Google's DoubleClick deal brings greater focus on privacy

Nearly lost in the news about the U.S. Federal Trade Commission's (FTC) approval on Thursday of Google's acquisition of DoubleClick was another action by the agency: The publication of a proposed set of privacy principles governing online behavioral advertising.

The release of the privacy principles is an important and welcome step, said Peter Swire, a senior fellow at the Center for American Progress, a liberal think tank, and a law professor at Ohio State University. Although some privacy groups blasted the FTC for approving Google's DoubleClick deal, the acquisition has helped place focus on the entire online advertising industry's privacy practices, Swire said.

"It's good that the FTC is shining a spotlight on this industry," Swire said Friday. "Online advertising is in its second boom. They're trying lots of new techniques; some of those techniques have privacy problems."

The FTC hosted a workshop on behavioral advertising and privacy in November. The agency's proposed privacy principles, a series of "self-regulatory" steps the FTC is recommending for online advertisers, come in part from that workshop.

Among the FTC's proposals:

-- Web sites that collect information for behavioral advertising should provide a "clear, consumer-friendly, and prominent statement" about the reason for collecting that data. Consumers should be able to choose whether they will allow that information to be collected.
-- Any company that collects or stores consumer data for behavioral advertising should provide "reasonable security" and should keep data only as long as necessary to fulfill legitimate business or law enforcement needs.
-- Companies should only collect sensitive data for behavioral advertising if they obtain express consent from the consumer.
The Center for Democracy and Technology (CDT), a group focused on online privacy and civil liberties, also praised the FTC for releasing its privacy principles. The principles are a "clear sign that the commission does not believe that the industry's current self-regulation framework is sufficient to protect consumers today,” CDT Deputy Director Ari Schwartz said in a statement.

CDT also called on Google to "step up and make a clear, public statement about its plans for proactively protecting consumer privacy." Consumer privacy in the behavioral advertising market remains an industrywide concern that requires the focus of consumers, policymakers and companies, CDT said.

The release of the privacy principles should send a signal to online advertisers, said Leslie Harris, CDT's president. "In releasing these principles, the FTC hasn't closed the door to other options," she said in a statement. "Self-regulation is part of the solution for protecting consumer privacy, but clearly self-regulation hasn't lived up to its promises.... We'll need a rigorous mix of self-regulation backed by regulatory enforcement."

Other privacy groups criticized the FTC for its ruling allowing Google's acquisition of DoubleClick to move forward. The agency had reason to act on privacy concerns raised by the merger and failed, said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), one of three privacy groups that asked the FTC to block the merger or impose privacy conditions.