Privacy Legislation as Opportunity for Innovation

Posted on by

By Mark Schiefelbein, Wakoopa

Online privacy problems have frequently made international headlines. Facebook rolled out yet another change to its settings that made previously private data public without users’ consent. And the next major retailer was stripped of passwords or credit card details stored without encryption.

The EU ePrivacy Directive – Well Intentioned but Impractical
Not surprisingly, this has gotten the attention of lawmakers who are responding with numerous initiatives aimed at protecting the privacy of consumers, most notably the 2009 amendment of EU ePrivacy directive which is now being turned into individual laws by the member states.

The directive is stringent to say the least, often described as well intentioned but impractical. Milica Antic (@milica_antic) of Amsterdam law firm SOLV does a good job of explaining the issues in her white paper “Cookies Under Control” .

Where Internet marketing firms felt free to use cookies in whichever way they saw helpful in advancing their business, lawmakers responded by imposing far reaching limitations. According to the directive, any technology used to store or access information on any type of device is required to obtain prior ‘clear and comprehensive’ consent.

Cookies – The Good, The Bad and The Ugly
The use of cookies is at the center of this rather stringent directive. Clearly, the use of cookies has much improved the user experience of users around the web, relieving consumers of having to type their login information every time they access a site, allowing sites to store purchases in shopping carts for later or allowing publishers and advertisers to target content.

While beneficial in most cases, the use of cookies has also been blatantly abused by many of the same Internet marketing firms. They have sold or shared private information with other firms, changed terms and conditions without telling users or burying the changes in pages and pages of legalese, obtained information under false pretexts or kept information for much longer than reasonably required. It’s therefore not surprising that lawmakers respond with stringent laws, opting to rather err on the side of overprotection.

Industry Self-Regulation – As Impractical As the Law
Critics of the directive quickly point to industry self-regulation as an alternative. In an ideal world it would provide the required privacy protection while maintaining high levels of user experience. Unfortunately the self-regulation efforts usually fall way short of their targets. Quite ironically, these initiatives are often characterized by bureaucracy much more reminiscent of the lawmakers who are so dreaded by the industry than the innovation it prides itself with.

The IAB initiative “your online choice” http://www.youronlinechoices.com is an example. It is not very well known amongst consumers, full of long and complex texts, only applicable for participating companies, devoid of any feedback on whether or not it is working and, worst of all, it doesn’t work for more than half the companies using cookies (in dark grey below) blaming the problem on the consumers’ supposedly slow Internet connection.


Mozilla Collusion – Privacy Protection As Innovation
The industry will only be able to convince lawmakers of friendlier laws if it can demonstrate that its initiatives lead to complete privacy protection. To do so, it will need to be relentlessly transparent in its operations, providing an accurate and truthful briefing as users opt-in, clear and continuous full disclosure while storing and processing data and a safe exit that allows consumers to leave without leaving any traces (‘The Right to be Forgotten’).

This is a serious challenge that needs to be addressed. Rather than by regulation, be it governmental or industry, as Internet entrepreneurs we believe it will be tackled by innovation. If nothing else, the EU directive has created an opportunity. Sparked by the fear of adverse legal effects, companies will find solutions to address these issues, and consumers will choose the most appropriate ones.

One of the first promising efforts we have seen is Mozilla Collusion (http://www.mozilla.org/en-US/ collusion/), an experimental add-on for Firefox that allows you to see all the third parties that are tracking your movements across the Web. It allows consumers to take control of their data and see the big picture. Collusion records each cookie that is placed as well as the the site responsible for the placement. While following a user’s online journey, it then clearly visualizes the formerly hidden links where information from cookies was shared by Internet marketing firms.


It’s an eye-opener, showing the layman how the innocuous Facebook ‘like button’, that is present all over the web, can be used to provide information to sites never visited before, or how ad targeting firms unknown to even savvier users pull the strings behind mainstream publication. It’s not surprising that this innovation comes from a browser vendor. These vendors have realized that privacy protection is an opportunity and are trying to capitalize on it!

At Wakoopa (www.wakoopa.com) we also see privacy protection as an opportunity to set us apart from other vendors. Wakoopa provides tools to track users’ online behavior that are used by major market research companies like TNS or Ipsos.

Not surprisingly, we are under intense scrutiny with regards to privacy. But rather than relying on lawyers, we work with consumers to make them feel comfortable about our tools. Our trackers require an explicit user opt-in, give the user feedback on what is being tracked, put the user in control with options like a pause button and a black list of sites that won’t be tracked, and let the user easily uninstall the tracker if it’s no longer wanted; technology to put the consumer back in the driving seat.