Online privacy: A timeline of key events
U.S. Rep. Rick Boucher is crafting a bill to require online media companies to disclose what user information they are gathering, how that information is being collected and how users can control that information. How did media get here—to a place where it is toeing the invasion of privacy line? What happened to self-regulation? The following is a timeline of the country's growing suspicions about online advertising's double life as a Peeping Tom:
1967 – US Senate hearings on computer privacy are held in March, two years after the House's hearings on invasion of privacy by computers.
1970 – Apparently still apprehensive about computers' intentions, The Rand Corporation publishes “Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security” for the Office of the Secretary of Defense.
1994 – Computers are declared friendly and the spotlight swings to examine human exploitation of online privacy. The Electronic Privacy Information Center (EPIC) is founded in Washington D.C. to protect “civil liberties in the information age.”
On Jan. 26, a Marin, Calif. woman files a class action lawsuit against DoubleClick for obtaining personal information via cookies without users' written consent (Judnick v. DoubleClick, Inc., et al.) The world discovers that cookies have a dark side.
In May, an Ohio resident files a complaint in the U.S. District Court of Los Angeles against Yahoo! for disclosing users' personal information to third parties without prior notice to the user. (Aquacool_2000 v. Yahoo! Inc.)
2002 – DoubleClick pays more than $2 million to settle actions against it by 10 states and the Federal Trade Commission (FTC) and promises to disclose, but not discontinue, its tracking procedures.
2003 – Another class action lawsuit is brought against DoubleClick for increasing its clickthroughs by sending fake computer error messages. The argument against DoubleClick is that the messages are misleading and lead to lost productivity when employees stop work to check the error.
2006 – The FTC incorporates the U.S. Safe Web Act and Amendments of 2006, which empowers the FTC “to ... prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce.” This includes spam, spyware and misleading messages.
2007 – On Nov. 20, MoveOn.org creates a Facebook group to protest Facebook's advertising system, Beacon (14 days after its launch), which publishes on Facebook users' online purchases from other websites without their consent. Within 10 days, 50,000 people join the group.
On Nov. 29 it's shown that Facebook is still receiving user information via Beacon despite user opt-outs. The next day, a New York Times blogger states that Coca Cola pulled out of a deal with Facebook due to Beacon's dubious practices.
In December, Facebook founder Mark Zuckerberg apologizes and allows users to turn Beacon off.
That same month, the FTC approves the Google-DoubleClick merger.
Also in December, the FTC releases self-regulation guidelines for online companies engaging in behavioral targeting, mainly focused on clear disclosure of the data gathering. Self regulation is favored by online companies so that emerging and evolving innovations are not hindered by legislation.
2008 – In January, the Network Advertising Initiative (NAI) updates its behavioral targeting best practices in response to the FTC's guidelines.
EPIC president Marc Rotenberg urges the European Parliament to establish online privacy safeguards.
2009 – In July, four leading trade associations release a set of self-regulatory principles designed "to protect consumer privacy in ad-supported interactive media that will require advertisers and Web sites to clearly inform consumers about data collection practices and enable them to exercise control over that information."
In August, Judge Sonya Sotomayor is elected to the U.S. Supreme Court with a record of ruling against Spy Factory, Inc. for conspiracy to sell illegal bugging and wiretapping devices. The crux of the case against cookies seems to be whether or not, at the heart of it, placing and utilizing tracking cookies on a consumer's computer is the same type of invasion of privacy as bugging their home.
Facebook shutters Beacon on Sept. 21.
Rep. Rick Boucher, D-Va., announces he is crafting a bill to limit behavioral targeting and protect consumer privacy by requiring online companies to clearly disclose what, how and why they are gathering, and consumers' rights to control that information. The congressman's justification (as told to the Associated Press): "Our goal is not to hinder online advertising. This will make people more likely to trust electronic commerce and the Internet."