Microsoft proposes tiered privacy in online advertising

Microsoft has proposed a tiered approach to protecting the privacy of people targeted by online advertising, saying advertisers should get permission before using sensitive, personally identifiable information to deliver ads.

Microsoft filed comments on Friday in response to the U.S. Federal Trade Commission's (FTC's) request for comments on its proposed privacy principles that would be self-administered by the online advertising industry. Microsoft's proposal operates under the idea that the greater the risk to privacy, the greater the protection data should receive, Microsoft officials said.

Microsoft agrees with the FTC's decision to focus on an industry self-regulatory approach, but the company has also called for Congress to pass comprehensive consumer privacy legislation, noted Frank Torres, Microsoft's director of consumer affairs.

"We're supporting what the FTC is proposing, but we also believe that privacy is important for consumers," Torres said. "We're not opposed to going even further" than the FTC self-regulatory proposal.

Microsoft's proposals would give consumers control over how their personal data is used, Torres said. "When it comes to online advertising, consumers should be in the driver's seat," he said.

Among the Microsoft proposals:

* Companies that keep records of page views or collect other information about consumers for the purpose of delivering ads should post a privacy policy on the home page, implement reasonable security procedures, and retain data only as long as necessary to fulfill a legitimate business need.
* Companies that deliver ads or services to unrelated third-party sites should ensure that consumers receive notice of the privacy practices of those sites.
* Companies that develop profiles of consumer activity to deliver advertising across unrelated third-party sites should also offer consumers a choice about the use of that information.
* Third parties should be required to obtain consent from consumers before using sensitive, personally identifiable information, such as health conditions, sexual behavior, or religious belief, for behavioral advertising.

Several other companies and groups, including Google, the American Advertising Federation and the Consumer Federation of America, have filed comments on the FTC's proposed rules. Google's filing last week appears to look for a narrower scope to regulations, although it said it has in the past called for a federal privacy law that would penalize offenders. Google suggests that the agency narrow its definition of behavioral advertising and distinguish between personally identifiable information and information that's not personally identifying.

The Consumer Federation of America's filing on Thursday called for stronger rules than the set of self-regulatory principles proposed by the FTC.