Privacy advocates: Consumer education isn't enough

The efforts of e-commerce sites and online advertisers to educate U.S. consumers about privacy and targeted advertising aren't enough because many consumers won't take the time to understand the issues, privacy advocates said Thursday.

Leaders of the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy (CDD) called for Congress to pass online privacy regulations during a forum hosted by the Annenberg School for Communication at the University of Pennsylvania and the University of Southern California. And Susan Grant, director of consumer protection at the Consumer Federation of America, suggested the U.S. government should set up a "do not track" list, prohibiting advertisers from tracking online activities, modeled after the do-not-call list governing telemarketers.

Many U.S. consumers don't understand online advertising practices because the ways in which online companies use personal data is constantly changing, said Marc Rotenberg, EPIC's executive director. He pointed to a 2005 University of Pennsylvania survey in which only 25 percent of respondents knew that a Web site having a privacy policy doesn't guarantee that the site refrains from sharing customers' information with companies.

"What those privacy policies do is they disclaim responsibility," Rotenberg said. "I don't think people are wrong to believe a privacy policy means that their personal information won't be disclosed to others. I think that's a commonsense understanding of what a privacy policy means. I think businesses are wrong to post a privacy policy and then believe that provides a basis to disclose that information to others."

Officials with Google and AOL talked about their efforts to educate consumers about their privacy. Google uses a short-form privacy policy to cover the basics, in addition to more extensive privacy policies, and it has posted 13 videos on privacy on YouTube. AOL has created a campaign to educate consumers about privacy and online advertising, but only about 1 percent of users have clicked through on a banner ad urging them to check out the campaign, said Jules Polonetsky, AOL's vice president of integrity assurance.

"I don't know fully if this will work," he said.

But Polonetsky said he wasn't sure if a blanket do-not-track list would work, either. Some people may want certain advertisers to deliver contextual ads, and a do-not-track list might not cover privacy practices of social-networking sites, he sad.

Jane Horvath, Google's chief privacy officer, noted that the National Advertising Initiative (NAI), a network of online advertisers, offers an opt-out cookie that allows Internet users to opt out of online tracking by member companies. But she acknowledged some limitations with the cookie -- antispyware software and browsers can clear the cookie, forcing users to have to return to the NAI Web site and opt out again.

U.S. government rules are needed to give online advertisers a code of conduct, said Jeffrey Chester, CDD's executive director. He called interactive online advertising "a virtually invisible, stealth system."

Online tracking by advertisers is "a secret for the vast majority of people here in the United States, Europe, and elsewhere," Chester said. "The system is already in place, and it's too late to turn it back, sadly."