One reason the Internet is an excellent marketing and advertising tool is that it provides much more information about consumer behavior than is available through traditional print-based media.
By monitoring visitors on your Web site, and collecting reactions to ads placed on other Web sites, you can obtain a host of consumer information, including how many people viewed your ad, what percentage of people clicked on the ad, what percentage of people purchased your product after seeing the ad, which pages on your Web site are visited most often, the names of other Web sites your customers have visited, and customers’ e-mail addresses and other personal information.
This data can help you substantially improve your products and services. Unfortunately, the ease of collecting consumer data has resulted in fraud, violations of consumer privacy, and identity theft. As a result, consumers are increasingly wary of providing personal information, and more laws are being passed to protect their rights.
In this article we examine several Internet advertising and privacy laws, and we discuss how to reassure your customers while legally collecting the information you need to build your business.
The Law of the Land
Long before the Internet, the U.S. government passed laws protecting the privacy of consumers’ personal information and shielding them from misleading, fraudulent, and deceptive advertising practices. These laws also apply to the Internet–you should be especially familiar with Section 5 of the FTC Act. The U.S. Federal Trade Commission (FTC) publishes guidelines to help businesses apply older laws to the Internet. For instance, the three primary legal requirements for truth in advertising are:
To honor these legal requirements when advertising on the Internet, the FTC recommends that businesses:
If your Web business sells other companies’ products, be aware that the FTC can also hold you responsible for misleading ads and product descriptions, even when those materials are provided by the manufacturer. The FTC recommends that “to protect themselves, catalog marketers should ask for material to back up claims rather than repeat what the manufacturer says about the product” and that “in writing ad copy, catalogers should stick to claims that can be supported.” The FTC pays closest attention to ads that make health or safety claims, or that present data or statistics that consumers would have difficulty verifying.
In addition to pre-existing laws, the U.S. Congress has enacted several new laws that govern Internet advertising and privacy. The most important of these is H.R. 29, more commonly known as the SPY Act (Securely Protect Yourself Against Cyber Trespass Act), which came into effect on March 5, 2005. The Act prohibits specific types of Internet advertisements and methods for manipulating users’ computers, including:
The SPY Act also addresses Internet consumer privacy issues, particularly the use of information collection programs that are installed on a user’s computer to gather information about that user. The Act defines an information collection program as one that collects personally identifiable information and either sends the information to anyone other than the computer user, or uses the information to display advertising on that user’s computer.
Before you can install and execute such a program, the user must be given notice of the program’s data collection functions and must consent to the program’s execution. The Act states that notice of the program’s information collection functions must be clear, conspicuous, written in plain language, and clearly distinguished from any surrounding text or information. Further, the program must contain one of the following statements (or something substantially similar) depending on the program’s exact function:
If your business caters to children, you should be aware of The Children’s Online Privacy Protection Act, which requires that businesses “obtain verifiable parental consent before collecting, using, or disclosing personal information from children, including their names, home addresses, e-mail addresses, or hobbies.” Also investigate state laws.
Many industries have special laws governing information privacy; these laws also apply to doing business on the Internet. For instance, if your business offers loans, financial or investment advice, insurance, or any type of financial product or service, make sure you adhere to the Gramm-Leach-Bliley Financial Modernization Act of 1999.
What Information Is Collected and How
You should also identify the technologies and methods your business uses to collect consumer information. Disclosing your methods accomplishes two things: increases customers’ trust and confidence in your business, and helps technically-savvy customers opt-out of data collection. For non-technical customers, however, you should explain how they can opt-out of providing both PII and non-PII.
How Collected Information Is Used
How Consumers Can Opt-Out
If you allow third-party advertising companies, such as 24/7 Real Media or DoubleClick, to run advertisements on your site, you should tell consumers how to opt-out of these companies’ information collection process as well. However, you do not have to provide the exact instructions; simply point customers to the appropriate page on the third-party’s Web site. Alternatively, if the third-party advertiser is a member of the Network Advertising Initiative (NAI), point your customer to the NAI opt-out page at www.networkadvertising.org/optout_nonppii.asp.
For more information about third-party advertisers and the NAI, please see our article “Introduction to Internet Advertising.”
How Collected Information Is Kept Secure
With Whom You Share Collected Information
It is not necessary that you list every single company, business partner, or entity that you might share collected information with. You should, however, mention types of entities you will share information with; for instance: business partners, credit card companies, and government agencies. For each type of entity, list the type of collected information you would share and under what circumstances.
Getting More Information
There are several organizations that can assist your business by recommending privacy policies and security technologies, reviewing your privacy practices, and providing endorsements. One of the most respected is TRUSTe (www.truste.org), an independent, non-profit organization established to safeguard Internet privacy and security.
Look at your competitors’ privacy policies and consider them from a customer’s perspective. Make sure that your policy does a better job of informing and reassuring potential customers.
If you have questions about advertising and privacy laws, or how they are interpreted and applied to business, we recommend that you consult a lawyer. For information about running an Internet advertising campaign, see our article “Introduction to Advertising.”
‡ All promotional offers are subject to certain terms and conditions. To review these terms and conditions, please refer to the related product's offering page.
Verio is a leading global provider of web hosting and cloud services. As a part of NTT, one of the world's largest telecommunications companies, we offer the stability businesses need in a long-term technology partner.
Domain Name Registration Verio offers Domain Name Registration. Every domain purchased through Verio includes a FREE 3-page website. Our Web Hosting Plans include FREE design and marketing tools and a FREE domain name to help you start your business online.
VPS Hosting For businesses looking to control costs, but that require higher security and performance, Verio VPS Hosting is ideal. You can rely on it for your high-traffic ecommerce sites, content management systems like WordPress and Joomla, or multisite hosting.
Dedicated Hosting When uptime is critical, Verio Dedicated Hosting provides you with private managed servers that let you focus on your business, test environment or website, while Verio handles the hardware.
Verio, viaVerio, and Verio's product names and their related logos are trademarks, service marks, and/or registered marks of Verio Inc. in the United States and other countries. All other names are trademarks or registered marks of their respective owners. All rights reserved.