It remains to be seen what actually get’s proposed. But, on first blush, it doesn’t feel right for Congress to be writing privacy policies for all the interwebs. But that appears to be what the Democratic Congressman from Virginia (Rick Boucher) is trying to do:
‘If the site used its customer data for first-party purposes (i.e., the site itself advertising to its own customers), it would have to offer consumers an opt-out option. “The default position would be that the first-party marketing transaction could occur,” Boucher elaborated. “It would only be prevented if the affirmative step was taken to say, ‘no, you can’t do that.”
‘But if the customer information is going to be sent to “some completely unrelated party,” Boucher added, “not associated with the first-party transaction, that would fall under opt-in, and that information could then be shared with the other party only if the customer affirmatively took the step of saying ‘yes you can share it.'”
What would be the fallout of such legislation for you and me?
Every time I use Google without logging in (which is almost always), do I need to give permission for Google to collect data from me so they now what ads to serve up? What if I use the Google search bar in my browser? How would that work?
Since advertising is “core” to Google’s business, maybe collecting search query data would fall under “first-party purposes”, even though that data is shared with “third-party advertisers”.
It’s a sign of the times that even Congress is starting to worry about the fine print in privacy policies and we certainly laud attempts to cut through the obfuscation of privacy legalese.
Still, this binary opt-in/opt-out approach feels like a hatchet job where a scalpel is needed.
Or better yet, Congress should first focus on legislation that will create standards around currently wishy-washy concepts of “anonymization” and “personal information” that allow companies to violate the spirit of their own policies, if not the letter.