Google and Facebook slam US 'do not track' bill

Google, Facebook and a host of other big names have warned against a proposed privacy mechanism that will allow consumers to opt out of cookies and other forms of online tracking, in an open letter to California legislators.

According to the gruesome twosome, Senate Bill 761 (PDF), which cleared its latest legislative hurdle on Tuesday, "would create an unnecessary, unenforceable and unconstitutional regulatory burden on Internet commerce".

"The measure would negatively affect consumers who have come to expect rich content and free services through the Internet," says the consortium, adding somewhat dubiously: "and would make them more vulnerable to security threats".

Other signatories to the letter include Time Warner Cable and the California Chamber of Commerce.

If passed, Bill 761 - introduced by the Democrat senator Alan Lowenthal - would require all businesses which collect online data to offer California consumers "a method to opt out of [the] collection, use, and storage of such information". Regulations have to be put in place by 1st July, 2012.

The proposed legislation covers data about the online activity of an individual, as well as other personal information such as the time and date of Internet access; the location from which the information was accessed; the 'means' - presumably the device and operating system used; the user's IP address; and ID information such as postal and e-mail addresses, driver's licence info, credit card details, passport numbers or tax IDs.

Organisations that do not collect 'sensitive' information - which is defined by the law as data relating directly to a consumer's medical history, ethnicity, religion, sexual orientation, or financial status - are exempt from the regulations.

Google, Facebook et al complain that consumers are already adequately protected by existing California laws - all of which, they claim, "contain important exceptions and balances so that they are workable".

SB 761, they reckon, "contains none of these limitations, and instead leaves the Attorney General's office the complex and delicate task of figuring out what to exempt."

Both Google and Facebook have a chequered history when it comes to user privacy. Google found itself in legal hot water around the world after its Street View cars were caught nicking data from unprotected WiFi networks - a 'mistake' the search giant blamed on a rogue programmer. Last week saw fresh revelations, as police in South Korea raided Google offices over allegations that the company had misused data from its AdSense service.

Facebook was faced with a wave of defections by users concerned at sweeping changes to its privacy policy, made without users' consent - and was the subject of a recent open letter concerning security, sent by security vendor Sophos.

The pair allege that 'do-not-track' legislation could jeopardise the 162,000 people currently employed in California's e-commerce industry. They go on to point out that the four leading Web browsers - Internet Explorer, Firefox, Safari, and Google's own Chrome browser - already employ various methods such as 'private browsing' features, to block advertisers from tracking users.

The US Federal Trade Commission has so far relied on self-regulation to prevent abuses of user privacy - but last year released a report (PDF) warning that, if self-regulation doesn't work, it would be quick to propose federal 'do-not-track' regulation.