User:Chotongfui/chotongfui's sandbox

Do Not Track is a term referring to a series of policy proposals that protects users’ right to choose whether or not to be tracked by third party websites. It is often called the online version of ‘Do Not Call’. There are strong arguments, both for and against the Do Not Track proposals.

Overview
With the development of Internet technology, a large number of people, business entities and organizations are interacting with each other. For instance, Facebook enables its users to socialize with each other. Google provides e-mail services and entertainment such as Gmail and YouTube. Customers pay fees for the services or are exposed to advertisements. While this interaction is processed, users leave a trace of their personal information such as IP address or search history.

Personal information has become a valuable asset because many business entrepreneurs are utilizing it to implement targeting advertisements or marketing promotions. According to a press release from the Consumer Watchdog, however, there is a growing concern for rampant collection of personal information. Privacy advocates worry about the fact that search engine companies can store and utilize the users’ personal information such as medical history, criminal records, profile, location and their orientation for implementing a marketing strategy. In an effort to alleviate those concerns, several U.S. legislators are trying to enact laws in regard to the protection of internet users’ privacy. U.S. citizens usually know that their online behaviors are being tracked by advertisers, and they are often opposed to this practice. A survey conducted by the Gallup Organization and the USA today shows 61% of respondents know that some advertisements are shown to them based on their interests. 67% of respondents said that targeting advertisements based on consumers’ online behaviors is unallowable, and 61% of respondents argued that online behavior tracking is unjustifiable. 37% of respondents answered they do not want targeting advertisement, 14% said that they would allow those advertisements.

History
On December 1, 2010, the FTC published a preliminary report highlighting the consumers’ right to prevent websites from tracking their online behaviors. The central plank of the bill was to adopt a Do Not Track opt-out function to web browsers. The FTC judged that online marketers’ pervasive collection of personal information could possibly violated privacy. This issue began to surface again in 2012 after Google announced its new privacy policy. Rep. Markey, Rep. Barton, and Rep. Stearns asked the FTC to investigate the legality of Google’s change of privacy policy; they sent a letter to the FTC regarding Google’s changed privacy policy.

Bills introduced
In 2011 and 2012, there were several bills introduced around this issue:


 * "Do Not Track Me Online Act of 2011" by Rep. Jackie Speier,


 * "California Senate Bill 761" by Sen. Alan Lowenthal,


 * "Consumer Privacy Protection Act of 2011" by Rep. Stearns and Rep. Matheson,


 * "A new Commercial Privacy Bill of Rights" by Sen. John Kerry and Sen. John McCain,


 * "Do Not Track Online Act of 2011" by Sen. Jay Rockefeller, and


 * "Do Not Track Kids Act of 2011" by Rep. Ed Markey.

Do Not Track Me Online Act of 2011
The Do Not Track Me Online Act of 2011 makes the FTC set the standards for the use of an online opt-out function which allows a consumer to forbid the collection or use of private information and to demand a business entity to comply with the choice of a consumer to opt-out of such collection or use. This bill is regarded as an online version of the Do Not Call law which prevents telemarketers from placing a call to individuals who do not want to receive calls from them. This bill also states that each respective business entity should disclose the current status of personal information collection and whom they share the information with. In this bill, the concept of personal information includes: "the name, a postal address or other location, an email address or other user name, a telephone or fax number; a government-issued identification number, such as a tax identification number, a passport number, or a driver’s license number; or a financial account number, or credit card or debit card number, or any required security code, access code, or password that is necessary to permit access to an individual’s financial account"; This bill also includes not collecting data about "medical history, physical or mental health, or the provision of health care to the individual; race or ethnicity; religious beliefs and affiliation; sexual orientation or sexual behavior; income, assets, liabilities, or financial records, and other financial information associated with a financial account, including balances and other financial information, except when financial account information is provided by the individual and is used only to process an authorized credit or debit to the account; or precise geolocation information and any information about the individual’s activities and relationships associated with such geolocation; or an individual's unique biometric data, including a fingerprint or retina scan; or Social Security number."

California Senate Bill 761
California Senate Bill 761 was introduced by Sen. Alan Lowenthal on Feb 18, 2011 and amended in senate May 10, 2011. The intent of this bill was to forestall shirking of responsibility of corporations’ personal information leakage and to strengthen the protection for customers. This bill also included:
 * levying a fine to companies which do not follow the bill,
 * requiring every company in California to make public the activities such as collection, utilization, and storage of customers’ personal information, and
 * providing methods to select whether or not to be tracked for the customers.

However, on Apr 27, 2011, several business entities expressed strong opposition to the bill in a letter. The objectors stated that the bill:
 * is unnecessary,
 * would harm California’s Internet economy and innovation,
 * would be unworkable and unenforceable,
 * gratuitously singles out advertising companies for special regulation,
 * would have repercussions beyond entities directly regulated by the bill,
 * would be costly to the state, and
 * is unconstitutional.

Consumer Privacy Protection Act of 2011
Rep. Cliff Stearns and Rep. Matheson introduced a bill to improve and protect consumer privacy on April 13, 2011. This bill suggests consumers control the uses of private information collected by websites. This bill also states that consumers should be able to place a limit upon the disclosure of information to third party websites. According to this bill, websites have to prompt a clear and conspicuous notice for customers before collecting personal information which is irrelevant to main transactions. In addition, at the time of the information collection, websites must display their privacy policy to customers. The policy is supposed to clarify the types of information collected, as well as the way the information would be utilized. Websites are also required to provide consumers with the ‘opt-out’ option. Once the customer makes a decision, websites cannot ask him/her to change the opt-out status until at least a year after the customers’ choice.

Commercial Privacy Bill of Rights
Sen. John Kerry and Sen. John McCain announced a Commercial Privacy Bill of Rights in a press conference in the U.S. Capitol on April 12. The purpose of this bill was to establish a regulatory framework for the comprehensive protection of personal data for individuals. This bill prescribes the consumers’ privacy rights. According to the bill, websites collecting user information should:
 * implement security measures,
 * provide clear notice to customers,
 * provide opt-out mechanism to users,
 * collect personal information in order only to process a transaction or to enhance the quality of service, and
 * discard the collected information after a certain period of time.

Do Not Track Online Act of 2011
On May 6, 2011, U.S. Senate pushed ahead a bill forbidding online business entities from collecting online users’ location information. According to this bill, corporations can collect user information under an apparent consent. The notice on the collection and use of information should be provided to users in clear, conspicuous, and accurate manner. Sen. Jay Rockefeller, the chairman of the Senate Committee on Commerce, Science and Transportation, mandated corporations to respect users’ denial of information collection. In addition, the FTC was mandated to punish corporations not following this bill. The bill includes civil penalties of $16,000 per day for violations, with a maximum total liability of $15,000,000.

Do Not Track Kids Act of 2011
Rep. Edward Markey introduced a bill called "Do Not Track Kids Act of 2011". This bill requires that online stores should get parents’ consent when they collect kids’ information. Even though they can collect it, they cannot use it for marketing purposes. The goal of the "Do Not Track Kids Act of 2011" is to strengthen privacy protection for children by:
 * requiring data brokers to explain the type of information being collected, how the information is used, and policies related to collection of information,
 * mandating online companies to get parents' consent before collecting children's information,
 * preventing online companies from utilizing the collected data for target marketing purposes, and
 * for parents and children, providing an "eraser button" in order to get rid of publicly available information content online.

Consumer Privacy Bill of Rights
The Obama administration announced that consumers have right to control which companies collect and use their information. The administration also stated that the privacy policy of companies should be transparent and understandable, and hacking and personal information leakage should be completely stopped. According to the bill, The Consumer Privacy Bill of Rights advances these objectives by holding that consumers have a right to:
 * Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
 * Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
 * Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
 * Security: Consumers have a right to secure and responsible handling of personal data.
 * Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
 * Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
 * Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

The purpose of this guideline given by the U.S. government is to deter Internet companies from indiscriminate collection of personal information for targeting advertisements. In response, The Internet companies such as Mozilla, Google, Microsoft, Yahoo, and AOL promised to provide do not track mechanism in order for customers to choose whether they want to participate in online behavioral advertising. However, the guideline has its limitation that it is not enforceable. The Obama Administration encouraged Congress to grant the Federal Trade Commission the authority to enforce each element of the statutory Consumer Privacy Bill of Rights. If it is once enacted, Internet companies which infringe on these regulations could have sanctions imposed by the FTC.

Reports from the FTC
The FTC published a report, "Protecting Consumer Privacy in an Era of Rapid Change". Jon Leibowitz, Chairman of the Federal Trade Commission, stated that "data brokers have deceived the Internet users” and “we need to focus on that the data brokers have collected personal information without the users knowing it".

The FTC articulated the purpose of their action is to protect the user privacy which is constantly exposed while surfing the Internet. In addition, the FTC discussed the Do Not Track mechanism and recommended browser vendors to enable users to control the level of personal information tracking by adopting the opt-out function. Digital Advertising Alliance (DAA) agreed with the proposal from the FTC, and they are planning to adopt the opt-out function within the year of 2012. The FTC also recommends mobile application companies to come up with simple, effective, and approachable mobile privacy protection measures. It also required data brokers to reveal their identities by establishing a centralized website enabling transparent collection of personal information, and to allow users to access their personal information collected by data brokers.

Opposition to Do Not Track
There are some arguments against Do Not Track proposal. Opponents emphasize its economic benefits of online behavioral advertising and its quality of services. According to their arguments:
 * Online Behavioral Advertising(OBA) and e-mail are the most effective advertising methods. Privacy regulation can reduce the effectiveness of behavioral advertising. If the effectiveness of OBA deteriorates, the credibility for the effectiveness of advertisement would be also lessened; consequently, it could aggravate the entire economic downturn.
 * Behavioral Targeting is an essential part of ad network, publisher, and advertiser success. Behavioral targeting advertisement is an important revenue source for publishers and ad networks. Content supported by advertisers is a crucial component of traditional media.
 * Service providers such as Facebook, collects personal information in order to provide a higher quality of service. Moreover, this information collection has been modified reflecting the recent changing trends.

Concept
Beyond the United States, the European Union also expressed its concern about the personal information management. On Jan 25, 2012, Viviane Reding, the vice chairperson of the European Commission, suggested General Data Protection Regulation which is a more strict form than the Directive 95/46/EC is. This is a right to ask service providers to delete the personal information which were collected by data brokers under a users’ consent in order to strengthen the user information protection. The right to be forgotten also includes the notion of not to be searched, and extinctive prescription of information.

The regulation recommends service providers to request consent from their users when they deal with sensitive personal information. When failing to comply with the regulation, service providers would be fined up to 1,300,000 USD or 2% of their sales figures.

Reding articulated that change of regulations related to the past Internet environment is inevitable due to the changes of digital circumstances such as technological development and globalization. She also stated that the current credibility of Internet companies is low because of weak personal information management. The proposed law would include the following:
 * autonomic control of personal information,
 * applicable regulation not only of companies based in the EU area, but also for companies dealing with personal information of EU citizens,
 * request users’ apparent consent before collecting personal information,
 * a unitary regulation applied to the entire EU,
 * mandatory reporting when information leakage occurs, and
 * transferrable personal information when users change their Internet service provider.

Objection against the statute
As a response to the proposal, there are several objections against the statute.
 * Corporations are opposed to it, claiming that the strict internet standard would aggravate the economic situation of EU and retard the development of the Internet industry.
 * Edward Vaizey, the Minister for Culture, Communications and Creative Industries in UK, raised doubt on how they can implement the “right to be forgotten”; since it is easy to replicate the original copy of content on the Internet.
 * Center of Digital Democracy(CDD) anticipated that it is not easy for EU to reach an agreement with the Internet service providers.

Concept
The resident registration numbers(RRN) have been used for online identification purposes in South Korea. The Korea Communications Commission introduced a law preventing the Internet websites which have more than 10,000 daily active users from collecting and using RRN; it will take effect after 18 Aug, 2012. The range of law will be extended to every website in 2013.

Objection against the statute
However, there are arguments against this law:
 * RRN is required to be presented in order to identify users as a way of protecting vulnerable users such as teenagers or the handicapped from indecent content.
 * RRN is being widely used for online transactions, and there is not any suitable alternative as of now.
 * Preparing systems for other verification methods such as i-pin or authentication certificate can lay an economic burden on service providers.