FRAMINGHAM (07/07/2000) - For the first time in its four-year history, the Internet Advertising Bureau (IAB) has issued a set of voluntary online data privacy guidelines for its 300-member companies to use in making the Internet more secure for Web site visitors.
While most of the Rye, New York-based group's members already have their own online privacy policies, the new IAB-endorsed guidelines were announced this week in an effort to provide minimum acceptable standards for protecting the privacy of Internet users, said IAB spokesman Stu Ginsburg.
The move by the IAB -- which includes accounting firms, advertising agencies, e-commerce companies, financial services firms and other businesses among its members -- is the latest in a series of self-regulatory moves by industry groups and trade associations aimed at heading off possible privacy legislation by the federal government (see story).
But one critic said that while the guidelines are welcome, they don't go far enough toward guaranteeing that personally identifiable information collected from visitors to Web sites will remain private.
Sarah Andrews, a policy analyst at the Electronic Privacy Information Center, a Washington-based privacy watchdog group, said the main problem is that the IAB guidelines are strictly voluntary. "It's more self-regulation, and the evidence shows that just doesn't work," she said. "Our argument is always that the companies can't be trusted to enforce themselves."
Instead, government regulation and oversight by the U.S. Federal Trade Commission (FTC) or a new agency is needed to ensure true privacy for Internet users, Andrews added.
To ensure privacy for individuals while reserving the rights of companies to collect information about Web usage habits, groups such as the IAB advocate the adoption of industry-defined standards that will satisfy all sides of the issue. The IAB's voluntary standards will do just that, Ginsburg said, while insisting that the privacy issue "is not something that we've all of a sudden just discovered because of a public outcry."
While the guidelines are being issued for use by the IAB's members, they also are available to any companies that want to establish privacy policies, Ginsburg said. In the works for nearly two years, the guidelines state that Web sites should include clear policies on what kind of information is being collected about visitors and how the data will be collected, stored and used.
Policies also should state whether the information will be used for marketing purposes and and whether it will be distributed to any third parties, the IAB said. In addition, they should describe any consequences for Web site users who refuse to provide requested information, such as being unable to access the contents of an individual site.
A spokesman at DoubleClick Inc., a New York-based online advertising network that collects, uses and markets data about Web site visitors, said the company "embraces" the new guidelines and will recommend that its clients adopt them.
DoubleClick has its own privacy policies posted on its Web site.