Many users feel that having their names associated with detailed online and offline behaviour profiles is a violation of their privacy, and were glad to see the Federal Trade Commission (FTC) voice concern over DoubleClick's plans to merge PII and non-PII.

The FTC uses a set of information practice principles to evaluate online privacy issues [FTC00]: Firstly, users must be notified of profiling activities on web sites and be given the opportunity to decide whether they want to participate in those activities. Secondly, web sites must provide users with reasonable access to their individual data, and make reasonable efforts to protect that data from loss, misuse, alteration, destruction, or improper access. Consequently, the leading advertising agencies formed the Network Advertising Initiative (NAI) in 1999 with the goal to preempt government regulation of the online advertising market by defining a set of self-regulatory principles. In July 2000, they released a policy governing the use of consumer data for OPM. This document [NAI00] specifies that:

• Agencies are forbidden to use PII about sensitive data such as medical or financial records, sexual behaviour or orientation, or social security numbers.
• If non-PII is collected, publishing sites are required to post a privacy policy that states which information is used, and provide a way for users to deny the collection of data.
• The rules on merging PII with non-PII depend on which data is collected first:
  • If PII is collected after the non-PII (as in DoubleClick's case of acquiring the Abacus database), the agency may not merge the data sets without the user's prior consent.
  • If non-PII is collected after the PII (e.g. through ongoing behaviour tracking after a user enters his personal information), the publishing site must notify the user of this fact before he is entering any information and provide him with a way to deny the collection of non-PII.

These rules employ two different models for getting a user's decision on allowing data collection: In the opt-in model, the user has to give the agency explicit permission to use his data - if he does not opt-in, the agency is not allowed to use the data. The opt-out model works the other way round: The agency may use the data as long as the user does not explicitly forbid it.

As a consequence of the NAI principles, DoubleClick cannot simply merge its database of online non-PII with Abacus' database of offline PII - it is only allowed to merge the profiles of users who explicitly opt-in. Additionally, DoubleClick provides users the opportunity to opt-out on its web site. This feature is achieved by simply storing a cookie with the value OPT_OUT instead of a unique identifier on the user's computer [DC00d].

< PII and Non-PII | Conclusion >