At first glance, the regarding policy seem rather benign. They state that companies should build in privacy protection at every stage, including limited collection and retention of data, and procedures for protecting accuracy. Also recommended: Consumers should have a , and companies should disclose details about what data they are collecting, how they're using it, and provide customers with access to the data collected about them.
But security and privacy experts argue that the guidelines are not benign. Daniel Castro, senior analyst at the (ITIF), a Washington, D.C.-based think tank, issued a statement calling the recommendations "misguided," saying, "The new report shows the FTC still does not understand the fundamental economics of the Internet. Consumers should have options to protect their privacy, but there are important trade-offs and costs in creating those protections. The FTC's recommendations would create economic burdens that could stifle the efficiency and innovation that consumers also want from the Internet."
In an interview with PCWorld, Castro added, "They're a regulatory agency. That's their perspective. They think about regulation." But Castro believes the "do-not-track" legislation can limit choice for consumers. "With less-targeted advertising, some Web sides can't deliver ads very well. It limits innovation by requiring what ISPs can do with customer data. That limits the market for online advertising and innovative business models. That ultimately hurts consumer choice."
Security expert Dr. Larry Ponemon of the , concurs. "There's a big difference between a do-not-call list and a do-not-track list. People understand that getting a call at dinnertime from a telemarketer is annoying. But marketing rules and funds the Internet. If you strip out marketing and advertising from the Internet, nothing would be left."