Industry presented plans for self regulation to the European Commission last month , following a public statement by Commissioner Neelie Kroes, in which she established clear benchmarks that a self-regulatory instrument would need to meet in order to be deemed acceptable and sufficient by the Commission.
These are:
1. Effective transparency (paramount). This means that users should be provided with clear notice about any targeting activity that is taking place.
2. Consent, i.e. an appropriate form of affirmation on the part of the user that he or she accepts to be subject to targeting.
3. A user-friendly solution, possibly based on browser (or another application) settings. Obviously we want to avoid solutions which would have a negative impact on the user experience. On that basis it would be prudent to avoid options such as recurring pop-up windows. On the other hand, it will not be sufficient to bury the necessary information deep in a website’s privacy policies. We need to find a middle way.
On a related note, I would expect from you a clear condemnation of illegal practices which are unfortunately still taking place, such as ‘re-spawning’ of standard HTTP cookies against the explicit wishes of users.
4. Effective enforcement. It is essential that any self-regulation system includes clear and simple complaint handling, reliable third-party compliance auditing and effective sanctioning mechanisms. If there is no way to detect breaches and enforce sanctions against those who break the rules, then self-regulation will not only be a fiction, it will be a failure. Besides, a system of reliable third party compliance auditing should be in place.
During the round table, Robert Madelin, Director General of DG INFSO, clarified that the Commission position is in favor of an opt-out approach for cookies. He also clearly stated that profiling is an appropriate tool for marketing purposes and that its use both online and offline needs no distinction. Finally, the Commission stated its interest to find the right balance between data protection and the legitimate interest of data processing for a balanced economy.
This is good news, and takes us back to the fundamentals of the European Data Protection Principles. Those principles (subject to a EU statutory refresh of the legislation) should be applicable irrespective of channel or marketing application.
Enter stage right, Microsoft announced its plans to roll out the functionality to block all online tracking as part of its new Internet Explorer 9 (IE9). This announcement, whereby the new IE9 will feature an "opt-in mechanism" and "tracking protection lists", comes only days after the publication of a report on the protection of online privacy by the US Federal Trade Commission (FTC). In its report the FTC prominently calls for industry to provide internet users with a functionality to block online tracking activities, often referred to as a "do-not-track list" (similar to a do-not-call register).
Mozilla are also known to be working on a do not track technology by 'cloaking' the user's internet activity, though they are citing technological difficulties.
In responding to the latest FTC concerns that current tools for blocking online tracking are blunt instruments, Microsoft may nonetheless have gone too far in proposing 'opt-in' for behavioural tracking, (depending on how the technology worked in practise and what they mean by opt in).
Read more: http://online.wsj.com/article/SB10001424052748704594804575648670826747094.html#ixzz1AoD0nIJm
