Online privacy may be one of the most important digital issues of the day, and it's only getting more important as more and more people use the internet more frequently.
Not suprisingly, government is increasingly looking to assert its role in the debate. Late last year, the U.S. Federal Trade Commission (FTC) issued a staff report suggesting that one attractive solution to many privacy concerns would be a Do Not Track mechanism that allows consumers to opt out of tracking.
The primary method of accomplishing this, the FTC proposed, would be a "persistent setting, similar to a cookie, on the consumer’s browser".
There was just one problem with the FTC's report: it's completely unrealistic. As I noted at the time, "many of the very same companies that the FTC says have been too slow in addressing consumer privacy concerns would be expected to respect this new "persistent setting." As the setting alone stops nothing, consumers would have no obvious way of determining whether or not websites are respecting their setting".
But reality and government don't always see eye to eye, so it's not surprising that the U.S. Congress is set to see a flurry of bills that would look to require companies to reign in their tracking of consumers online. The Wall Street Journal describes the Do Not Track Kids Act of 2011:
A draft House bill with bipartisan support would prohibit companies from tracking children on the Internet without parental consent, restrict online marketing to minors and require an "Eraser Button" that would allow parents to eliminate kids' personal information already online...
The new legislation, among other things, would prohibit companies from using or providing to third parties personal information of kids under 18 for "targeted marketing purposes."
Another proposed bill, the Do-Not-Track Online Act of 2011, is out to save everybody -- not just the children. It "would allow for companies to, at the minimum, collect information necessary to function -- though it is unclear how that standard would be defined -- and it would empower the Federal Trade Commission to prosecute offenders. For consumers who ask not to be tracked, the bill would require companies "to destroy or anonymize the information once it is no longer needed".
States are even getting into the act. California, for instance, has a bill on the table that would require companies serving California-based internet users to opt out of online tracking. Not surprisingly, some of the internet's most prominent companies, including Google and Facebook, which are based in California, aren't amused.
While these bills have their differences, they all share one common characteristic: they're largely unworkable. In the case of the Do Not Track Kids Act of 2011, for instance, many companies that collect information about their users don't even know the ages of their users, so it would be impossible for them to identify who they can track, and who they can't.
The Do-Not-Track Online Act of 2011 looks to be so vague on certain matters, such as how long information is "needed", as to be meaningless. And if California lawmakers think out-of-state and non-U.S. based companies are going to modify their websites so that they can identify California-based internet users and give them special privileges, they're insane.
None of this, of course, means that privacy isn't important, and that there isn't room for increased protections and transparency. The truth of the matter, however, is that politicians are exaggerating privacy concerns.
Most tracking is not being done for nefarious purposes, and most reputable, legitimate companies (the kind who would actually bother to try to follow these laws in the first place) already disclose their privacy practices.
When they don't disclose them accurately, or don't live up to the promises they've made, they not only get sued, they risk losing the trust of their users and customers. No technically unfeasible law can ever provide more of a stick than that.