Advocating Consumer Privacy through Transparency and Choice
In striking the balance between protecting consumer privacy and fostering the marketing innovation that keeps our economy growing, DMA favors the greatest potential consumer choice. An important foundation of DMA’s Guidelines for Ethical Business Practice is the position that marketers should inform consumers of their practice and give consumers choice to not have their data used for various purposes. Direct marketers must recognize and respect consumers’ wishes and rights if they expect to create trust and win-win relationships.
Taking a Stand on Privacy Legislation and Regulation
DMA does not support legislation that establishes an overall privacy regime. Instead, we support legislation that is targeted at specific problems, because one solution does not fit all circumstances.
DMA is particularly active in fighting regulations that would dictate the specific types of choice that marketers offer for use of consumer data. Different communication channels require different forms of notice – notice on the telephone is different from notice on a website, in a catalog or in a tweet. What is important is the principle that consumers be informed of how data is being used and be given related choices. The type of data determines the type of choice marketers should offer consumers. For example, use of consumers’ bank account information to charge for goods requires a higher level of choice than using a name and delivery address to send a mail offer.
Specifically, DMA opposes efforts requiring “opt-in” choice by consumers in all instances. "Opt-out" standards are usually most beneficial to the interests of both consumers and marketers. While certain types of data – such as financial and specific health data of individuals – require greater consent from consumers, a general “opt-in” regime would stifle innovation and jobs created through Internet commerce.
DMA has and will continue to support and promote self-regulation for privacy and marketing issues rather than the more cumbersome and slow-changing model of government regulation. For more information on DMA’s work to ensure effective self-regulation, please see Championing Self-Regulation.
Leading the “Do Not Track” Debate
In its December 2010 privacy staff report, the Federal Trade Commission (FTC) proposed creating a massive, government-run “Do Not Track” program. What might sound like a harmless proposal is really a solution in search of a problem – and one that could have dire effects on the American economy.
Online behavioral advertising – advertising tailored to the interests of consumers – has been a hallmark of direct marketing in all communication channels for decades. The Internet has brought great new potential to make advertising more relevant to individual consumers by presenting ads and offers based upon the Web-surfing that consumers do on computers and mobile devices. This increases the efficacy of Internet advertising and provides greater support for the multitude of content that consumers enjoy across the Internet.
In response to concerns raised by consumers, Congress and the FTC about the privacy implications of interest-based advertising, DMA and its association partners launched the Self-Regulatory Program for Online Behavioral Advertising in October 2010. The Program gives consumers enhanced notice and choices about the interest-based advertising they receive, and gives businesses a clear road map to compliance with the Self-Regulatory Principles for Online Behavioral Advertising that industry created in July 2009. Together, the Principles and Program effectively answer the call for robust and effective self-regulation of online behavioral advertising practices.
In contrast to effective self-regulation by industry, creating a government-run “Do Not Track” registry would require federal mandates about the way the Internet works – from networking protocols to web browsers to software applications and other Internet devices. This would raise costs for consumers – making them pay for choices that self-regulatory programs already provide.
For more information on DMA’s work to ensure effective self-regulation of online behavioral advertising and other marketing practices, please see Championing Self-Regulation. (hyperlink to section)
Supporting Reasonable Data Security
Whenever marketers or their suppliers possess consumer data, they must take reasonable steps to secure that data and prevent misuse of it. Data security applies to on-line and off-line data storage. It requires employees with access to the data to be constantly trained and supervised.
One particular marketing use of consumer data is to help prevent fraud which reduces ID theft and credit card fraud. DMA’s position is that government should enhance and support – not restrict – anti-fraud uses of consumer data. DMA strongly supports legislation that strengthens penalties and provides resources to identify and prosecute those who obtain consumer information illegally and/or use that information for fraudulent or deceptive purposes.
While supporting regulations that require reasonable security, DMA has consistently opposed any effort to delineate specific security on-line protocols in regulations. Such prescriptive regulations would prevent companies from using new technologies and provide a blueprint for hackers to harm consumers and companies.
DMA generally supports a national standard for data protection and appropriate risk-based triggers for notification in the event of a breach. All marketers holding consumer data should have a written security plan that includes training of all employees with access to consumer data. We continue to work with Congress to pass such a law. However, consumers should be notified only when there is a reasonable expectation that they may be subject to identity theft. DMA opposes legislation that would force unnecessary notification that could frighten consumers in the short run and desensitize consumers to breach notifications by having too many false alarms.