Online privacy policies come under scrutiny

The White House and California’s attorney general separately struck pacts with technology companies to address mounting concerns over the collection of personal information online — but faced immediate criticism for not going far enough.

The Obama administration announced a “privacy bill of rights,” a set of guidelines that would allow consumers to have more control over the types of data that companies collect.

Officials also described plans for a “Do Not Track” feature for Web browsers that would allow users to opt out of data collection by many prominent online advertising firms, including Google Inc., Yahoo Inc. and Microsoft Corp.


“Privacy and trust online has never been more important to both businesses and consumers,” Secretary of Commerce John Bryson said in a conference call with reporters.

He noted that the White House was working with Congress to enact digital privacy legislation, a process that has dragged on for years and which is not expected to be resolved this year.

“We cannot wait,” Bryson said.

But consumer advocates said that the privacy initiatives, which are voluntary, would still give companies substantial wiggle room in deciding how much consumer data to collect, and what to do with it.

“That sounds great but you should really have a law to get them to do it,” said Justin Brookman, privacy director at the Washington, D.C.-based Center for Democracy & Technology. “It remains to be seen how effective these self-regulatory approaches are, absent a stick to get everyone into the room.”

Separately, California Atty. Gen. Kamala D. Harris said she reached an agreement with six technology companies, including Apple Inc., Google, Inc. and Microsoft, that will require all software application developers to come up with a privacy policy.

Under the agreement, the policy has to be disclosed to smartphone users before they download the app. If app developers don’t comply, they can be prosecuted under the state’s consumer protection laws, Harris said.

It marks the first time that California has made it clear that the rules for online services apply to mobile apps, which have become pervasive as more people carry smartphones.

Most mobile apps do not currently have a privacy policy, an apparent violation of California law. Harris said 22 of the 30 most frequently downloaded apps don’t have privacy policies.

“This is a good-faith agreement between industry and government,” Harris said. “Once someone crosses that line, there is going to be a different response, which is going to be litigation and enforcement.”

But consumer watchdogs complained that few consumers bother to read privacy policies. They will be even less likely to read them on their mobile devices, the groups said.

Privacy is a growing concern for consumers who entrust more and more personal information to apps they download on their smartphones.

The issue came to light this month when Path and other mobile app developers admitted they had been downloading and storing users’ address books without their permission.

Apple now requires app developers to get user approval to collect information from address books. Developers say they download the information to help users quickly connect with family and friends on their services and to alert them when new friends join.

On Wednesday, Harris was one of 36 attorneys general who sent a letter to Google objecting to the company’s upcoming policy change that would allow it to track users’ activity across various Google online products and services.

The National Assn. of Attorneys General said the new policy, scheduled to take effect March 1, invades consumer privacy by automatically sharing personal information that users give to one service across all of the services.

Many of the latest privacy concerns come as technology companies focus on smartphones as the next commercial frontier because they offer a hoard of personal information that can be mined.

“Consumers need new safeguards to ensure that their mobile data can’t be used without their express consent. Today, consumers are being stealthily eavesdropped when they use their mobile phones, with no limits on how their information can be collected or used,” said Jeffrey Chester, executive director of the Center for Digital Democracy.