Is someone peeping at you while you are surfing the net?

Behavioral Advertising/Targeting & Privacy Law - For Individual concerned about his or her online privacy, and website operators who track users’ online browsing habits.

Introduction 
How private is our private online data, such as Facebook, or Twitter personal information? Are our purchase online or web-surfing activities being monitored without our permission? Every minute we spend online may have been tracked by the websites we visited, or spywares that are unknown to us. 

Are companies or organizations liable when they track user activities online without their permission? Many have been the subjects of lawsuits because they fail to obtain permission from users prior to collecting sensitive user information, or safeguard user data appropriately.

What is Behavioral Advertising?
Data is constantly being collected by website operators or online marketers to determine what advertisements are to be shown to an individual and to gather the individual’s web-browsing behavior (e.g. searches conducted, web pages viewed, etc.). This allows marketers to display ad content that is most relevant to the individual interest. 

In general, cookies, web beacons, and real time behavior targeting are some of the tools being used. Many people know what a cookie is. Web beacons became famous because Facebook got into trouble for using them extensively. A web beacon is a transparent picture file that keeps track of an individual surfing and navigation from website to website. With web beacons, the journey through multiple websites could be recorded. They are used in conjunction with cookies to provide an understanding how the individual interacts with the single or multiple sites.

Related Online "Privacy" Laws
There are laws and regulations on both federal and state levels regarding the collection, use, display, and disposal of personal information, such as social security numbers. The Driver’s Privacy Protection Act (18 USC 2721-2725) is one of them. 

Many actions taken by government and lawsuits in this area were in headline news. The Federal Trade Commission (FTC) has been enforcing its privacy regulations against companies or organizations. For example, FTC recently took action against Twitter and resulted in a settlement in mid 2010. The lawsuits regarding the use of Flash Cookie against Clearspring Technologies and others resulted in a $2.4M settlement. The settlement of the class action against Facebook, which used web beacons to track users to allow advertisers to analyze users’ shopping behaviors, resulted in a $9.5M settlement. California Department of Public Health took actions against some hospitals for privacy breaches. The fine amounted to $650,000. The list goes on… 

The demand for more privacy is obvious in future years. In a recent December 2010 presentation to the Subcommittee on Commerce, Trade, and Consumer Protection of the Committee on the Energy and Commerce, United States House of Representatives, the FTC proposed that, “while the Commission recognizes that consumers may benefit in certain ways from the practice of tracking consumers online to serve targeted advertising, the agency supports giving consumers a ‘Do Not Track’ option because the practice is largely invisible to consumers, and they should have a simple, easy way to control it. The FTC proposes that Do Not Track would be a persistent setting on consumers’ Web browsers.” 

Conclusion: What should we do? 
If I owned a company that sells products online or rely on cyber customers, I would follow what many companies, such as Microsoft, have been doing. Many have already formulated their policies regarding targeted advertising. The key is to give user’s notice and control. For example, if the web browser tracks user’s browsing habit, maybe there should be an opt-out message. If personal data is being collected, then there should be an opt-in message to avoid privacy class action. More importantly, user data, whether sensitive or not, should be protected against being stolen or illegitimate use. It is time to pay closer attention to data security…