New e-commerce challenges

Responsible use of "cookies" is a growing privacy issue

By -- Industrial Distribution, 6/1/2000

As distributors increasingly establish Web sites and become immersed in e-commerce, they're discovering that doing business on the Internet can be more complex than their traditional methods of selling.

Take the seemingly innocuous case of "cookies," for example. A cookie is data created by an organization's Web server that is stored on a user's hard drive. It provides a way for the Web site to keep track of a user's patterns and preferences.

An industrial distributor, for instance, could require customers to specify their type of business, shipping instructions and other information. This data would be stored on the customer's hard drive as a cookie that could be accessed the next time the customer orders, saving him or her from having to enter the same data each time an order is placed.

The problem arises when, based on cookie data, the organization compiles a list of its customers and then rents the list to other marketers. The issue has become the latest cause célèbre for civil libertarians and privacy advocates fond of quoting Justice Louis Brandeis' opinion in the case of Olmstead vs. U.S. heard by the Supreme Court in 1928.

Justice Brandeis wrote: "The right to be left alone-the most comprehensive of rights, and the right most valued by a free people."

Brent Luckman, chairman of Luckman Interactive, Inc.-a company writing privacy software-said, "cookies may contain references to sensitive data about you, such as your phone number, credit card number, address, and other personal information and online interests. A serious threat to privacy is that some companies are reading other companies' cookie files and using the personal data for their own marketing purposes."

Last February the Michigan attorney general's office announced it was investigating an Internet advertising company, DoubleClick, for violating Michigan consumer protection laws.

That state's attorney general accused DoubleClick of compiling personal user profiles that could be linked with a consumer's name, address and e-mail account. Michigan took action just one day after the Federal Trade Commission announced it had launched its own probe of DoubleClick.

Although there have been some recent highly publicized abuses, the situation is improving, at least statistically.

Enonymous.com studied the privacy policies of 30,000 Web sites and found that 630 of the top 1,000 sites now post some kind of privacy policy. In a similar study two years ago, the FTC found that only two percent of those sites provided a comprehensive privacy policy.

Meanwhile, on April 5, 26 companies-including American Airlines, KPMG Consulting, Magnify, and PricewaterhouseCoopers-formed The Personalization Consortium. This group will develop guidelines for marketing practices that respect consumer privacy and ensure the responsible use of personalization technology.

The consortium has drafted initial objectives for ethical information and privacy management, which include:

• Fair access by individuals to their personal information

• Responsible linkage of online and off-line information

• Redress provisions for individuals to change information

• Criteria for "opt-in" and "opt-out" choices

• Templates to standardize the disclosure of consortium members' privacy policies to consumers.

But even without cookies, you can send your comments and/or suggestions to harper.d@att.net.