom Foundation (EFF).
When asked if the group had approached these and other organizations about joining the Consortium, Peppers said no such invitation has been issued.
"If they participate as a business, we would be happy to have them," Peppers said. "But we're a business advocacy group."
Some other board members speculated that the privacy groups would balk at paying the membership fees, which run between $15,000 and $20,000 a year, depending on the level of involvement.
When I called EPIC for a response to the founding of the Personalization Consortium, executive director Marc Rotenberg called the group a "profiling cartel" and dismissed the whole effort nothing more than a public relations move.
"It's a familar song and dance," he said. "They just want an industry created program to avoid having to deal with real meaningful legislation. It's just public relations and not a real committment to privacy."
Rotenberg also dismissed the group's plan to seek independent audited verification of privacy policies.
"Are the chickens in the hen house going to feel better because the fox has hired PriceWaterhouseCooper? I don't think so."
So we can look forward to the two groups bumping heads – a lot.
Will it work? It depends. If people like Larry Poneman (who demonstrated a real committment to privacy during the conference and when I spoke to him afterwards) have a strong voice in the group, it could be a very positive thing. But I worry that the companies involved will only see this as a way to get the media off their backs and do as little privacy stuff as possible in order not to interfere with the personalization gravy train.
And something that Peppers said bothered me. Peppers commented that he thought the government would eventually have more problems with the idea of anonymity and pseudonymity (because of the threat of terrorists and hackers) than with too much personalization.
If the head of this group really believes that, it says a lot about what the group as a whole believes about privacy.