It’s Not About Cookies: Privacy Debate Happening At Wrong Level

Some form of digital privacy regulation in the US is about 90 percent certain in the coming year. In Europe, where privacy rules are much more stringent, the details of new consumer protections are currently being worked out on a practical level.

For example on Wednesday the EU data protection authority decided that location data will be classified as personal information. What that will mean is that location data collection in Europe will become opt-in rather than opt-out. As you already know Europe is also putting lots of rules around cookies (and in some cases analytics).

Focus on What Matters

Much of the privacy debate has focused on cookies and icons and not what really matters: the misuse or abuse of consumer data by third parties in the real world. I don’t care whether I see behaviorally targeted ads so much as I don’t want my health care or auto insurance to be impacted by sites I’ve visited and stuff I post online.

That’s what matters in a practical sense. And by refocusing the discussion on the real-world consequences of profiling I believe the industry and regulators could come to a meeting of the minds more swiftly.

(In China it’s a different story; the stakes are much higher and the consequences of tracking more dire.)

“Privacy Not the Enemy of Innovation”

Yesterday the US Senate Committee on Commerce, Science, and Transportation held a privacy hearing that focused on tracking and protection of children, with an emphasis on mobile tracking and geolocation. Each of the formal company statements (from Google, Facebook, Apple) can be found here. And each of the companies testifying expressed broad support for privacy and said they were protecting consumers in various ways.

Several members of the committee warned of “unintended consequences” and the potential economic harm of privacy regulation. However Senator John Kerry and other members of the subcommittee expressed support for “innovation” but also rejected the idea that industry self-regulation would create sufficient protection for consumers. Kerry added, “I reject the notion that privacy protection is the enemy of innovation.”

Kerry has introduced the “Consumer Privacy Bill of Rights” and fellow Democrat Jay Rockefeller introduced “Do Not Track” legislation. Kerry repeatedly stated that consumers should be told what data are being collected, how they’re being used and by whom. Here’s an excerpt from Rockefeller’s prepared remarks:

As smartphones become more powerful, more personal information is being concentrated in one place. . . The mobile marketplace is so new and technology is moving so quickly that many consumers do not understand the privacy implications of their actions.

[C]onsumers want to understand and have control of their personal information. According to a survey commissioned by the privacy certification company TRUSTe, 98 percent of consumers express a strong desire for better controls over how their personal information is collected and used by mobile devices and apps. Unfortunately, today this expectation is not being met . . .

Finally, I believe consumers deserve a simple, easy-to-use process to stop companies from collecting personal information. Last week, I introduced the Do-Not-Track Online Act of 2011, which directs the Federal Trade Commission (FTC) to establish standards by which consumers can tell online companies, including mobile applications, that they do not want their information collected. The FTC would then make sure companies respect that choice.

Committee Told Sites Not Doing Enough for Consumers

Amy Guggenheim Shenkan, President and COO of Common Sense Media, told the committee that the companies testifying weren’t doing enough to protect children and privacy and that they should devote more resources to those objectives. Facebook’s Bret Taylor was grilled by committee chair Rockefeller about the millions of underage kids who have Facebook accounts. While Taylor was sincere and said “all the right things,” he was met with skepticism by Rockefeller.

On the same day as the hearings, the Wall Street Journal reported that social widgets (e.g., the Facebook Like button) track data about users and their path through the internet without disclosing any of that activity:

The widgets, which were created to make it easy to share content with friends and to help websites attract visitors, are a potentially powerful way to track Internet users. They could link users’ browsing habits to their social-networking profile, which often contains their name.

For example, Facebook or Twitter know when one of their members reads an article about filing for bankruptcy on or goes to a blog about depression called Fighting the Darkness, even if the user doesn’t click the “Like” or “Tweet” buttons on those sites.

For this to work, a person only needs to have logged into Facebook or Twitter once in the past month. The sites will continue to collect browsing data, even if the person closes their browser or turns off their computers, until that person explicitly logs out of their Facebook or Twitter accounts, the study found.

Facebook, Twitter, Google and other widget-makers say they don’t use browsing data generated by the widgets to track users; Facebook says it only uses the data for advertising purposes when a user clicks on a widget to share content with friends.

Disclosures Aplenty

This is precisely the kind of practice that in the future will need to be disclosed, together with an opt out capability. The difficult question is how can, for example, the benefits of Facebook Connect be preserved while simultaneously informing consumers in simple language about what’s happening with their data without scaring them?

Some have suggested coming disclosure rules will mean a deluge of pop-ups. That would be very undesirable for everyone: publishers, advertisers and users alike.

The not-unfounded fear of many publishers and ad networks is that disclosures will lead to lots of consumers opting out. For example, if there were a way to turn off ad-targeting on Facebook most people would probably do it. (Search advertising is largely exempt from the debate because by nature it’s opt-in.)

But people also want free services and generally would rather see “relevant” ads than low-quality generic ads that have absolutely nothing to do with them. The online advertising industry has done a dismal job of educating consumers about some of the benefits of targeted ads and how they subsidize free content online. Part of that is attributable to arrogance and paternalism: what consumers don’t know won’t hurt them.

That attitude will no longer work however.

Stopping Insurance Companies from Abusing Using Online Data

As suggested above, one potential way to reconcile the objectives of the privacy advocates and online marketers is to go after the real-world impact of profiling and prevent misuse of consumer data by third parties such as divorce lawyers, insurance companies, mortgage banks, potential employers and the police. That should be the real target of consumer privacy rules (although the mechanics of implementing and enforcing this approach are challenging). Giving consumers confidence that data collected about their online behavior “won’t fall into the wrong hands” or be “used against them” is what we should really be after.

Talking to consumers about the nuances and operation of cookies and online data collection is not only challenging most consumers aren’t interested. Nobody reads terms of service agreements, for example, they just click “accept.”

While consumers should be told who gets access to their data, nobody wants their online experience to be characterized by pop-ups at every turn or confronted by lawyer-drafted gibberish each time they visit a site. What people really want is assurances that insurance carriers won’t deny coverage or banks deny loans based on online data mining.

This is the level at which the debate should be happening. Then the “tactics” or the mechanics of privacy become somewhat easier to work out.

(Photo courtesy Mark Evans. Used with permission.)


Related Topics: Channel: Consumer | Features: Analysis | Legal: Privacy


About The Author: is a Contributing Editor at Search Engine Land. He writes a personal blog Screenwerk, about SoLoMo issues and connecting the dots between online and offline. He also posts at Internet2Go, which is focused on the mobile Internet. Follow him @gsterling.

Connect with the author via: Email | Twitter | Google+ | LinkedIn


Get all the top search stories emailed daily!  


Other ways to share:

Read before commenting! We welcome constructive comments and allow any that meet our common sense criteria. This means being respectful and polite to others. It means providing helpful information that contributes to a story or discussion. It means leaving links only that substantially add further to a discussion. Comments using foul language, being disrespectful to others or otherwise violating what we believe are common sense standards of discussion will be deleted. Comments may also be removed if they are posted from anonymous accounts. You can read more about our comments policy here.
  • steveplunkett

    Great Article.. good reporting, thank you.

  • I.P.

    Spot on. If people knew that their data was being stored and used properly, with genuine benefits for them, there would be much less call for opt-outs.

    Personally, I think this reassurance starts with introducing proportionate penalties for the management of companies which fail to protect data – treating this as though they had gone to your house and unlocked the doors, knowing that thieves could walk in.

  • dstiehr

    Grandstanding senators railing on about cookies and tracking seems ludicrous to me when a significant percentage of the population is more than willing to put their name, location, workplace, school, likes, dislikes, personal photos, etc. on Facebook for the world to see forever, and a growing number is willing to share their exact location with the world at all times via Foursquare, Gowalla, etc.

    i would much rather be tracked with cookies than put every detail of my life on blast in a permanent online record where anyone can see it and build a profile of me right down to my name and face.

    I get that the difference is one is being consented to and one is not, but it just seems strange that privacy is sacred when it comes to not being served a BT ad, but privacy is meh when it comes to actual FB profiles. Maybe the reality is if ppl don’t care enough about privacy to not share all these overt personal info on the web, there’s no point in crying “privacy violation” about cookies.

  • jud

    Greg, I’m happy to see you writing about this. I’m afraid though that these arguments are unlikely to reach, let alone bend legislative ears.

  • P.M.

    Cool animation by Breadcrumbs Solutions that explains online privacy hazards

  • SFGreg

    Some people like to go to little hole in the wall places to eat. Maybe the place is in a dangerous neighborhood and it looks like a dive, but they’ve heard the sandwiches there are amazing.

    Just don’t pay by credit card, or your credit score could take a dive.

    I’ve heard that by tracking purchases, credit card companies can tell if you’re expecting a baby, and can predict if a divorce is in the cards. Why would someone who lives and works in the same zip code have a string of one day stays at a hotel in that same zip code?

    A way to tone down the witch hunt claims about cookies might be to suggest that regulations about tracking apply universally – not just to the web, but also to credit card tracking and the use of that information.

    Goofy claims about cookies won’t go away if we are tone deaf regarding legitimate claims. Instead of denial, people who are in the know (us) should come up with a top ten list of abuses and present that to Congress along with a request for pragmatic regulations that will effectively deal with genuine problems.

    I’ve yet to see a post like that in SEL. How about it?

  • Ian Williams

    I work in the UK and am genuinely surprised by the wholesale adoption of the EU directive by the British government. The lack of consultancy with the industry is obvious. It feels like a snap decision, borne out of a European mistrust of new, large, web industries like Facebook and Google, more than an actual meditation on important privacy issues.

    I do think that this legislation will be trimmed back, but only in a few years when people start realising that site experience has ‘mysteriously’ got worse, they receive a deluge of useless ads, and have to eternally remember their passwords and settings or click disclaimers every five minutes.

  • Pete

    I am also in the UK and totally agree with Ian’s comments above about the government not consulting the web industry.

    Following on from his point I was explaining to my grandparents this weekend about this EU directive and how it will effect their experience online. After I had explained about cookies, how the majority of web companies use the data collected and what the EU directive will mean for their online experience they agreed that they would rather have cookies being put in place so that they would get ads that were actually relevant to them rather than some useless ads and get ads that were actually relevant to their interests.

    I also explained that there would be multiple ticking of disclaimers or pop ups asking them for permission every time a website wanted to put a cookie on their machine to remember a password or track them through analytics and they didn’t like this idea either as they would find this very annoying. Once they were educated about the uses of cookies on sites they were happier with the idea of them. I have a feeling this will be the reaction of many internet users in the UK and if we could just educate people more about the use of cookies and their data they would be a lot happier about what we are trying to do.

  • Simon Reavely

    Good article…for me this part is key:
    “But people also want free services and generally would rather see “relevant” ads than low-quality generic ads that have absolutely nothing to do with them. The online advertising industry has done a dismal job of educating consumers about some of the benefits of targeted ads and how they subsidize free content online. Part of that is attributable to arrogance and paternalism: what consumers don’t know won’t hurt them. That attitude will no longer work however.”

    …good stuff!

Get Our News, Everywhere!

Daily Email:

Follow Search Engine Land on Twitter @sengineland Like Search Engine Land on Facebook Follow Search Engine Land on Google+ Get the Search Engine Land Feed Connect with Search Engine Land on LinkedIn Check out our Tumblr! See us on Pinterest


Click to watch SMX conference video

Join us at one of our SMX or MarTech events:

United States


Australia & China

Learn more about: SMX | MarTech

Free Daily Search News Recap!

SearchCap is a once-per-day newsletter update - sign up below and get the news delivered to you!



Search Engine Land Periodic Table of SEO Success Factors

Get Your Copy
Read The Full SEO Guide