Web analytics regulation has been commonplace in Europe for years, giving customers an option to opt-in or opt-out of having their visitor behavior tracked on any website they visit. Since 2011, there’s been a legal definition of what a consumer’s personal data is and who exactly it belongs to when visiting a website. In 27 EU countries, not giving an option to opt-in or opt-out is illegal.
The situation in the US is very different. The United States is now starting to draft more regulations around tracking customers online due to recent lawsuits and citizens challenging what the legalities of their data online are and who exactly the data belongs to. But unlike the EU, no current, comprehensive national regulation exists to guide the online tracking of individuals. This leaves it to the courts to settle matters.
In a recent lawsuit against Cartoon Network, Mark Ellis of Georgia sued the TV Channel because he considered Cartoon Network to have violated his privacy when the television channel provided his selections of videos from his Android device to an outside analytics agency. The judge dismissed the suit stating that a device ID is not PII. On the device level, there’s a precedent in a 2004 ruling Pruitt v. Comcast Cable Holdings LLC where tracking someone’s device ID does not count as PII. In the Pruitt v. Comcast case, the device ID was a cable box.
Additionally, individual states are taking actions into their own hands to define the legalities in what can and cannot be tracked, which leads to inconsistencies. For example, insurance companies in California can collect medical information online. In other states, that’s considered personal identification information (PII) that is off limits. Due to the various differences at the state level, the lack of a black-and-white ruling is leaving a lot of gray-area for interpretation. The conversation around privacy and what is considered personal information has become more frequent and commonplace. With security breaches being widely reported, how data security and privacy affects the analytics world needs definition for the benefit of consumers and business.
With no defining statute available, what should you do as a business to help communicate the positive intentions and outcomes to consumers?
- Be Transparent – Many companies today in the US have taken it upon themselves to highlight and present the purpose of tracking web behavior with third-party cookies on a small section of their terms & conditions, or even an individual web page regarding this topic .
- Provide Options – Having options is an ideal situation to both be able to capture what you need and having a level of comfort be set by a consumer themselves. For example, during the height of daily deal websites, most users were required to provide an email address to have entry into those websites. That feature seemed to make assumptions of their consumer base without considering a percentage of users who don’t want to provide an email address, but simply browse. Having options to go through different scenarios of the data that is required or not required would be a great exercise for an organization.
As the country and technology progresses, we will be sure to see more information surrounding privacy on the web and all data. Legalities will be defined more as people continue challenging what data belongs to whom. The US has more of a business-centered focus around what can and cannot be captured with analytics tools. With that being said, most consumer PII isn’t even tracked online via web analytics tools today. As proven in the Cartoon Network case, the concern of the court is to make sure you do have your privacy to watch whatever cartoon you’d like, on which ever device that may be, and have the free will to admitting that in the court of law.
