While privacy controls in browsers are improving, industry could be much more innovative than it has been to date in developing state management mechanisms that make privacy controls easier to use. Meanwhile, the government should be creating policies to encourage this innovation, rather than railroading the issue with an inflexible mandate (i.e., the current policy) or eliminating the government-wide policy altogether (a possible alternative).
There are a couple of other areas where more study may be needed:
1) There are a growing number of cases where information about an individual may not be directly personally identifiable, but where the individual has a privacy interest based on the use of the information. IDs of all kinds (including those used in state management mechanisms) and location information are two prominent examples. Today, there are few privacy rules in government to cover these kinds of information.
2) There are clearly some instances where federal Web sites could be greatly improved through the use of monitoring aggregate and individual usage for diagnostic and analytical use. The feasibility of conducting such analysis in a privacy-protective manner deserves further exploration.
A study panel should consider what the appropriate policy guidelines should be for these situations. This panel should assess how policies specific to federal Web sites can allow beneficial uses of cookies and other state management mechanisms while protecting privacy, taking the differences between the types of data commonly collected online into account.
We’d like to thank the Sunlight Labs Team for allowing us to bounce these ideas off of them. Let us know what you think.
