An analysis released Wednesday (PDF) by the Center for Democracy and Technology concluded it's good news for consumers that Google, Microsoft, Yahoo, Ask.com and AOL pledged in recent months to amend how they handle user search data. That includes a person's queries, cookie identification number and Internet Protocol address.
"We see a stepped-up commitment to privacy from the companies, and we believe they are starting to see privacy as a market differentiator, and that, in fact, is starting to spark some competition about privacy," CDT Chief Executive Leslie Harris told reporters at a morning briefing here.
Each of those five companies has bankrolled CDT in the past or has promised to do so in the future.
The group also argued self-regulation can only go so far, in part because such a tactic won't do much to stop "bad actors" with no interest in being privacy-protective. CDT representatives said they--backed by a loose coalition of 14 companies that includes Microsoft, Google, Hewlett-Packard and eBay--will continue to pressure Congress for such action.
Their argument is that existing privacy-related laws are a confusing patchwork of state and federal regulations that differ according to industry. They say a better replacement would be uniform federal standards that apply to all types of businesses and cover concepts like notice to individuals whose information has been compromised, reasonable access to their personal records, data security and strong enforcement. Other advocacy groups, and some academics, say competition among states to craft better privacy laws (PDF) offers "a more decentralized model that fits the evolving nature of the Internet."
In addition, it's time for federal regulators to begin revisiting a self-regulatory set of standards that online advertisers reached in a 1999 settlement with the Federal Trade Commission, CDT deputy director Ari Schwartz said. He argued that those rules, which include suggestions about how long cookies can be placed on users' machines and require users to be able to "opt out" of ads that target their behavior, haven't kept up with the development of new adware technologies that have heightened tracking and profiling capabilities. A good first step, he said, is set to occur when the FTC holds a two-day "town hall meeting" on the subject in November.
The Center for Digital Democracy, which has made a name for itself in assailing Google and Microsoft on privacy issues, was quick to blast the CDT's findings as failing "to address the wide-ranging privacy threat coming from the major search engines and their advertising clients." In a statement e-mailed to reporters, CDD executive director Jeff Chester charged that CDT "has long been an ally of the various data collection companies it purports to oversee on behalf of consumers."
CDT, which bills itself as an Internet civil liberties advocacy group, acknowledged on Wednesday that it has received funding from all the companies except Ask.com. Schwartz said: "Ask has not supported us--they're the only one on here that has not supported us."
But an Ask.com representative said in e-mail to CNET News.com on Wednesday it has already "made a commitment to the CDT moving forward to provide a financial contribution."
"I don't think that's a secret," Harris said of her organization's funding sources. "Where I think we have a basic difference is whether or not it makes sense to talk directly to the industry or to simply speculate about what they're doing. We think the right approach is engagement."
But CDD's Chester said an organization cannot be expected to give an objective evaluation of its funders' products or services. "Unlike CDT, we seriously track and analyze what the industry is doing," Chester said. "As long as CDT's hands are out for a donation, they won't be able to have an independent position that protects the public."