Behavioral Advertising Under Attack?
This post at Proskauer's privacy blog notes some increased attention at the state level following a December 2007 announcement by the FTC to "take a look" at behavioral advertising on the internet. The post provides a good summary on the status of regulation on targeted advertising on the internet, and how pending legislation may affect such activities.
States have launched an effort to regulate aspects of this practice, both NY and CT have introduced statutes that may cause the typical commercial website operator some concern. Here's a page with links to both statutes.
The CT bill - which you can access here - is somewhat narrower than the NY bill. It only applies to "personal information," and requires a website operator to disclose (upon request of a state resident) third parties to whom the website operator disclosed personal information. The bill could be cleaned up a bit, but its goal is to allow consumers to determine whether their personal information has been shared to third parties, and "whether or not the operator knows or reasonably should know that the third parties used the personal information for the direct marketing purposes of a third party." The problem with this bill is its description of "personal information":
"was able to be associated with an individual"?? That's painful to read, and more importantly totally vague. I'm not even sure what that means.
The NY bill - which you can access here - is far more sweeping. As described by the Proskauer blog:
Notably, the bill would
prohibit a third party from tracking information from websites when it
does not have a contractual relationship with the website owner. This
provision could have major implications for the companies described
above that contract with Internet Service Providers to monitor surfing
activity across all websites a consumer visits.
NB: NYT story here.