Online Behavioral Advertising and Privacy

The Right to Privacy is a right cherished by the American people, embodied by the 4th Amendment to the Constitution. “Justice Brandeis taught us that privacy is ‘the right to be left alone.’”[1] This right includes more than just solitude and secrecy. Consumers must feel protected from the “misuse of their personal information to engage in commerce, to participate in the political process, [and] to seek medical treatment.”[2] In recent years the protection of people’s personal information has been eroded by the onslaught of Online Behavioral Advertising (“OBA”).

Many Internet users assume that their online activities are confidential, protected by the anonymity of the virtual marketplace. In reality however “every search, query, click, page view, and link are logged . . . analyzed and used by” advertisers, market researchers, and other third parties.[3] This process is referred to as OBA and is used to deliver tailored advertising to individual consumers.[4] This information is gathered and stored by advertising companies who share the information on consumers across multiple websites and companies.[5] For example, if a person writes an email to friends about getting married, they will see advertisements, within their email server, and elsewhere online, for wedding planners and florists.

In general, the collection of data is done with the consent of the consumer and involves the collection of “non-personally identifiable information.”[6] Other companies however collect more personal information such as email addresses, “photographs, and posts on social-network sites.”[7] Some go further still by secretly tracking or collecting data through “scraping.” One incident of “scraping” involved Nielson Co., an advertiser that represents drug manufacturers. Neilson Co. secretly “cop[ied] every single message off” of a private online medical forum. [8] More recently, Google was fined $22.5 million dollars for bypassing “privacy settings in Apple’s Safari browser to be able to track users . . . and show them advertisements.”[9]

Even when the collection of personal data is done with the consent of the consumers this consent is rarely “informed consent.”[10] This is because the disclaimers used by companies are “extraordinarily vague and extraordinarily long and legalistic.”[11] The Federal Trade Commission (FTC), the agency tasked with enforcing these agreements, focuses on the “enforcement of deceptive trade practices” or, in other words, only prosecutes companies who break agreements, but does not force them to draft understandable agreements.[12]

More needs to be done to protect the privacy of individual consumers in the online marketplace. In February 2012, the White House drafted the “Consumer Privacy Bill of Rights,” (“CBR”). The CBR sets up a framework intended to help protect consumer’s privacy in the online marketplace. The protections offered by the CBR however are insufficient. In order to rectify this shortcoming, the United States needs to implement a “Right to be Forgotten,” along with harsh penalties for violators. The “Right to be Forgotten,” first proposed by the European Union, gives consumers control over the data that is collected from them, including the ability to force data collectors to delete all information they have stored.[13] The steep penalties would keep companies who participate in OBA from violating people’s privacy despite the economic incentives.[14]

[1] The White House, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Economy, (Feb. 2012) (President Barack Obama’s Introduction).

[2] Id.

[3] Omer Tene & Jules Polonetsky, To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising (Aug. 31, 2011),, at 282.

[4] FTC Staff Report, Self-Regulatory Principles for Online Behavioral Advertising: Behavioral Advertising (2009)., at 2.

[5] Id, at 3.

[6] Id.

[7] Julia Angwin & Steve Stecklow, Scrapers’ Dig Deep for Data on Web, Wall St. J. (Oct. 10, 2010),

[8] Id.

[9] Claire Cain Miller, Google, Accused of Skirting Privacy Provision, Is to Pay $22.5 Million to Settle Charges, N.Y.Times, Aug. 10, 2012, at B2.

[10] Erica Newland, Disappearing Phone Booths: Privacy in the Digital Age, (May, 2012), at 5.

[11] Id.

[12] Id.

[13] Electronic Privacy Information Center, EU Data Protection Directive, .

[14] Interactive Advertising Bureau: Internet Ad Revenues at Nearly $15 Billion in First-Half of 2011, Up 23%, Second Quarter 2011 Breaks Record Again (Sept. 28, 2011),

Author: Alexis Elder

Alexis Elder is a native of North Carolina and attended The University of North Carolina from 2000 to 2004 where he majored History. After leaving North Carolina Alexis moved to Aspen Colorado where he bartended and skied until moving to New York City in 2009. Since living in the Northeast, Alexis has received a BA in Political Science from The City College of New York while continuing to work in the restaurant industry. Alexis is currently pursuing a joint JD/MBA degree from Rutgers Newark, is a member of the Rutgers Business and Finance Law Society, and is an Associate Editor of the Rutgers Computer and Technology Law Journal. Over the summer of 2012, Alexis interned for the Honorable Carolyn E. Wright in Essex County. Alexis continues to be an avid skier and outdoorsman, having recently summitted Mount Kilimanjaro, and volunteers with New Heights NYC, an educational outreach program in Manhattan.

Leave a Reply

Your email address will not be published.