Jerri-Lynn Scofield explores what the US Do Not Track Online Act could mean for the telematics industry
Senator Jay Rockefeller, chairman of the US Senate Committee on Commerce, Science and Technology, on May 9 introduced the Do Not Track Online Act, which would allow consumers to opt out from having online services collect personal information that can be used for data mining. The bill would apply to all online activities, including mobile telephone applications and auto-based telematics options. The legislation won’t ban tracking per se and is much less onerous than other possible approaches, like requiring Internet users to opt in to allow their data to be collected.
The legislation permits providers to collect data, even for those who’ve previously opted out, in order to provide a service requested by the individual. So, if passed in its current form, this bill won’t threaten the telematics industry. In this respect, it differs from the legislation that created the National Do Not Call Registry in 2003, which effectively killed the telemarketing industry. “If opting out becomes widespread, data mining may not necessarily suffer,” says Ellen Siegel, an information privacy professional who runs Practical Privacy Consulting. “Instead, techniques for anonymizing data will become increasingly important.”
Legislation or self-regulation?
The Federal Trade Commission (FTC) would be charged with creating rules to flesh out the legislation. The measure would create a dual enforcement regime under which both the FTC and state attorneys general would have separate ability to enforce the law, notes Siegel. Previously, in February, Jackie Speier, a member of the House of Representatives from California, introduced similar legislation.
Although the Obama administration generally favors basic standards for privacy protection, further specifics on its policy preferences have yet to emerge. Thus far, there has been an ongoing debate between the industry and legislators about whether legislation is necessary or whether industry self-regulation would be the superior approach, with the FTC in general largely favoring this self-regulation perspective. “Technology changes rapidly, and regulators don’t want to risk legislating specific technological solutions that risk becoming security holes,” says Siegel.
One technological innovation would be to add a ‘do not track’ header to outgoing Web traffic, which could be configured in a Web browser. Apple (Safari), Microsoft (Internet Explorer), and Mozilla (Firefox) already support this feature in their newest browser versions. In the absence of any existing legislation, supporting these header provisions is voluntary—companies are not obliged to honor user requests—and inconsistent, as Google (Chrome) has yet to support the header solution. Google instead contends that the prior industry self-regulation approach—based on cookies—should suffice to allow Web users to opt out of data tracking, and that no new system is necessary.
Whether or not the pending federal measure becomes law, states may take their own steps to improve online privacy. California—frequently a bellwether for privacy and consumer protection measures—took a first step to enacting state ‘do not track online’ legislation when the judiciary committee of its state senate approved a draft bill on May 3 mandating support for consumers to opt out of collection of their online personal information. “Whatever state does this first is likely to become the model for other state and national legislation,” says John Casey, chief of staff for California state senator Alan Lowenthal, author of the bill. (For more on privacy, see ‘Telematics and in-car cameras: Privacy versus opportunity’ and ‘Telematics and the socially networked car, Part II’.)
Protecting business models
The draft California legislation is more specific and detailed as to what it covers than is either the Speier or Rockefeller bill. It has broader applicability than at first might be obvious since it applies to anyone doing business with consumers who reside in California. Opponents of the California legislation include the California Chamber of Commerce, Google, banking and insurance organizations, and Internet commerce sites, according to Casey. “They believe that their business model is predicated on being able to collect data and sell it to advertisers,” says Casey.
As far as the telematics industry is concerned, “The California and Rockefeller operational provisions are broadly similar, in allowing exceptions to data collection and tracking opt outs, in order to provide a specifically requested service,” says Siegel. Their adoption therefore shouldn’t inhibit the development of telematics services. “The senator is not to trying to put anyone out of business,” says Casey. “He’s willing to dialogue and hold meetings with opponents, to come up with a solution that allows them to maintain their business model, but protects privacy as well.”
There are many technological details to be worked out as legislation is considered. “Some of what is included as covered data under the California law is device type,” according to Siegel. “If access to this information is blocked, servers won’t know how to format data so browsers can read it properly.” According to Casey, though, the California bill in its current form won’t pass. “But I believe in the next year and half we will get to a bill that will pass,” he concludes. “The bill’s opponents probably have the power to kill this bill now, but overall in the long term, I don’t believe they have the power to kill the Internet privacy movement.”
Jerri-Lynn Scofield is a regular contributor to TU.
For all the latest telematics trends, join the sector’s thought leaders at Telematics Detroit 2011 in Novi, MI on June 8 and 9.