As the Federal Trade Commission concludes a series of public workshops into the privacy implications of Internet advertising and data collection, senior commission officials on Wednesday reiterated their concerns that Web companies are overreaching when it comes to collecting personally identifiable information, or PII.
“The march of technology has blurred and indeed threatens to obliterate the distinction between PII and non-personal information,” said David Vladeck, director of the FTC’s Bureau of Consumer Protection. “On the Web, at least, it is getting harder and harder to choose anonymity.”
Today’s proceeding is the last of a series of three roundtables the FTC has held since December, calling on a broad array of industry representatives, consumer advocates and others as it mulls updating its self-regulatory guidelines for behavioral targeting and online advertising.
But Vladeck stressed that the commission officials overseeing the issue haven’t yet arrived at any conclusions on how to proceed.
“To be candid, we’re not certain,” he said this morning. In the near term, the commission will likely be relatively quiet on the issue, as staffers digest the broad-ranging input they have received through the series of workshops and other efforts. Eventually, Vladeck said the commission would likely develop a set of proposed recommendations, which would then be presented to the public to submit comments in a procedural build-up toward a final decision.
“We will have a very public process on this,” he said.
The FTC proceeding comes amid an ongoing congressional inquiry into consumer privacy led by members of the House Energy and Commerce Committee, who have held their own series of hearings on Internet data collection and are preparing legislation expected to be introduced later this year.
In opening remarks at today’s event, FTC Commission Pamela Jones Harbour leveled pointed criticism at some industry practices regarding consumer privacy, with especially harsh remarks directed at Google regarding the recent unveiling of its social networking service Buzz, which quickly drew criticism for how much information was shared by the default settings, prompting the company to make a series of changes.
“The recent launch of Google Buzz was quite frankly irresponsible by a company like Google,” Harbour said. “We have high expectations of Google as a corporate citizen.”
Harbour may be feeling a little freer to speak candidly, given that she has announced her intention to resign from the commission April 6, after six and a half years of service.
Also, she didn’t just take on Google. She blasted what has become a common industry practice of rolling out a new product or service that promises to add a new social dimension to the Web, only to see the launch get roiled in privacy concerns as users and advocacy groups fear they are being tricked into sharing more information than they are comfortable with. Companies such as Facebook are familiar with this cycle, and often yield to the criticism and add in additional privacy controls, but for Harbour’s tastes, that doesn’t go far enough.
“In my opinion that message may need to change, and I would like to see the commission take the position of intolerance to companies that push the privacy envelope and then backtrack,” she said.
Harbour also criticized a host of Web companies for their spotty use of encryption technology. She called on social sites, e-mail services and others operating in the cloud to extend the use of SSL encryption beyond just the login and password credentials to protect all data transmissions.
“Without encryption, user data is easily intercepted using freely available off-the-rack hacking tools,” she said. “My bottom line is simple: Security needs to be a default in the cloud.”
She put her advice to Web companies bluntly: “Step up and protect consumers. Don’t do it just some of the time. Make your Web sites secure by default.”
Kenneth Corbin is an associate editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.