Who wants cookies? That’s the question being asked by some lawmakers troubled by how internet marketers can track the movements of, and learn about, people who cruise the world wide web.
According to a federal law that goes into effect April 21, web site operators must get parents’ permission to collect personal information from children online. But there are no laws governing the use of “cookies,” or virtual tags that can pinpoint which sites an internet user has visited.
Many commercial web sites attach cookies to a person’s computer that identify the user when he or she returns. Cookies are what allow a book-selling site, for instance, to welcome you back by name and suggest new reading selections based on your prior purchases.
Critics of cookie technology say that more sinister purposes also are possible.
In one high-profile case, the Federal Trade Commission and some states are investigating whether the nation’s largest online advertising firm, DoubleClick Inc., violated the privacy of consumers.
Michigan Attorney General Jennifer Granholm alleged that DoubleClick implants electronic files on the hard drives of users’ computers and plans to use the customer information to create personal dossiers for marketing purposes.
“It is a disturbing reality that when we are online, everything we read and write, every web site that we visit, may be secretly monitored, recorded, and shared by companies looking to profit from our behavior,” Sen. Robert G. Torricelli, D-N.J., said in a speech on the Senate floor. Torricelli recently introduced a bill that would presume computer surfers do not want web sites to share their information unless they “opt in,” that is, notify the site that sharing information with marketers is OK.
Small numbers of web sites now offer an “opt-in” option; on others, it is possible to “opt out.” But in a letter to colleagues seeking support for the bill, Torricelli said the problem with the “opt-out” option is that most internet users don’t know how to do itor they don’t know that opting out is possible.
“Rather than opting out of having personal details shared, the burden should be placed on companies to contact consumers so that they have control over whether or not personal information is disclosed,” Torricelli wrote.
Critics say placing that burden on web sites could cripple marketing and commerce on the internet, because so few people would bother to “opt in.”
But Torricelli said his idea strikes “a workable balance” between entrepreneurial opportunity and the right to privacy.
Rep. Rodney Frelinghuysen, R-N.J., is a believer in the “opt-out” concept. His recently proposed bill would require commercial web sites to notify visitors if any personal information is being collected while they are on the site.
Visitors would be asked if they wanted to opt out of having that information used or disseminated by the site operator.
“The bottom line is that the American public has the right to know who is collecting information about them, and how that information is used,” Frelinghuysen said.
Another New Jersey lawmaker, Republican Congressman Bob Franks, is pushing a bill that would ban web sites from disclosing to a third party the Social Security number or related information of a visitor to the site without the person’s prior written consent.
Frank’s bill was introduced a year ago but has not advanced.
The Washington, D.C.-based Center for Democracy and Technology offers a list of 10 ways to protect privacy online, including these:
• Look for privacy policies at web sites. If none is found, eMail the site and urge posting of a policy.
• Teach children that giving out personal information online is like giving it to strangers.
• Search your computer’s hard drive for a file with the word “cookie” in it and check it out. Consider deleting any unnecessary cookies.
Federal Trade Commission
Sen. Robert G. Torricelli
Rep. Rodney Frelinghuysen
Center for Democracy and Technology