It's not about cookies; it's about service

Monday, December 14, 2009  

In July, the Office of Science and Technology Policy invited comments from the public and interested parties on proposed new guidelines for the use of Web analytics and cookies on federal government Web sites. That somewhat routine request for comments on a proposed policy revision rapidly morphed into a miniature version of the current health care reform debate. By that, I mean facts and reasoned debate were quickly overtaken by fear, fiction and arguments. To paraphrase David Byrne of Talking Heads: "How did we get here?”

Two key issues are at the heart of the debate: privacy and trust. The key concerns with respect to privacy appear to be that Web analytics tools — tracking technologies — will be used to actively monitor individual visitors and that cookies will be used to enable cross-site tracking and lead to the creation of detailed visitor profiles, thus compromising users’ privacy. Those concerns can be readily addressed by adopting guidelines that require analysis of data in the aggregate — i.e., groups of users, not individual users — and restricting or barring the sharing of Web analytics data, other than in aggregate form, beyond the site from which it is collected.

The federal government should be able to unambiguously ensure the privacy of people who visit its Web sites and ensure that any data gathered from Web analytics will be used only for the purposes of measuring performance and improving the user experience.

That brings us to the trickier issue of trust. Many comments on the Office of Science and Technology Policy’s blog and subsequently in the Washington Post and New York Times talk-back sections showed a misunderstanding of what Web analytics and cookies are and a deep distrust of the motives and intents of government employees in using analytics data.

Not even the strongest privacy policies, bans of cookies or total restriction on the use of Web analytics will assuage the fears of those individuals. However, the majority of visitors are probably willing to grant the government the benefit of the doubt when it comes to online measurement.

For those visitors, it is possible to build trust by clearly establishing guidelines around transparency, accountability and recourse. The guidelines should ensure that agencies transparently disclose what information they collect and for what purpose, provide clear lines of accountability for enforcement of guidelines, and identify avenues for recourse should a user feel his or her privacy has been compromised.

There is no reason why visits to federal Web sites shouldn’t be every bit as engaging, compelling and innovative as the experience often found on Web sites run by the private and nonprofit sectors. But that won’t happen unless the government updates and upgrades the policies regarding measuring the performance of its Web sites.

In the end, people have a right to expect that government Web site managers are using the best measurement tools available to ensure that their tax dollars are being spent as efficiently and effectively as possible. The goals of better performance measurement and sound privacy protection should not be mutually exclusive.

About the Author
Alex Langshur is president of PublicInsite, which offers Web performance measurement software and services, and president of the Web Analytics Association.

Comments...

Matthias Bettag says...
Posted Monday, January 24, 2011
Sorry, the format was destroyed after sending the comment. Hope you can read what I wanted to highlight as a quote.
Matthias Bettag says...
Posted Monday, January 24, 2011
Hi Alex, I fully agree on your post. And I also believe that the key is trust (which I believe can be achieved pretty well with an improved transparency). However, from a European perspective I'd like to add a comment on your statement: > "The key concerns with respect to privacy appear to be that Web analytics tools — tracking technologies — will be used to actively > monitor individual visitors and that cookies will be used to enable cross-site tracking and lead to the creation of detailed visitor profiles, > thus compromising users’ privacy." The problem in Europe is that an IP is considered to be PII. We all know that it needs a timestamp with it AND the ISP to decode an IP address to get a person's name and address. And this can only be triggered by an authority e.g. through an investigation. Anyway, the legal problem is not solved by telling that WA is working on groups instead single individuals (unless a user has actively made an opt-in). best, Matthias