Privacy advocates are not impressed with DoubleClick's new multi-point consumer privacy plan.
Experts say the Net ad agency's opt-out approach does not provide an adequate solution to the privacy risks inherent in their practices.
"This is window dressing on their previous position -- which is that they're going to profile [Internet users] as much as they feel like, unless people try to opt out," said Jason Catlett, president of Junkbusters. "Given the level of profiling that's going on ... we believe this is not acceptable."
Privacy advocates like Catlett addressed the plan in a media conference call following DoubleClick's Monday announcement.
DoubleClick serves advertising banners to thousands of Web sites and keeps track of the users as they move between sites.
The company has drawn fire from privacy groups since it announced a plan to merge with offline direct marketing firm Abacus Direct.
Last month the company said it would begin associating people's names and addresses with its tracking program. Privacy groups vehemently criticized the plan, and the Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission against DoubleClick.
Seeking to defuse the controversy, DoubleClick announced five steps to protect the consumers it tracks online. The privacy initiatives include a major media campaign to educate consumers through Web ads and a company-run education site called PrivacyChoices.
"DoubleClick is committed to consumer privacy," president Kevin Ryan said at the company's news briefing. "At the same time, we realize we have not done enough to educate consumers."
Ryan promised the company would only place ads on Web sites that notify consumers of DoubleClick's data-collection practices and offer an opportunity to opt out.
The company created a chief privacy officer, hired an accounting firm to conduct privacy audits, and set up an advisory board of consumer, security, and privacy experts.
More fluff than stuff, privacy advocates said in their own press conference.
"Several years ago, DoubleClick said it would not collect personally identifiable information and keep anonymous profiles," said Marc Rotenberg, executive director of EPIC. "Privacy experts applauded that approach."
But as a result of the Abacus merger "DoubleClick has changed its mind," Rotenberg said. "And they're trying to convince users they should accept that [new] model."
Rotenberg said the problem with the opt-out approach is that it's never been proven as an effective, large-scale mechanism to protect all consumers adequately. People frequently do not realize that such an option exists, and data is often being collected en masse without their informed consent.
More importantly, Rotenberg explained that people don't have much leverage with DoubleClick because there is no direct customer relationship. Doubleclick's clients are the partner sites that display the company's banner ads and provide it with user data.
Privacy advocates prefer opt-in plans, where companies can't collect information unless the consumer has actively provided consent, over opt-out.
"Our goal is to make sure privacy is protected and is based on informed consent," added Evan Hendricks, editor of Web site Privacy Times. "And their opt-out model is not adequate to provide informed consent."
Reuters contributed to this report.
