Online Privacy: Can Tinseltown Teach Silicon Valley the Way?

If there is one topic trending higher in the press than the latest celebrity breakup, it’s the issue of online privacy. The government is now exploring tighter regulation of the online advertising industry. The FTC recently called for a do-not-track system that would allow consumers to opt out of being monitored online. And now the Department of Commerce has taken up the cause with recommendations for a Privacy Bill of Rights. If all this leads to strong legislation in Congress, it will mean the digital advertising industry could, in certain ways, become more highly regulated than finance and pharmaceutical industries.

If the online industry wants to avoid government restriction, it must regulate itself. This is a good time to explore other attempts at industry self-regulation and its effects. Some self-regulatory efforts have been bureaucratic at best, while others have been completely ineffective. The medical industry’s most recent self-regulatory effort in the name of consumer protection around the HIPAA privacy law, is an example of good intentions spoiled by bureaucratic enforcement. It was actually reported in the New York Times that birthday parties in nursing homes in some states have been canceled for fear that revealing a resident’s date of birth could be a violation of the HIPAA law.

Other industry self-regulation attempts, like the Tobacco Industry’s “We Card” program, have been pointless. The program did little, if anything, to curb tobacco sales. When looking for a self-regulatory success story, the online industry should follow the example of the Motion Picture Association of America (MPAA).

Looking back at the history of Hollywood, there are similarities between the online ad industry today and the censorship of the film industry in the 1930s. In response to the threat of government intervention in 1930, the movie industry created a regulatory system around a “code of conduct” known as the Hays Code. The code was a set of restrictions on the content filmmakers could produce. The Hays Code was written with conservative and religious principles in mind, with restrictive clauses such as, “the clergy cannot be portrayed as comic characters or villains.” When the Hays Code came under scrutiny in the late 1960s for its strict rules and infringement on free speech, the industry ultimately dismantled it and created our current rating system.

A voluntary “code of conduct” is exactly what the Department of Commerce Internet Privacy Task Force is asking the online industry to create, and what industry trade groups are also espousing. What is most applicable to the online industry is the fact that the self-regulatory system the MPAA created and still uses today puts the user in charge of deciding what they are going to see.

The user-in-charge system is a concept that Apple’s Steve Jobs relates to. When asked to weigh in on the privacy issue at the recent D8 conference, he said, “Privacy means people know what they are signing up for in plain English. Some people want to share more data. Ask them. Ask them every time. Let them know precisely what you are going to do with their data.”

With the online world becoming more social than ever, user data is central to advertisers. Online marketers are no longer content with abstract metrics like clicks or impressions. They want to find out about individuals to give them a personalized experience. However, if advertisers want access to consumer data it should be done in a privacy-compliant way. This means the online ad the industry must develop clearer privacy practices and give users the ability to opt in to receive ads.

And as a start, users must be shown a clear way to opt out. For this reason, the issue of online privacy can’t be relegated to the legal team. The issue should be resolved by people who can design a user interface that is elegant, simple and crystal clear. The design and user interface teams must be involved at every step in the process so as to provide users with clear and transparent mechanisms to help them understand what data will be collected, what will be done with the data and how they can opt out of data sharing altogether.

If the industry wants to self-regulate to avoid being federally regulated, it should start by designing a clear, opt-in system that puts the user in charge. Let’s not wait for a giant carrot or a big stick. Self-regulation has worked before–there’s no reason it can’t happen now.