Electronic Monitoring and Privacy Issues in Business-Marketing: The Ethics of the

DoubleClick Experience
Author(s): Darren Charters
Source: Journal of Business Ethics, Vol. 35, No. 4 (Feb., 2002), pp. 243-254
Published by: Springer
Stable URL: http://www.jstor.org/stable/25074677 .
Accessed: 06/08/2014 22:41
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .
http://www.jstor.org/page/info/about/policies/terms.jsp
.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of
content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms
of scholarship. For more information about JSTOR, please contact support@jstor.org.
.
Springer is collaborating with JSTOR to digitize, preserve and extend access to Journal of Business Ethics.
http://www.jstor.org
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing:
The Ethics of the DoubleClick
Experience
Darren Charters
ABSTRACT. The
paper
examines the ethics of
electronic
monitoring
for
advertising purposes
and
the
implications
for Internet user
privacy using
as a
backdrop
DoubleClick Inc's recent
controversy
over
matching previously anonymous
user
profiles
with
personally
identifiable information. It
explores
various
ethical theories that are
applicable
to understand
privacy
issues in electronic
monitoring.
It is
argued
that,
despite
the fact that electronic
monitoring always
constitutes an invasion of
privacy,
it can still be
ethically justified
on both Utilitarian and Kantian
grounds.
From a Utilitarian
perspective
the
emphasis
must be on
minimizing potential
harms. From a
Kantian
perspective
the
emphasis
must be on
giving
users
complete
information so that
they
can make
informed decisions as to whether
they
are
willing
to
be monitored.
Considering
the Internet
advertising
industry's
current
actions, computer
users and
gov
ernment
regulators
would be well
advised,
both
prac
tically
and
ethically,
to move to a user control model
in electronic
monitoring.
KEY WORDS: business
marketing, computer ethics,
cookies,
electronic
monitoring, privacy
Darren Charters is a Lecturer in business law in the School
of Accountancy, University of
Waterloo. He is a member
of
the Law
Society of Upper
Canada and holds
degrees
in arts and
law,
as well as a
graduate degree
in business
administration. He has also
practiced
as a
corporate/
commercial
lawyer.
If we wouldVe known we wouldn't have done it.
We moved into a
grey
area where there's a tremen
dous amount of confusion and that's not
good.
We're a
very
innovative
company
and sometimes
you get
ahead. We made a
mistake.1
Mr. Kevin O'Connor
CEO DoubleClick Inc.
Introduction
Businesses have
long
been aware of the value
of
targeted advertising.
DoubleClick Inc.
(DoubleClick)
is an
advertising company
that
operates
in the Internet banner and
pop-up
advertising
business
space.
The
ability
to contin
ually
tailor Internet
advertising
to the interests of
a user is an advance on
previous advertising
mediums and
represents
an
opportunity
to
develop
a
competitive advantage
in the
industry.
Once trends are
detected in a user's Internet
activity advertising
can be customized to the
user's revealed interests.
A
company
such as DoubleClick sits between
the advertiser and the end user and acts as a facil
itator between
companies
who want to adver
tise to
specific types
of users and users who
may
be interested in
receiving
such
advertising.
End
users
arguably
benefit as
they
obtain the advan
tages
of customized
advertising
content while the
receipt
of unwanted
advertising
is minimized.
Until November
1999,
DoubleClick had
always
tracked user
activity by attaching
user histories
to
anonymous
user
identifications.2
Accordingly,
while user
activity
could be tracked the actual
identity
of the user was unknown.
However,
the
W
Journal of
Business Ethics 35:
243-254,
2002.
? 2002 Kluwer Academic Publishers. Printed in the Netherlands.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
244 Darren Charters
ability
to further refine data
profiles
was made
possible through
a series of
acquisitions
of other
companies
and their
proprietary
databases.
In November 1999 DoubleClick announced
an amendment to its
existing practice.
DoubleClick intended to match
anonymous
existing
data with
specific
user
names,
personal
information,
and e-mail addresses. There was no
initial
public response
to the
proposed activity.
However,
in
February
2000 the Electronic
Privacy
Information
Center,
a
privacy
advocate,
publicly
stated that the
linkage
of such informa
tion
might
have
negative implications
for users.
The
negative public response
after the statement
was immediate and forceful. DoubleClick was
forced to back
away
from the
proposed activity.
Doubleclick's CEO offered the comment
preceding
the introduction in
response
to
DoubleClick's failed
proposal.
Mr. O'Connor's statement
suggests
that
DoubleClick did
nothing wrong
from an ethical
perspective.
Rather,
if DoubleClick
was
guilty
of
anything,
it was
just
of
being
too far ahead in
anticipating
customer tolerance for such
activity.
Reflecting
on the aborted
initiative,
Mr.
O'Connor indicated that DoubleClick would not
combine
personally
identifiable information with
anonymous
user
activity profiles
until such time
as
industry-wide privacy
standards exist.3 Once
again,
however,
there was no
suggestion
that
DoubleClick will not
engage
in such
activity,
only
that it would wait until some standards
are
developed
before
doing
so.
This
paper
will discuss electronic
monitoring
from an ethical
perspective.
The discussion will
deal
generally
with ethical issues involved in
electronic
monitoring
for
business-marketing
purposes,
and the DoubleClick
experience
specifically.
The
analysis
will
begin
with a brief
overview of the basic
technology
that has
per
mitted the
development
of such
monitoring
and
move into a discussion of three
general concepts
of
privacy
relevant to electronic
monitoring.
The
paper
will continue with an examination of the
two
primary
ethical
foundations,
Utilitarianism
and
Kantianism,
which
underpin
the various
privacy concepts.
Once
completed,
the various
privacy principles
and ethical foundations will be
discussed in the
specific
context of electronic
monitoring.
The
paper
will conclude with an
ethical evaluation of Doubleclick's
response
to
the situation in which it found itself and a
sug
gested
alternative
approach
for
ethically justifying
electronic
monitoring.
It will be
argued
that electronic
monitoring
is almost
always
an invasion of the
right
to
privacy regardless
of how the
right
to
privacy
is
conceived.
However,
it can still be
ethically
justified
on a
Utilitarian basis
provided
its
benefits exceed realizable harm. In
fact,
elec
tronic
monitoring
was
ethically justified
on a
utilitarian basis in Doubleclick's initial situation
because of how it was conceived and
imple
mented. There was increased convenience and
measures were taken to minimize
potential
harm.
However,
privacy
advocates should have been
aware from the outset that
companies
would have
difficulty resisting
the
opportunity
to
exploit
potential gains
made
possible by attaching generic
user
profiles
to identifiable individuals. If
DoubleClick had
implemented
its
proposal
it
would have
completely
undermined its ethical
justification
for
engaging
in electronic
marketing
since the
potential
for harm to individuals would
have increased
substantially.
It will also be
argued
that there is another
ethical
justification
for electronic
monitoring
and,
considering
Doubleclick's recent
conduct,
it
may
be the most
appropriate
foundation
upon
which to build future electronic
monitoring
activities. If Internet advertisers
gave
users the
option
of
permitting
or
rejecting
electronic mon
itoring they
could
ethically justify
the invasion
of
privacy
on a Kantian basis.
Although
this
may
not be a favourable
option
from a business
perspective,
it is an
option
that
companies
who
engage
in electronic
monitoring
for mar
keting purposes may
have to
contemplate.
Mr.
O'Connor's comments do not
provide
faith that
Internet advertisers will exercise utmost
diligence
on
behalf of users in
protecting
their
privacy.
Since
companies appear
to have limited incen
tive to
properly regulate
themselves at an indi
vidual or
industry-wide
level
governments
will
also need to take a more active role in
regulating
database
amalgamation
and
forcing companies
to
give
individuals
greater
control over electronic
monitoring.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing
245
The
following
discussion will focus
solely
on
electronic
monitoring
in the
business-marketing
context. Electronic
monitoring
is also a relevant
issue in the business
employment
context.4
However,
the nature of the
employer-employee
relationship
creates different issues in
workplace
electronic
monitoring including
the harm
poten
tially
caused to individual and
organizational
morale,
and the
impact
that the
express
contrac
tual
right
to conduct such
activity may
or
may
not have
on the ethics of the issue.
Accordingly
this
paper
will not
attempt
to discuss the ethical
issues
surrounding workplace
electronic moni
toring.
When the term electronic
monitoring
is
used
throughout
the remainder of the
paper
it
will refer
only
to electronic
monitoring primarily
for
business-marketing purposes.
To understand
how electronic
monitoring
is made
possible
on
the Internet one needs to understand
"cookies",
which are the basic
enabling technology.
Cookies and electronic
monitoring
i. Cookie
technology
Cookies
are small data structures used
by
websites
or servers to store and retrieve information on
the user's side of the Internet connection.5
They
are sent
by
a host website or server and reside in
the user's
computer.
A cookie allows websites and
servers to "remember" information about
specific
users. Cookies
are a
relatively
recent
phenom
enon
and
were created with
very early
editions
of Internet browsers. In the brief
period
fol
lowing
the introduction of cookies but
prior
to
the
development
of the Internet as a medium
for commerce the
primary
use for cookies was as
a tool of convenience. For
example,
cookies
could be used to store
password
codes so that a
user
would not have to
re-type
a
password
when
re-entering
a site. The intent behind cookies
was
not to create a tool for
gathering knowledge
about users but to benefit users
through
increased
convenience. More
recently
this user conve
nience has also manifested itself in
ability
to
create customized content
through personalized
news service
subscriptions
and other services.
As business has
developed
on the Internet
cookies have been
adapted
for business
purposes
including "shopping
carts" for
carrying
elec
tronic
purchases
and
tracking
website
activity. By
downloading
a
cookie,
servers
hosting
a website
have the
power
to track and record information
such as the
previous
website from which the user
arrived,
all web
pages
the user visits while on the
given
site,
and
finally
the website address to
which the user
departs.
This information is mul
tiplied
in
power
if the
user can be
successfully
prompted
to
provide personal
information and
data while at the site. The
knowledge
can then
be tied to a
specific
individual. This
power
has
been taken one
step
further
by
Internet mar
keters,
who
developed
the
ability
to monitor and
profile
user
activity
across thousands of sites.6 In
addition the
ability
to tie such
history
to a
specific
individual has been
achieved,
not
just
through
the
voluntary
action of
users,
but also
through industry
wide database consolidation.
ii. Browser
capabilities
Practically speaking,
most Internet users would
have no
knowledge
as to when their Internet
activity
is
being electronically
monitored. The
normal
practice
is to download cookies onto a
user's hard drive without notice to the user. In
this
respect
there is no choice
given
to the
user,
and the
downloading
and
subsequent monitoring
is
involuntary
from the user's
perspective.
However,
it must be
acknowledged
that software
already
exists that can
give
users
complete power
with
respect
to what
cookies,
if
any,
are allowed
to be stored on a
computer.
More recent Internet
browser versions have
given
users the
ability
to
control cookies. Users can elect to
prohibit
all
cookie downloads
or,
alternatively,
be notified
of,
and have the
right
to
accept
or
reject, any
attempted
cookie downloads
by
a server. Based
on this it
might
be asserted that user s cannot take
the
position
that there is an ethical issue created
by,
or an invasion of
privacy resulting
from,
elec
tronic
monitoring
when it is within their
power
to
completely prohibit
or
selectively
control the
activity.
On a theoretical level this
argument may
have
some
merit,
but it fails for three
practical
reasons.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
246 Darren Charters
First,
Internet users
may
still be
utilizing
browser
software that does not contain such cookie
control
options.
Second,
even if all users had such
browser
software,
it is a distinct
possibility
that
many
users would still be unaware of the
capa
bility
such software contained.
Many computer
and Internet users
regularly
utilize,
and
only
have
limited
knowledge
of,
a minimal amount of a
software
program's capabilities.
Third,
and most
important,
the
technology
that enables electronic
monitoring
is
constantly evolving.
Soon after
technology
was
developed
that
gave
control of cookies to
users,
marketers seized on
new
technologies,
such as web
"bugs",
that can
evade
user
detection thus
allowing
continued sur
veillance. The
ongoing
tension between user and
marketer control in the
development
of surveil
lance
technology
ensures that the ethics of elec
tronic
monitoring
will be a relevant issue for the
foreseeable future.
Further,
while the
technolog
ical means to monitor
electronically may
differ
the same ethical issues are
poised
to
play
them
selves
out,
or are
already emerging
in other
spheres
of business
activity.
For
example
the same
issues are
already developing
in the field of
telecommunications.7 In
addition,
the same issues
will
likely
surface in the context of location based
wireless Internet
advertising,
thus
providing
addi
tional incentive to
develop
a
greater
under
standing
of the ethical
principles
involved in the
current Internet
advertising
debate.
Privacy
As a
concept,
the notion of
privacy
is
grounded
in individual
rights.
Most theorists
agree
that
privacy
is a bona fide
concept
that is fundamen
tally important
to human
experience
but there
is no unanimous
agreement
on what that
concept
means or
exactly
what it
encompasses.
This is
important
because it
essentially
means that
privacy
has
developed
as a weaker
right. Strong
rights
tend to have clear definitions and often
remain inviolable
notwithstanding any
other
ethical
appeals
to limit them. The
protection
of
the
right
to free
speech by
American courts is
one such
example.
Since the
right
to
privacy
is
a weak
right
it has not
provided
the
quality
of
individual
protection
that other
rights might
provide.8
As a
result,
it is
possible
to
justify
an
invasion of the
right
to
privacy
on another ethical
basis. In
effect,
what results is an ethical invasion
of
privacy.
With
respect
to
defining
a
right
of
privacy
some theories focus on the existence and delin
eation of a
private sphere.
Other
privacy
theories
concentrate on actions or conduct
that,
if carried
out,
will result in a violation of
privacy.
No one
concept
of
privacy
has been delineated that
suitably applies
to
every
situation. The
concept
has been
expanded
and
extrapolated
over time
with the result that a number of
acceptable
concepts
of
privacy
now exist. The
privacy
issues
raised
by
electronic
monitoring
are not
ground
breaking
in that
existing concepts
of
privacy
ade
quately capture
the current concerns
surrounding
electronic
monitoring.
The
following
discussion
on
privacy
definitions relies
primarily
on the
distillation of the various
privacy concepts by
Boatright
and
McCloskey
with the three
general
conceptual approaches being
those delineated
by
Boatright.
i.
Privacy
as a
right
to be
left
alone
The initial
concept
of
privacy
established
by
Warren and Brandeis involves the
right
to be left
alone. The foundation of the definition is that
other
people, groups,
and entities should not act
in a
way
that intrudes on an individual's seclu
sion or solitude
(McCloskey, 1980).
It was this
concept
of
privacy
that was
initially
established
as a
legal right.
However,
the
expansive
nature
of the definition caused difficulties in its
appli
cation.
The
right
to be left alone is a distinct
concept
from the
right
to
liberty.
However,
the
concept
of
liberty
has been
frequently
confused with the
Warren and Brandeis
concept
of
privacy.
At its
basic
level,
the
right
to
liberty
constitutes the
right
to be free from
physical
interference and
coercion
(McCloskey, 1980).
However,
a loss of
liberty
is not a
prerequisite
to,
or a condition
of,
an invasion of
privacy (Boatright, 2000).
The
above distinction is evident in the electronic
monitoring
debate. The
power
to observe an
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing
247
Internet user's
activity
in no
way impairs
the
ability
of that individual to use the Internet in
any
manner or
way
the
person may
elect.
However,
the same
power
to observe an Internet
user's
activity may
well constitute an invasion of
privacy.
Another weakness of the definition is that
people
do not
always
have a basic
right
to be left
alone
(Boatright, 2000).
If one's actions are a
danger
to him or herself or others there
may
be
reason to invade a
person's privacy.
Further,
even
if imminent harm is not a
concern,
the state
may
still have cause to invade individual
privacy.
With
respect
to the
Internet,
if individual conduct is
such that the state has an interest in it
(i.e.,
the
storage
and
exchange
of child
pornography)
the
state is entitled to invade individual
privacy.
Accordingly,
there should be limits to the Warren
and Brandeis definition and this is born out
by
the fact it has been
continually
refined
by
jurisprudence.
Without
any
limitations almost
no invasion of
privacy
could occur unless an
individual,
organization
or
entity
could
provide
a sufficient
justification
for
doing
so. The
threshold of
justification
would
likely
be
very
high.
As is evident from the
foregoing
it is
prob
lematic to define
privacy solely
as a
right
to be
left alone.
ii.
Privacy
as the
right
to control access to one's
personal information
There are a number of various
privacy
theories
that
can,
in their
essence,
be reduced to the
right
to control access to information about the self.
These more recent theories of the
right
to
privacy
better address the distinction between
privacy
and
liberty (Boatright, 2000).
The basic
theory represents
a refinement of the Warren and
Brandeis definition in that it eliminates
poten
tial confusion with the
right
to
liberty.
It does
this
by focusing
on
privacy
of
personal
informa
tion.
Privacy
is conceived of as a
right
of an indi
vidual to determine to what
extent,
if at
all,
information about him or herself will be revealed
to others
(McCloskey, 1980).
In this
respect
privacy
is almost akin to a
property right.
It is
do be dealt with as the owner wishes and no
other individual has a
right
to
exploit
or
appro
priate
it
(McCloskey, 1980).
An individual is free
to be
extremely
conservative or cavalier with
respect publicizing
or
allowing
access to their
personal
information.
A variation of this
concept
of
privacy
is the
right
to control access to the realm of the
individual. It is a variant on the above in that
it
recognizes
the
private sphere
does not
solely
include factual information. It includes elements
of
individuality (i.e., private motivations)
that
may
not be recordable or
quantifiable
but are
capable
of observation. Such information is
also considered
private
and individuals should
be able to control access to it
(McCloskey,
1980).
Upon
initial
examination,
the idea of
personal
control
may
seem an enviable
concept
as it
places
control of information with the individual. It is
a cohesive fit with western liberal-democratic
ideals of individualism and choice and finds
favour from that
perspective.
It is
not, however,
without criticism. As noted
by McCloskey,
people may
consent to
significant
invasions or
losses of
privacy
if
they place
low
personal
value
on
the
right,
or
have
simply
become
apathetic
due to the continual assault on the
sanctity
of
their
personal
affairs
(McCloskey, 1980).
It has
also been noted that this
approach effectively
equates privacy
with control when such a
linkage
is not
appropriate.
There could well be a loss of
privacy
in the free disclosure of
very personal
information without
any
individual loss in
control
(Boatright, 2000).
iii.
Privacy
as the
right
to withhold certain
facts
from public knowledge
The final notion of
privacy
to be discussed here
is the
concept
of
privacy
that is
premised
on the
notion that there is a
definable
private sphere
and
that a
person
is in a state of
privacy
when
information within this
sphere
is unknown to
others
(Boatright, 2000).
Parent defines this
private
realm
as,
"the condition of not
having
undocumented
personal knowledge
about one
possessed by
others"
(Boatright,
2000, p. 68).9
Undocumented
personal knowledge
is conceived
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
248 Darren Charters
of as
personal
information that is not
part
of the
public
record and that most individuals in a
society
at a
given
time would not want
widely
known
(Boatright, 2000).
This
approach implies
that this
private sphere
should
generally
remain
so
notwithstanding
an individual's casual will
ingness
to surrender it. Also
implicit
in this
approach
to
privacy
is the
recognition
that there
is,
at
any given point
in
time,
some
general
com
munity
consensus as to
personal
information
individuals would
prefer
not be available for
public consumption.
The
foregoing
definition
attempts
to refine the
preceding concept
of
privacy by focusing
on
what information
is,
or should
be,
included in
the
private sphere.
If a
sphere
of
private
infor
mation based on a
general community
consensus
could be ascertained then
most,
if not
all,
actions
that intrude on this
sphere
would be a
violation
of the
right
to
privacy.
This
concept
also has
application
to the electronic
monitoring
debate
in the sense that if Internet
activity
were deter
mined to be in the
private
realm,
there would
be few situations in which electronic
monitoring
could be
ethically justified.
However,
as with the other theories of
privacy,
there are difficulties with this definition.
First,
even within a
single
cultural
community people
have
very
different
understandings
of what is or
is not
private
which makes the likelihood of
ascertaining
a
general
consensus elusive.
Second,
external factors
continually impact
the
ability
to
invade
privacy
and as a result the
concept
is
necessarily
fluid. For
example,
It is foreseeable
that
many
activities that were
formerly public
in
nature
(i.e., shopping purchases etc.)
will become
increasingly private
as
technology gives
individ
uals the
ability
to
carry
out such activities in
relative
privacy.
The
countervailing
trend is that
even this
activity
is
increasingly capable
of
being
monitored. If it is
acknowledged
that the
sphere
of what is
private
is
fluid,
and can be
expanded
or
contracted,
than
delineating
a
private sphere
is a venture
fraught
with
significant difficulty.
Ethical
principles underlying
the
right
to
privacy
As with
most,
if not
all,
moral and
legal rights
there is an ethical basis
underpinning
the
right.
The
right
to
privacy
is no
exception.
It is built
on both Utilitarian and Kantian foundations:
i. Utilitarian
foundation
The Utilitarian basis for
acknowledging
a
right
to
privacy
is two-fold
(Boatright, 2000).
First,
there is the concern that the invasion of
privacy
can result in
significant
actual harm to individ
uals. To evaluate whether a
practice
is ethical in
Utilitarian
terms,
the harm realized is measured
against
the benefit
flowing
from the
activity.
The
ethical evaluation is based on the collective
benefits and collective harm
resulting
to
society,
although
each is
experienced
at the individual
level. If the overall harm exceeds the overall
benefit then the
practice
is deemed to be
unethical.
In the context of electronic
marketing
the
potential
harm results from the fact that the
orga
nization
developing
user
profiles
can accumulate
potentially
sensitive information about a
user,
based on his or her Internet activities.10 For
example,
a
gay
individual
may
have elected
not to
publicly
disclose his
or her sexual orien
tation.
However,
the same individual
may,
with
presumed anonymity,
visit websites with
gay
content or
participate
as
part
of a
gay
Internet
community.
A
company
that is able to electron
ically
monitor the individual's
computer
use
could
potentially gain
intimate
knowledge
of the
individual's situation as a result of the Internet
sites the individual visited. The
organization
developing
the
profile may
intend to use such
information
solely
for the
purpose
of
advertising,
however it is not difficult to see the
potential
harm to the individual's
practical
interests if such
information came into the hands of another
party.
Another
example
is
potentially
sensitive
medical condition that
might
be accessed
by
employers doing pre-hiring
checks or insurers
contemplating
the issuance of a
policy.11
Profile
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing
249
information
generated by
electronic
monitoring
has the
potential
to be used
against
the individ
uals in a manner that harms their
personal prac
tical interests.
Opponents
of electronic
marketing frequently
dwell on
potential
harm but little mention is
made of an
actual
weighing
of harms
against
benefits. The
balancing
in the electronic moni
toring
context involves
weighing potential
serious harm to a limited number of
people
against
the
marginal
benefit,
such as increased
convenience and
knowledge
of consumer
products,
which
might
flow to
many people
from
such
activity.
If the total harm exceeds the total
benefit the invasion of
privacy through
electronic
monitoring
cannot be considered ethical.
However,
if it can be claimed that benefits
exceed harm the foundation exists for
an
ethical
invasion of
privacy.
The second utilitarian basis for
acknowledging
a
right
to
privacy
is based on a wider
concept
of harm. As stated
succinctly by Boatright,
"a
certain amount of
privacy
is
necessary
for the
enjoyment
of some
activities,
so that invasions
of
privacy change
the character of our
experi
ences and
deprive
us of the
opportunity
for
gaining pleasure
from them"
(Boatright,
2000,
p. 169).
The "harm"
resulting
from the loss of
the
ability
to
gain
maximum
pleasure
is
presumed
to exceed
any benefit,
such as increased conve
nience in the electronic
monitoring
context,
such
activity might
have. A similar
argument
is
that invasions of
privacy
harm the
development
and maintenance of
personal identity,
and that
such harm exceeds all benefits
(Boatright, 2000).
There has been little reference to either of the
above
arguments
made
by privacy
advocates in
the electronic
monitoring
debate.
ii. Kantian
foundation
The
right
to
privacy
can also be
supported
on
the basis of Kant's second
categorical imperative.
It
provides
that individuals should act in a
manner that treats other individuals as an end and
never as a means
only (Boatright, 2000).
This
imperative captures
the themes that
people
should be
respected
and treated as autonomous
individuals
capable
of rational choice. To
quote
Stanley
Benn:
Covert observation
-
spying
-
is
objectionable
because it
deliberately
deceives a
person
about his
world,
thwarting
...
his
attempts
to make a
rational choice. One cannot be said to
respect
a
man ...
if one
knowingly
and
deliberately
alters
his conditions of
action,
concealing
the fact from
him
(Boatright,
2000, p. 170).12
Arguments against
electronic
monitoring
that are
premised
on Kantianism base their
position
on
the
argument
that electronic
monitoring
violates
the
principle
of
respect
for individuals and
pro
hibits them from
acting
as autonomous
beings
capable
of rational choice.
To
date,
there has been little
public opposition
expressed against
electronic
monitoring
on the
foregoing
basis.
However,
this is not
surprising.
In terms of
generating public support against
electronic
monitoring,
concerns over
potential
harm will have a
greater mobilizing
influence
than a more
esoteric,
albeit
relevant,
ethical
theory
such as Kantianism. The fact that Kantian
theories
supporting
a
right
to
privacy
have not
been
part
of
popular
debate makes them no
less a
valid basis on which to base an
objection
to,
or
alternatively support for,
electronic
monitoring.
Privacy
and ethical theories
applied
i. Electronic
monitoring
and
privacy
Reduced to its
simplest
form,
electronic moni
toring
as it is
currently practiced
amounts to
unauthorized observance.
Many
individuals
using
the Internet have no
knowledge
of when their
online
activity
is
being
monitored for the
purpose
of
developing
an
advertising profile.
When
discussing concepts
of
privacy
theorists
have sometimes resorted to the
analogy
of one
individual
watching
another individual in a
shower without the
showering
individual's
knowledge
or consent
(McCloskey, 1980).
Such
action is almost
always
considered an
unethical
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
250 Darren Charters
invasion of
privacy.
The
foregoing analogy gen
erally applies
to the context of electronic mon
itoring.
The fundamental
similarity
is that
Internet users can be observed without knowl
edge
or
express
consent. That
said,
personal
reaction to such observance
by
users has
ranged
from
significant
concern to
complete
disinterest.
Although many people
consider their bodies to
be a
very private aspect
of
themselves,
they may
feel less so about Internet activities that are
capable
of
being
observed
electronically.
Accordingly,
this
may
account for the relative
indifference of some users.
When the
previously
discussed
concepts
of
privacy
are
considered,
one would conclude that
electronic
monitoring
without consent consti
tutes an invasion of
privacy.
Electronic moni
toring
violates the
right
to
privacy
if it is
conceived of as the
right
to be left
alone,
or the
right
to control access to one's
personal
infor
mation. There is a
possible argument
that there
is no violation of the
right
to withhold certain
facts from
public knowledge.
It
might
be
argued
that if current user
apathy
about electronic mon
itoring
is
substantial,
most users have little
concern over
whether their
activity
is
widely
known. As
such,
electronic
monitoring
does not
meet the threshold test that most members of
society
consider it to be information that should
not be
widely
known. However this
argument
can
just
as
easily
be made the
opposite way.
As
such,
even
considering
the various understand
ings
attached to the
concept
of
privacy
it is dif
ficult to
argue
that electronic
monitoring
does
not violate the
privacy right.
ii Electronic
monitoring
and ethical
foundations
The
interesting
fact is that electronic
monitoring
still occurs
notwithstanding
that it amounts to
an invasion of
privacy.
The
justification
for,
and
tolerance
of,
electronic
monitoring
rests in
the minor differences that exist with the
shower
analogy.
With electronic
monitoring
the
observed information
may
be
electronically
collected,
organized,
and distilled before another
individual views it. It is even
possible
that
another individual will never view such infor
mation and that
any
advertising
that is tailored to
an Internet user will be done
completely by
elec
tronic
intelligent agents.
The
possibility
of harm
is minimized still further once Internet adver
tising companies
such
as
DoubleClick make addi
tional efforts to ensure user
profiles
remain
anonymous.
From a Kantian
perspective
the minimization
of harm is
relatively meaningless
in terms of
ethically justifying
the
activity.
If electronic
monitoring
is carried out in such a
way
that it
fundamentally respected
the
autonomy
of
individuals then it is
ethically permissible
on a
Kantian basis even with isolated incidents of
harm. It is still
ethically permissible
in instances
of
significant
harm
provided
the
principle
of
individual
autonomy
is
respected. Using
Benn's
quote
above as the
analytical
tool,
it is evident
that the
guarantee
that
profiles
will not be
matched
against
other
identifying
information is
meaningless
in terms of
making
the
practice
of
electronic
monitoring
ethical from a Kantian
perspective.
Most users still had no
knowledge
of
the situation and DoubleClick and other com
panies
could
not,
from an ethical
perspective,
be
judged
to be
treating
users as individuals
capable
of rational choice.
However,
the minimization of harm is funda
mental to
justifying
electronic
monitoring
on a
Utilitarian basis. As noted above the
right
to
privacy
is a
relatively
weak
right. Accordingly,
it
is
open
to
being
subverted based on an
appeal
to Utilitarianism. Utilitarian based
arguments
would allow electronic
monitoring regardless
of
its
design provided
the harms do not exceed its
benefits to
society
as a whole. On this
basis,
the
argument
is that
any
serious albeit intermittent
harm that comes to individuals
(i.e.,
the
example
of the user and the medical
condition)
is more
than offset
by
the benefits that accrue to the
public. Advertising promotes
economic effi
ciency,
and
advertising
that can be tailored
directly
to
individuals,
only
serves to further
promote
economic
efficiency
and
thus, gener
ally
benefits the
public.
Further,
by initiating
the
blind
profile
Internet advertisers could claim
that the
potential
for harm was
significantly
min
imized.
Proponents
of electronic
monitoring
could then claim the invasion of
privacy
was
eth
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing
251
ically justified.
In
reality,
it was
only justifiable
based on one ethical
perspective,
Utilitarianism.
Further,
in Doubleclick's
situation,
had it
pro
ceeded with its intention to link user
profiles
with identified individuals it would have under
mined the
very
ethical foundation that
justified
its electronic
monitoring practice.
DoubleClick^
response
to
opposition
It is
apparent
from the
foregoing
discussion
that
linking
user data to
personally
identifiable
information could result in a
formerly
ethical
invasion of
privacy becoming
unethical.
DoubleClick
responded
to the
privacy
concerns
in a
variety
of
ways
after
aborting
its
plan.
DoubleClick also initiated a
significant
media
campaign
to
explain
how users could
opt-out
of
DoubleClick's service. DoubleClick had an
operable opt-out
service for over three
years pre
ceding
the most recent
controversy
but had not
promoted
it
extensively.
The
opt-out
mechanism
requires
a user to visit a site and download
a
cookie. This cookie serves as notice to
DoubleClick that
they
are not to download
any
cookies on the user's
computer.
DoubleClick
would be free to download a cookie onto a
hardrive as
long
as the
"opt-out
cookie" is not
present.
In
theory,
it could be
argued
that this
gives
autonomous individuals a choice with
respect
to
electronic
monitoring
and thus
provides
a
Kantian
justification
for the
activity.
However,
this
option
is little known and is
likely
to
remain so
notwithstanding advertising
efforts.
Accordingly
it is difficult to claim that this
truly
gives
control to users and
respects
their individual
autonomy.
A Chief
Privacy
Officer
(CPO)
was also hired
along
a
Privacy Advisory
Board Chair to act as
a consumer ombudsman. Overall the
response
was indicative of a
company
that
developed
a
greater sensitivity
to
privacy
issues
(perhaps
for
commercial
reasons)
but that had not
developed
a
deeper understanding
of the ethical issues at
stake. That
is,
the actions do not
suggest
that
they
have
analyzed
and understood the ethical issues
and tried to
develop
a
principled response.
To
give
DoubleClick some benefit of the
doubt,
it
may
be that the
new CPO and
privacy advisory
board chair will infuse the
organization
with a
deeper understanding
of the ethical issues at stake
and
develop ethically
based
approaches
to
dealing
with such issues. Doubleclick's share
price
largely
recovered after the
implementation
of the
foregoing
measures
suggesting
that even if the
response
was
ethically unsatisfactory
in the short
term,
at least the market
was satisfied with
Doubleclick's immediate
response.
As noted above DoubleClick indicated it
would not
engage
in such
activity
until such time
as
industry
wide
privacy
standards were devel
oped.
This was relevant in that DoubleClick
could still
justify
its electronic
monitoring
on a
Utilitarian basis. That
said,
they probably
lost
some
degree
of
public
trust on the issue.
DoubleClick has been
directly
involved in the
development
of the Interactive
Advertising
Bureau's
(IAB) recently developed Privacy
Guidelines. The
Privacy
Guidelines are intended
to form the foundation of a
self-regulatory
regime
with
respect
to
personally
identifiable
information
gathered by
electronic means on the
Internet.
Unfortunately, regarding
the use of
cookies in electronic
monitoring,
the
guidelines
state
only
that IAB member
organizations
should
notify
users,
through privacy policies,
of such
technologies
in use and
provide
users the
ability
to disable such cookies or other information
gathering system.
This
represents
no
change
from
the current situation and for the reasons outlined
above,
does not
provide
a
proper
foundation
for the ethical use of cookies in electronic
monitoring.
The
Privacy
Guidelines have also
proposed
measures that allow individuals to
place
limits on
the use of
personally
identifiable information
that an
organization may possess.
Once
again,
it is
premised
on an
opt-out
format. That
is,
organizations
are
generally
free to collect and
use
personally
identifiable information in the
first instance
subject
to an individual
informing
an
organization
of limits to be
placed
on use of
such information. It is an
ingenious approach
that
appears
to
place
control of
personally
identifiable information in the hands in individ
uals
that,
realistically, requires
minimal
change
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
252 Darren Charters
in the current
practices
of
organizations
that
use electronic
monitoring
to
gather
such infor
mation.
Further,
the
Privacy
Guidelines have a funda
mental
problem
in that their
only
real value is as
a tool of moral suasion.
Although
the
Privacy
Guidelines
encourage
Internet businesses to
adopt
the
practices
established
therein,
there is
no mechanism whatsoever for
disciplining
busi
nesses who elect to
ignore
them. For all the effort
put
into the
exercise,
the
Privacy
Guidelines
amount to
nothing
more than best
practice sug
gestions
for Internet marketers with
respect
to
privacy
issues.
If DoubleClick
respects
the initial basis on
which it
proceeded
with electronic
monitoring,
it can claim to have an ethical basis for such
conduct.
However,
considering
Doubleclick's
willingness
to discontinue the
previously protec
tive
practice
one has to wonder how
vigilant
DoubleClick,
or
other
companies,
will be about
supporting
the
privacy
of Internet users in a
highly competitively
market. Since DoubleClick
maintains
profiles
for their own business
benefit,
it is not
possible
to claim that
they
stand in a
position
of trust with
respect
to
managing
such
information.
However,
their
position
is
ethically
more sensitive than
they appeared
to
originally
comprehend.
Based on
this,
there is cause to
argue
that it is no
longer
sufficient to continue
to
permit
electronic
monitoring
in its current
state. This is buttressed
by
the inherent weakness
of
relying
on a
self-regulatory regime
that effec
tively
has no
sanctioning authority
or
disciplinary
power.
The
alternative,
and it is not a
mutually
exclu
sive
option,
would be move to a
permission
based form of electronic
monitoring.
This
option
will be discussed below. The
practice
of elec
tronic
monitoring
would still be
ethically justi
fiable in such circumstance.
However,
it is
apparent
that Doubleclick's current
opt-out
practice
is not the
platform
on
which such
per
mission based electronic
marketing
should be
premised.
This is due to the fact that users have
extremely
limited
knowledge
of it
and,
more
fundamentally,
it
places
the onus on the user to
take active
steps
to
prevent
electronic moni
toring.
The same
argument applies
with
respect
to the ethical
suitability
of
building
such
capa
bilities into Internet browser software.
An alternative ethical
justification
If one
accepts
that
privacy
is the
right
to control
access to information about one's self then the
solution to electronic
monitoring
is
apparent.
The choice about whether or not to be moni
tored in the first instance should be made
by
the individual user. In
fact,
in the wake of the
DoubleClick
experience many
commentators
and
privacy
advocates have taken the
position
that
express
consent
by
a user should be a
regulatory precondition
to
downloading
cookies
that enable electronic
monitoring.13 Placing
the
power
to control electronic
monitoring
with
users is
ethically justifiable
on a Kantian basis.
First,
giving
users a choice to be monitored
gives
individuals
autonomy
and
appears
to
respect
their
capabilities
of rational choice.
However,
it
could be
argued
in a wider sense that Internet
advertisers are still
utilizing
individuals as a
means to
profit
and that this violates Kant's
second
categorical imperative.
However,
if an
individual
knowingly
and
rationally
elects to
permit
such
monitoring
this must
undermine,
at
least to a minimum
degree,
such
an
argument.
Accordingly, any
electronic
monitoring
that
occurs with
express
rational
permission
can be
claimed to be ethical on a Kantian basis. This
is a
significant step,
because it
provides
an alter
native basis for
ethically justifying
electronic
monitoring.
A
corollary
to the
foregoing
discussion is that
while electronic
monitoring
is most
frequently
opposed
on the basis of
potential
harm,
which
is a Utilitarian
concern,
the
permission-based
approach
in no
way guarantees
an outcome that
will make the
practice ethically justifiable
on a
Utilitarian basis. In other
words,
the solution
being proposed by many
commentators is at
ethical odds to the
frequency
stated concern of
potential significant
harm. If
everyone freely
elects to
permit
electronic
monitoring
the
poten
tial for harm is no
different than it was
prior
to
such a
practice.
For
example,
it is not difficult
to
imagine
that information based
on website
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
Electronic
Monitoring
and
Privacy
Issues in
Business-Marketing
253
usage,
if in the hands of certain
groups,
could
be used to make decisions about individuals that
cause harm. The
only
difference is that now users
have
voluntarily accepted
the risk. It should also
be
recognized
however,
that
providing
choice to
users
necessarily
undermines the
concept
that
there is a
private sphere
that should
generally
be
respected irrespective
of individual
opinion.
As
such,
it is a fundamental
rejection
of one
concept
of the
right
to
privacy.
Even if the
foregoing
is
accepted
it has little
application
to the
profiles
that have been
gener
ated to date. In fact there will
likely
be continual
pressure
to
exploit
the
marketing advantages
that
such databases
provide.
Further,
there
appears
to
be limited
willingness
for
companies
to
zealously
regulate
themselves at an
individual
or even an
industry-wide
level. In this
respect
there is a
regulatory
role for
governments
to
play.
There
is a
possibility
that individual harm will result
from such database consolidation. In
addition,
regulations
should be
developed
which aim to
provide
at least minimal individual
privacy pro
tection with
respect
to such database
manage
ment and/or consolidation. It is
apparent
that this
represents
as much a threat to individual
privacy
as
electronic
monitoring
in the first instance.
Conclusion
The
reality
of the
present
situation is that
DoubleClick has no intention of
discontinuing
an
activity
that
provides
its
competitive
advan
tage.
However,
it should not want to
jeopardize
itself
by apparently engaging
in conduct that
amounts to an unethical invasion of
privacy.
DoubleClick
allayed
initial concerns
by ensuring
that all
profiles
maintained individual
anonymity.
By
this action DoubleClick could claim that its
electronic
marketing
was in fact an ethical
invasion of
privacy.
However,
DoubleClick
would have undercut its ethical
position by using
their databases to link user data with
personal
identification information.
The DoubleClick
experience
indicates that
businesses
ignore
ethical issues at their
peril.
While the
general public may
not be sensitive
to all the nuances of ethical issues it is fair to
say
that
people
understand the
concepts
of
potential
harm and freedom to choose. Electronic moni
toring
is an invasion of
privacy
that has
poten
tial for harm.
Companies
must be able to
justify
the
practice
from an ethical
perspective
whether
its
through taking
measures on behalf of users to
minimize harm or
placing
the choice to assume
the risk of harm with users themselves.
Providing
guarantees
with
respect
to individual
anonymity
accomplished
this. It
gave companies
an ethical
basis on which to
engage
in electronic moni
toring
on a covert basis.
Unfortunately,
casual
regard
for the sensitive
caretaker
position occupied by
such
companies
has
given
critics
reason to
support
a form of elec
tronic
monitoring premised solely
on
voluntary
acquiescence.
It is not
surprising
to believe that
such an
approach
would
yield
less fruitful results
for Internet marketers. It is an outcome that
industry participants
are
attempting
to avoid
through
the establishment of a
self-regulatory
regime.
However,
Mr. O'Connor's comments at
the outset of the
paper along
with current self
regulatory
initiatives
provide
little reason for the
public
to maintain its faith in the current
pater
nalistic environment. There is
every
reason to
believe,
both
practically
and
ethically,
that
gov
ernment
regulators
should
place
control of elec
tronic
monitoring directly
and
completely
in the
hands of
computer
users.
Notes
1
McQueen, R.,
"How To Get Ahead in
Advertising",
National
Post,
March
1, 2000, p.
Dl.
Mr. O'Connor's
quote,
wherein he commented on
the failure of DoubleClick's
proposed
initiative,
was
taken from a
newspaper
article that examined the
issue.
2
The facts of the abandoned DoubleClick initiative
provided
herein are
publicly
available and were
gathered
from
multiple published
news sources.
3
Mr. O'Connor
provided
the
insight
in the same
newspaper
article from which the initial
quote
was
taken.
4
For a recent
paper
on electronic
monitoring
in
the
employment
context see
Alder,
G.
S.,
"Ethical
Issues in Electronic Performance
Monitoring:
A
Consideration of
Deontological
and
Teleological
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions
254 Darren Charters
Perspectives", Journal of
Business Ethics
17(7), May
1998, pp.
729-743.
5
Information
regarding
Internet cookies is also
publicly
available from a wide
variety
of Internet
resources. The U.S.
Department
of
Energy Computer
Incident
Advisory Capability
has
published
a
bulletin
on the
topic
"1-034: Internet Cookies". It is avail
able at
http://ciac.llnl.gov/ciac/bulletins/i-034.shtm.
6
Green, H.,
"Privacy
Online: The FTC Must Act
Now",
Business
Week,
November
29, 1999, p.
48.
7
Telecommunications
companies
have the techno
logical capacity
to
develop personally
identifiable
user
profiles
based on the
phone
activities of customers.
Such
profiles
also have commercial value from a
business
marketing perspective.
8
A
good example
of the subversion of the
right
of
privacy
in favor of a
strong right
is the U.S.
West,
Inc.
v. FCC case. The FCC
attempted
to
impose regula
tory
restrictions on the
ability
of U.S. telecommuni
cation
companies
to
use, disclose,
or allow access to
customer
proprietary
network information
(CPNI).
U.S. West mounted a successful
legal challenge against
the
regulatory obligations imposed by
the FCC. The
Tenth Circuit held
that,
absent
any
clear evidence of
harm to an individual's
right
of
privacy through
the
use of
CPNI,
the
right
of commercial
speech pos
sessed
by corporate
entities should be
paramount.
9
Reproduced
from
Parent,
"Privacy Morality
and
the
Law",
Philosophy
and Public
Affairs
12
(1983),
p.
269.
10
Julie
Tuan in "US.
West,
Inc. v.
FCC",
Berkeley
Technology
Law
Journal
15
(2000), p.
353 discusses
similar issues of
privacy
in her criticism of the Tenth
Circuit's decision.
11
The Interactive
Advertising
Bureau
(IAB)
has
attempted
to address the
collection, use,
and redistri
bution of sensitive information in its
Privacy
Guidelines.
However,
the
guidelines
on this
point
are
poorly
drafted
containing
both
permissive
and manda
tory language. Ultimately,
the
guidelines
suffer from
even more fundamental flaws that are discussed herein.
12
Reproduced
from
Benn, S.,
"Privacy,
Freedom,
and
Respect
For
Persons",
in Pennock and
Chapman,
eds.,
Privacy, pp.
10-11.
13
Such a
position
was taken
by
Heather Green in
the
commentary "Privacy
Online: The FTC Must
Act Now" wherein she discussed her concerns about
the DoubleClick
proposal prior
to the statements of
the Electronic
Privacy
Information Center.
References
Alder,
G. S.:
1998,
'Ethical Issues in Electronic
Performance
Monitoring:
A Consideration of
Deontological
and
Teleological Perspectives',
Journal of
Business Ethics
17(7) (May),
729-743.
Boatright,
M.:
2000,
'Privacy',
Ethics and the Conduct
of
Business,
3rd ed.
(Prentice-Hall,
Saddle River
New
Jersey), pp.
159-183.
Culver, C,
J.
Moor,
W.
Duerfeldt,
M.
Kapp
and
M. Sullivan:
1994,
'Privacy', Professional
Ethics
3(3
&
4),
3-25.
Green,
H.:
1999,
'Privacy
Online
-
The FTC Must
Act
Now',
Business
Week,
No. 3657
(Nov. 29),
48.
Introna,
L. and A. Pouloudi:
1999,
'Privacy
in the
Information
Age: Stakeholders,
Interests and
Values',
The
Journal of
Business Ethics
22(1),
27-38.
McCloskey,
H.:
1980,
'Privacy
and the
Right
to
Privacy', Philosophy 55(211),
17-38.
Tuan,
J.:
2000,
'U.S.
West,
Inc. v.
FCC,
Berkeley
Technology
Law
Journal
15,
353.
'1-034: Internet Cookies.' U.S.
Department of Energy
Computer
Incident
Advisory Capability.
1998.
<http://ciac.llnl.gov/ciac/bulletins/i-034.shtm>
(March 1,
2000).
'IAB
Privacy
Guidelines.' Internet
Advertising
Bureau. 2000.
<http//www.iab.net/privacy guide
lines/htm>
(August
7,
2000).
University of
Waterloo School
of Accountancy,
200
University
Avenue
West,
Waterloo, Ontario,
N2L
3G1,
Hagey Hall,
Room
155,
Canada
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PM
All use subject to JSTOR Terms and Conditions