News that a key member of the U.S. Congress intends to introduce legislation designed to rein in behavioral targeting suggests that 2009 will be the year that defines advertising practices on the Web.
Comments by Ed Markey that any such legislation should require an opt-in provision means the fight that occurred over Facebook's Beacon program will move to the larger Internet.
Markey started the Internet privacy caucus more than a decade ago and sits on the committee that held hearings last month on the issue. The House Energy and Commerce Committee has released letters from the companies responding to questions about their data collection practices.
Google, Microsoft and other tech companies were called to testify about their data collection practices.
What's interesting is that both companies called for some kind of federal legislation on net privacy, even though the head of the U.S. Federal Trade Commission argued against it.
That's not a surprise, given that the agency approved Google's acquisition of DoubleClick without conditions, saying the market will be enough to protect Web surfers' privacy.
But given Google's dominant share of the search ad market, and the momentum it gained in display ads thanks to DoubleClick, that argument will be a tough sell.
As we told you last week, Google is already combining its search data with DoubleClick's knowledge of what ads get clicked on by what types of users.
That allows it to serve highly relevant ads, but also gives it a wide open window into how consumers use the Internet.
Google and the other search companies, in their written responses, went to lengths to emphasize that they don't do the type of deep-packet inspection that yields personally-identifiable information.
But the whole point of Web analytics is to allow online ad buyers and sellers to track consumer behavior by planting cookies on their PCs.
While it's easy enough to remove those using browsing software or other third-party apps, the vast majority of Web surfers don't know that. They're also not going to take the time to wade through privacy policies so they can opt out of such collection.
In AOL's response letter, they company said only a small fraction of their users opted out, while Google dodged the question entirely.
Facebook's initial attempt to make Beacon opt out -- until a public outcry forced it to change course -- showed that tech firms will push the envelope on privacy when they can. They have to if they want to maximize their revenue from targeted ads.
Given how much convenience the Web provides, users are likely to trade some privacy to access it. Users of Amazon.com have proven that.
But not everyone will, and whatever law Congress passes should make it easy for them to not have their data tracked.
The best way to do that would be an easy-to-find Web page that allows users to opt in or out through a simple sign-up process, much like the national Do-Not-Call list that prevents calls from telemarketers.
In fact, a similar Web site already exists. It's run by the Network Advertising Initiative, an online advertising trade group, and it allows consumers to opt out of its members data-collection practices by preventing them from placing cookies on their computer.
Making such a Web site opt-in would give consumers even more control over their online personal data, and Congress should give them that control if they pass legislation next year.