Richard Brodsky wants regulations to protect consumers from online companies’ usage of people’s personal information without consent. Ad industry groups and several big names on the Internet lashed out at him in a letter.
The Fear tickled up the spines of Google, Yahoo, AOL, Comcast, Facebook, and a number of other firms in response to Brodsky’s bill, A.9275, in the New York State Assembly. His bill, called the Third Party Internet Advertising Consumers’ Bill of Rights Act of 200, calls for formal regulation of usage of personal information, something that has been left to the companies to handle with internal policies.
Those companies would prefer the state of affairs to continue. A letter to Brodsky from several online ad and search industry firms to Brodsky made an appearance on the Democratic Media website. They want him to back down:
A. 9275 would subject advertising networks to an extremely detailed, unprecedented array of notice, consent, and access obligations relating to “personally identifiable information†and “non-personally identifiable information †that is used for “online preference marketing.†Every website that an advertising network contracts with would be subject to detailed notice requirements.
This bill is unnecessary because advertising networks have already agreed to self-regulation commitments relating to most of the components of this bill. If they fail to live up to these commitments, then the Federal Trade Commission and the New York Attorney General’s office would have enforcement authority. Moreover, the bill appears to be based on Network Advertising Initiative principles that will soon be outdated, as new principles are expected to be released in the near future.
Oil futures speculation (crude is over $110 today, thanks oil traders!) and failed investment bank Bear Stearns exist in largely self-regulated industries too. Look how well that worked out for everyone. Yes, we understand regulation exists for each, but obviously not in sufficient ways to prevent harm to consumers.
Perhaps we’re looking at this too simply, and are jaded by the millions of consumer records that made their way into the hands of outsiders through dozens of breaches over the past three years, but the idea that we should wait for some harm to come to pass through identity theft or other abuse is arrogance personified.
As far as enforcement authority goes, do the signees of the Brodsky attack letter really imagine they won’t put up a fight against an investigation should abuse of their information happen? Are they really going to tell investigators that they can go ahead, look into all the black box technology behind the ad networks, look through the network infrastructure, look through raw log files, to track down a breach?
Riiiiiiiiiiiight.
