Date post: | 20-Jul-2016 |
Category: |
Documents |
Upload: | mabelle901 |
View: | 228 times |
Download: | 0 times |
Electronic Monitoring and Privacy Issues in Business-Marketing: The Ethics of theDoubleClick ExperienceAuthor(s): Darren ChartersSource: Journal of Business Ethics, Vol. 35, No. 4 (Feb., 2002), pp. 243-254Published by: SpringerStable URL: http://www.jstor.org/stable/25074677 .
Accessed: 06/08/2014 22:41
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at .http://www.jstor.org/page/info/about/policies/terms.jsp
.JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range ofcontent in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new formsof scholarship. For more information about JSTOR, please contact [email protected].
.
Springer is collaborating with JSTOR to digitize, preserve and extend access to Journal of Business Ethics.
http://www.jstor.org
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing:
The Ethics of the DoubleClick
Experience Darren Charters
ABSTRACT. The paper examines the ethics of
electronic monitoring for advertising purposes and
the implications for Internet user privacy using as a
backdrop DoubleClick Inc's recent controversy over
matching previously anonymous user profiles with
personally identifiable information. It explores various
ethical theories that are applicable to understand
privacy issues in electronic monitoring. It is argued that, despite the fact that electronic monitoring always constitutes an invasion of privacy, it can still be
ethically justified on both Utilitarian and Kantian
grounds. From a Utilitarian perspective the emphasis must be on minimizing potential harms. From a
Kantian perspective the emphasis must be on giving users
complete information so that they can make
informed decisions as to whether they are willing to
be monitored. Considering the Internet advertising
industry's current actions, computer users and gov
ernment regulators would be well advised, both prac
tically and ethically, to move to a user control model
in electronic monitoring.
KEY WORDS: business marketing, computer ethics,
cookies, electronic monitoring, privacy
Darren Charters is a Lecturer in business law in the School
of Accountancy, University of Waterloo. He is a member
of the Law Society of Upper Canada and holds degrees in arts and law, as well as a graduate degree in business
administration. He has also practiced as a
corporate/
commercial lawyer.
If we wouldVe known we wouldn't have done it.
We moved into a grey area where there's a tremen
dous amount of confusion and that's not good.
We're a very innovative company and sometimes
you get ahead. We made a mistake.1
Mr. Kevin O'Connor
CEO DoubleClick Inc.
Introduction
Businesses have long been aware of the value
of targeted advertising. DoubleClick Inc.
(DoubleClick) is an advertising company that
operates in the Internet banner and pop-up
advertising business space. The ability to contin
ually tailor Internet advertising to the interests of
a user is an advance on previous advertising mediums and represents an opportunity to
develop a competitive advantage in the industry. Once trends are detected in a user's Internet
activity advertising can be customized to the
user's revealed interests.
A company such as DoubleClick sits between
the advertiser and the end user and acts as a facil
itator between companies who want to adver
tise to specific types of users and users who may be interested in receiving such advertising. End
users arguably benefit as they obtain the advan
tages of customized advertising content while the
receipt of unwanted advertising is minimized.
Until November 1999, DoubleClick had always tracked user activity by attaching user histories
to anonymous user identifications.2 Accordingly, while user activity could be tracked the actual
identity of the user was unknown. However, the
W Journal of Business Ethics 35: 243-254, 2002.
? 2002 Kluwer Academic Publishers. Printed in the Netherlands.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
244 Darren Charters
ability to further refine data profiles was made
possible through a series of acquisitions of other
companies and their proprietary databases.
In November 1999 DoubleClick announced
an amendment to its existing practice. DoubleClick intended to match anonymous
existing data with specific user names, personal
information, and e-mail addresses. There was no
initial public response to the proposed activity.
However, in February 2000 the Electronic
Privacy Information Center, a privacy advocate,
publicly stated that the linkage of such informa
tion might have negative implications for users.
The negative public response after the statement
was immediate and forceful. DoubleClick was
forced to back away from the proposed activity. Doubleclick's CEO offered the comment
preceding the introduction in response to
DoubleClick's failed proposal. Mr. O'Connor's statement suggests that
DoubleClick did nothing wrong from an ethical
perspective. Rather, if DoubleClick was guilty of
anything, it was just of being too far ahead in
anticipating customer tolerance for such activity.
Reflecting on the aborted initiative, Mr.
O'Connor indicated that DoubleClick would not
combine personally identifiable information with
anonymous user activity profiles until such time
as industry-wide privacy standards exist.3 Once
again, however, there was no suggestion that
DoubleClick will not engage in such activity,
only that it would wait until some standards are
developed before doing so.
This paper will discuss electronic monitoring from an ethical perspective. The discussion will
deal generally with ethical issues involved in
electronic monitoring for business-marketing
purposes, and the DoubleClick experience
specifically. The analysis will begin with a brief
overview of the basic technology that has per mitted the development of such monitoring and
move into a discussion of three general concepts of privacy relevant to electronic monitoring. The
paper will continue with an examination of the
two primary ethical foundations, Utilitarianism
and Kantianism, which underpin the various
privacy concepts. Once completed, the various
privacy principles and ethical foundations will be
discussed in the specific context of electronic
monitoring. The paper will conclude with an
ethical evaluation of Doubleclick's response to
the situation in which it found itself and a sug
gested alternative approach for ethically justifying electronic monitoring.
It will be argued that electronic monitoring is almost always an invasion of the right to
privacy regardless of how the right to privacy is
conceived. However, it can still be ethically
justified on a Utilitarian basis provided its
benefits exceed realizable harm. In fact, elec
tronic monitoring was ethically justified on a
utilitarian basis in Doubleclick's initial situation
because of how it was conceived and imple mented. There was increased convenience and
measures were taken to minimize potential harm.
However, privacy advocates should have been
aware from the outset that companies would have
difficulty resisting the opportunity to exploit
potential gains made possible by attaching generic user profiles to identifiable individuals. If
DoubleClick had implemented its proposal it
would have completely undermined its ethical
justification for engaging in electronic marketing since the potential for harm to individuals would
have increased substantially. It will also be argued that there is another
ethical justification for electronic monitoring
and, considering Doubleclick's recent conduct, it may be the most appropriate foundation upon
which to build future electronic monitoring activities. If Internet advertisers gave users the
option of permitting or rejecting electronic mon
itoring they could ethically justify the invasion
of privacy on a Kantian basis. Although this
may not be a favourable option from a business
perspective, it is an option that companies who engage in electronic monitoring for mar
keting purposes may have to contemplate. Mr.
O'Connor's comments do not provide faith that
Internet advertisers will exercise utmost diligence on behalf of users in protecting their privacy. Since companies appear to have limited incen
tive to properly regulate themselves at an indi
vidual or industry-wide level governments will
also need to take a more active role in regulating database amalgamation and forcing companies to
give individuals greater control over electronic
monitoring.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing 245
The following discussion will focus solely on
electronic monitoring in the business-marketing context. Electronic monitoring is also a relevant
issue in the business employment context.4
However, the nature of the employer-employee
relationship creates different issues in workplace electronic monitoring including the harm poten
tially caused to individual and organizational
morale, and the impact that the express contrac
tual right to conduct such activity may or may not have on the ethics of the issue. Accordingly this paper will not attempt to discuss the ethical
issues surrounding workplace electronic moni
toring. When the term electronic monitoring is
used throughout the remainder of the paper it
will refer only to electronic monitoring primarily for business-marketing purposes. To understand
how electronic monitoring is made possible on
the Internet one needs to understand "cookies",
which are the basic enabling technology.
Cookies and electronic monitoring
i. Cookie technology
Cookies are small data structures used by websites
or servers to store and retrieve information on
the user's side of the Internet connection.5 They are sent by a host website or server and reside in
the user's computer. A cookie allows websites and
servers to "remember" information about specific users. Cookies are a relatively recent phenom enon and were created with very early editions
of Internet browsers. In the brief period fol
lowing the introduction of cookies but prior to
the development of the Internet as a medium
for commerce the primary use for cookies was as
a tool of convenience. For example, cookies
could be used to store password codes so that a
user would not have to re-type a password when
re-entering a site. The intent behind cookies was
not to create a tool for gathering knowledge about users but to benefit users through increased
convenience. More recently this user conve
nience has also manifested itself in ability to
create customized content through personalized news service subscriptions and other services.
As business has developed on the Internet
cookies have been adapted for business purposes
including "shopping carts" for carrying elec
tronic purchases and tracking website activity. By
downloading a cookie, servers hosting a website
have the power to track and record information
such as the previous website from which the user
arrived, all web pages the user visits while on the
given site, and finally the website address to
which the user departs. This information is mul
tiplied in power if the user can be successfully
prompted to provide personal information and
data while at the site. The knowledge can then
be tied to a specific individual. This power has
been taken one step further by Internet mar
keters, who developed the ability to monitor and
profile user activity across thousands of sites.6 In
addition the ability to tie such history to a
specific individual has been achieved, not just
through the voluntary action of users, but also
through industry wide database consolidation.
ii. Browser capabilities
Practically speaking, most Internet users would
have no knowledge as to when their Internet
activity is being electronically monitored. The
normal practice is to download cookies onto a
user's hard drive without notice to the user. In
this respect there is no choice given to the user,
and the downloading and subsequent monitoring is involuntary from the user's perspective.
However, it must be acknowledged that software
already exists that can give users complete power with respect to what cookies, if any, are allowed
to be stored on a computer. More recent Internet
browser versions have given users the ability to
control cookies. Users can elect to prohibit all
cookie downloads or, alternatively, be notified of, and have the right to accept or reject, any
attempted cookie downloads by a server. Based
on this it might be asserted that user s cannot take
the position that there is an ethical issue created
by, or an invasion of privacy resulting from, elec
tronic monitoring when it is within their power to completely prohibit or selectively control the
activity. On a theoretical level this argument may have
some merit, but it fails for three practical reasons.
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
246 Darren Charters
First, Internet users may still be utilizing browser
software that does not contain such cookie
control options. Second, even if all users had such
browser software, it is a distinct possibility that
many users would still be unaware of the capa
bility such software contained. Many computer and Internet users regularly utilize, and only have
limited knowledge of, a minimal amount of a
software program's capabilities. Third, and most
important, the technology that enables electronic
monitoring is constantly evolving. Soon after technology was developed that gave
control of cookies to users, marketers seized on
new technologies, such as web "bugs", that can
evade user detection thus allowing continued sur
veillance. The ongoing tension between user and
marketer control in the development of surveil
lance technology ensures that the ethics of elec
tronic monitoring will be a relevant issue for the
foreseeable future. Further, while the technolog ical means to monitor electronically may differ
the same ethical issues are poised to play them
selves out, or are already emerging in other
spheres of business activity. For example the same
issues are already developing in the field of
telecommunications.7 In addition, the same issues
will likely surface in the context of location based
wireless Internet advertising, thus providing addi
tional incentive to develop a greater under
standing of the ethical principles involved in the
current Internet advertising debate.
Privacy
As a concept, the notion of privacy is grounded in individual rights. Most theorists agree that
privacy is a bona fide concept that is fundamen
tally important to human experience but there
is no unanimous agreement on what that concept means or exactly what it encompasses. This is
important because it essentially means that
privacy has developed as a weaker right. Strong
rights tend to have clear definitions and often
remain inviolable notwithstanding any other
ethical appeals to limit them. The protection of
the right to free speech by American courts is
one such example. Since the right to privacy is
a weak right it has not provided the quality of
individual protection that other rights might
provide.8 As a result, it is possible to justify an
invasion of the right to privacy on another ethical
basis. In effect, what results is an ethical invasion
of privacy. With respect to defining a right of privacy
some theories focus on the existence and delin
eation of a private sphere. Other privacy theories
concentrate on actions or conduct that, if carried
out, will result in a violation of privacy. No one
concept of privacy has been delineated that
suitably applies to every situation. The concept has been expanded and extrapolated over time
with the result that a number of acceptable
concepts of privacy now exist. The privacy issues
raised by electronic monitoring are not ground
breaking in that existing concepts of privacy ade
quately capture the current concerns surrounding electronic monitoring. The following discussion
on privacy definitions relies primarily on the
distillation of the various privacy concepts by
Boatright and McCloskey with the three general
conceptual approaches being those delineated by
Boatright.
i. Privacy as a right to be left alone
The initial concept of privacy established by Warren and Brandeis involves the right to be left
alone. The foundation of the definition is that
other people, groups, and entities should not act
in a way that intrudes on an individual's seclu
sion or solitude (McCloskey, 1980). It was this
concept of privacy that was initially established
as a legal right. However, the expansive nature
of the definition caused difficulties in its appli cation.
The right to be left alone is a distinct concept from the right to liberty. However, the concept of liberty has been frequently confused with the
Warren and Brandeis concept of privacy. At its
basic level, the right to liberty constitutes the
right to be free from physical interference and
coercion (McCloskey, 1980). However, a loss of
liberty is not a prerequisite to, or a condition of, an invasion of privacy (Boatright, 2000). The
above distinction is evident in the electronic
monitoring debate. The power to observe an
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing 247
Internet user's activity in no way impairs the
ability of that individual to use the Internet in
any manner or way the person may elect.
However, the same power to observe an Internet
user's activity may well constitute an invasion of
privacy. Another weakness of the definition is that
people do not always have a basic right to be left
alone (Boatright, 2000). If one's actions are a
danger to him or herself or others there may be
reason to invade a person's privacy. Further, even
if imminent harm is not a concern, the state may still have cause to invade individual privacy. With
respect to the Internet, if individual conduct is
such that the state has an interest in it (i.e., the
storage and exchange of child pornography) the
state is entitled to invade individual privacy.
Accordingly, there should be limits to the Warren
and Brandeis definition and this is born out by the fact it has been continually refined by
jurisprudence. Without any limitations almost
no invasion of privacy could occur unless an
individual, organization or entity could provide a sufficient justification for doing so. The
threshold of justification would likely be very
high. As is evident from the foregoing it is prob lematic to define privacy solely as a right to be
left alone.
ii. Privacy as the right to control access to one's
personal information
There are a number of various privacy theories
that can, in their essence, be reduced to the right to control access to information about the self.
These more recent theories of the right to
privacy better address the distinction between
privacy and liberty (Boatright, 2000). The basic
theory represents a refinement of the Warren and
Brandeis definition in that it eliminates poten tial confusion with the right to liberty. It does
this by focusing on privacy of personal informa
tion. Privacy is conceived of as a right of an indi
vidual to determine to what extent, if at all, information about him or herself will be revealed
to others (McCloskey, 1980). In this respect
privacy is almost akin to a property right. It is
do be dealt with as the owner wishes and no
other individual has a right to exploit or appro
priate it (McCloskey, 1980). An individual is free
to be extremely conservative or cavalier with
respect publicizing or allowing access to their
personal information.
A variation of this concept of privacy is the
right to control access to the realm of the
individual. It is a variant on the above in that
it recognizes the private sphere does not solely include factual information. It includes elements
of individuality (i.e., private motivations) that
may not be recordable or quantifiable but are
capable of observation. Such information is
also considered private and individuals should
be able to control access to it (McCloskey,
1980). Upon initial examination, the idea of personal
control may seem an enviable concept as it places control of information with the individual. It is
a cohesive fit with western liberal-democratic
ideals of individualism and choice and finds
favour from that perspective. It is not, however, without criticism. As noted by McCloskey,
people may consent to significant invasions or
losses of privacy if they place low personal value
on the right, or have simply become apathetic due to the continual assault on the sanctity of
their personal affairs (McCloskey, 1980). It has
also been noted that this approach effectively
equates privacy with control when such a linkage is not appropriate. There could well be a loss of
privacy in the free disclosure of very personal information without any individual loss in
control (Boatright, 2000).
iii. Privacy as the right to withhold certain facts
from public knowledge
The final notion of privacy to be discussed here
is the concept of privacy that is premised on the
notion that there is a definable private sphere and
that a person is in a state of privacy when
information within this sphere is unknown to
others (Boatright, 2000). Parent defines this
private realm as, "the condition of not having undocumented personal knowledge about one
possessed by others" (Boatright, 2000, p. 68).9 Undocumented personal knowledge is conceived
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
248 Darren Charters
of as personal information that is not part of the
public record and that most individuals in a
society at a given time would not want widely known (Boatright, 2000). This approach implies that this private sphere should generally remain
so notwithstanding an individual's casual will
ingness to surrender it. Also implicit in this
approach to privacy is the recognition that there
is, at any given point in time, some general com
munity consensus as to personal information
individuals would prefer not be available for
public consumption. The foregoing definition attempts to refine the
preceding concept of privacy by focusing on
what information is, or should be, included in
the private sphere. If a sphere of private infor
mation based on a general community consensus
could be ascertained then most, if not all, actions
that intrude on this sphere would be a violation
of the right to privacy. This concept also has
application to the electronic monitoring debate
in the sense that if Internet activity were deter
mined to be in the private realm, there would
be few situations in which electronic monitoring could be ethically justified.
However, as with the other theories of privacy, there are difficulties with this definition. First, even within a single cultural community people have very different understandings of what is or
is not private which makes the likelihood of
ascertaining a general consensus elusive. Second, external factors continually impact the ability to
invade privacy and as a result the concept is
necessarily fluid. For example, It is foreseeable
that many activities that were formerly public in
nature (i.e., shopping purchases etc.) will become
increasingly private as technology gives individ
uals the ability to carry out such activities in
relative privacy. The countervailing trend is that
even this activity is increasingly capable of being monitored. If it is acknowledged that the sphere of what is private is fluid, and can be expanded or contracted, than delineating a private sphere is a venture fraught with significant difficulty.
Ethical principles underlying the right to
privacy
As with most, if not all, moral and legal rights there is an ethical basis underpinning the right.
The right to privacy is no exception. It is built
on both Utilitarian and Kantian foundations:
i. Utilitarian foundation
The Utilitarian basis for acknowledging a right to privacy is two-fold (Boatright, 2000). First, there is the concern that the invasion of privacy can result in significant actual harm to individ
uals. To evaluate whether a practice is ethical in
Utilitarian terms, the harm realized is measured
against the benefit flowing from the activity. The
ethical evaluation is based on the collective
benefits and collective harm resulting to society,
although each is experienced at the individual
level. If the overall harm exceeds the overall
benefit then the practice is deemed to be
unethical.
In the context of electronic marketing the
potential harm results from the fact that the orga nization developing user profiles can accumulate
potentially sensitive information about a user,
based on his or her Internet activities.10 For
example, a gay individual may have elected
not to publicly disclose his or her sexual orien
tation. However, the same individual may, with
presumed anonymity, visit websites with gay content or participate as part of a gay Internet
community. A company that is able to electron
ically monitor the individual's computer use
could potentially gain intimate knowledge of the
individual's situation as a result of the Internet
sites the individual visited. The organization
developing the profile may intend to use such
information solely for the purpose of advertising, however it is not difficult to see the potential harm to the individual's practical interests if such
information came into the hands of another
party. Another example is potentially sensitive
medical condition that might be accessed by
employers doing pre-hiring checks or insurers
contemplating the issuance of a policy.11 Profile
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing 249
information generated by electronic monitoring has the potential to be used against the individ
uals in a manner that harms their personal prac tical interests.
Opponents of electronic marketing frequently dwell on potential harm but little mention is
made of an actual weighing of harms against benefits. The balancing in the electronic moni
toring context involves weighing potential serious harm to a limited number of people
against the marginal benefit, such as increased
convenience and knowledge of consumer
products, which might flow to many people from
such activity. If the total harm exceeds the total
benefit the invasion of privacy through electronic
monitoring cannot be considered ethical.
However, if it can be claimed that benefits
exceed harm the foundation exists for an ethical
invasion of privacy. The second utilitarian basis for acknowledging
a right to privacy is based on a wider concept of harm. As stated succinctly by Boatright, "a
certain amount of privacy is necessary for the
enjoyment of some activities, so that invasions
of privacy change the character of our experi ences and deprive us of the opportunity for
gaining pleasure from them" (Boatright, 2000,
p. 169). The "harm" resulting from the loss of
the ability to gain maximum pleasure is presumed to exceed any benefit, such as increased conve
nience in the electronic monitoring context,
such activity might have. A similar argument is
that invasions of privacy harm the development and maintenance of personal identity, and that
such harm exceeds all benefits (Boatright, 2000). There has been little reference to either of the
above arguments made by privacy advocates in
the electronic monitoring debate.
ii. Kantian foundation
The right to privacy can also be supported on
the basis of Kant's second categorical imperative. It provides that individuals should act in a
manner that treats other individuals as an end and
never as a means only (Boatright, 2000). This
imperative captures the themes that people
should be respected and treated as autonomous
individuals capable of rational choice. To quote
Stanley Benn:
Covert observation -
spying -
is objectionable
because it deliberately deceives a person about his
world, thwarting ... his attempts to make a
rational choice. One cannot be said to respect a
man ... if one knowingly and deliberately alters
his conditions of action, concealing the fact from
him (Boatright, 2000, p. 170).12
Arguments against electronic monitoring that are
premised on Kantianism base their position on
the argument that electronic monitoring violates
the principle of respect for individuals and pro hibits them from acting as autonomous beings
capable of rational choice.
To date, there has been little public opposition
expressed against electronic monitoring on the
foregoing basis. However, this is not surprising. In terms of generating public support against electronic monitoring, concerns over potential harm will have a greater mobilizing influence
than a more esoteric, albeit relevant, ethical
theory such as Kantianism. The fact that Kantian
theories supporting a right to privacy have not
been part of popular debate makes them no
less a valid basis on which to base an objection to, or alternatively support for, electronic
monitoring.
Privacy and ethical theories applied
i. Electronic monitoring and privacy
Reduced to its simplest form, electronic moni
toring as it is currently practiced amounts to
unauthorized observance. Many individuals using the Internet have no knowledge of when their
online activity is being monitored for the
purpose of developing an advertising profile. When discussing concepts of privacy theorists
have sometimes resorted to the analogy of one
individual watching another individual in a
shower without the showering individual's
knowledge or consent (McCloskey, 1980). Such
action is almost always considered an unethical
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
250 Darren Charters
invasion of privacy. The foregoing analogy gen
erally applies to the context of electronic mon
itoring. The fundamental similarity is that
Internet users can be observed without knowl
edge or express consent. That said, personal reaction to such observance by users has ranged from significant concern to complete disinterest.
Although many people consider their bodies to
be a very private aspect of themselves, they may feel less so about Internet activities that are
capable of being observed electronically.
Accordingly, this may account for the relative
indifference of some users.
When the previously discussed concepts of
privacy are considered, one would conclude that
electronic monitoring without consent consti
tutes an invasion of privacy. Electronic moni
toring violates the right to privacy if it is
conceived of as the right to be left alone, or the
right to control access to one's personal infor
mation. There is a possible argument that there
is no violation of the right to withhold certain
facts from public knowledge. It might be argued that if current user apathy about electronic mon
itoring is substantial, most users have little
concern over whether their activity is widely known. As such, electronic monitoring does not
meet the threshold test that most members of
society consider it to be information that should
not be widely known. However this argument can just as easily be made the opposite way. As
such, even considering the various understand
ings attached to the concept of privacy it is dif
ficult to argue that electronic monitoring does
not violate the privacy right.
ii Electronic monitoring and ethical foundations
The interesting fact is that electronic monitoring still occurs notwithstanding that it amounts to
an invasion of privacy. The justification for, and
tolerance of, electronic monitoring rests in
the minor differences that exist with the
shower analogy. With electronic monitoring the
observed information may be electronically
collected, organized, and distilled before another
individual views it. It is even possible that
another individual will never view such infor
mation and that any advertising that is tailored to
an Internet user will be done completely by elec
tronic intelligent agents. The possibility of harm
is minimized still further once Internet adver
tising companies such as DoubleClick make addi
tional efforts to ensure user profiles remain
anonymous.
From a Kantian perspective the minimization
of harm is relatively meaningless in terms of
ethically justifying the activity. If electronic
monitoring is carried out in such a way that it
fundamentally respected the autonomy of
individuals then it is ethically permissible on a
Kantian basis even with isolated incidents of
harm. It is still ethically permissible in instances
of significant harm provided the principle of
individual autonomy is respected. Using Benn's
quote above as the analytical tool, it is evident
that the guarantee that profiles will not be
matched against other identifying information is
meaningless in terms of making the practice of
electronic monitoring ethical from a Kantian
perspective. Most users still had no knowledge of
the situation and DoubleClick and other com
panies could not, from an ethical perspective, be
judged to be treating users as individuals capable of rational choice.
However, the minimization of harm is funda
mental to justifying electronic monitoring on a
Utilitarian basis. As noted above the right to
privacy is a relatively weak right. Accordingly, it
is open to being subverted based on an appeal to Utilitarianism. Utilitarian based arguments
would allow electronic monitoring regardless of
its design provided the harms do not exceed its
benefits to society as a whole. On this basis, the
argument is that any serious albeit intermittent
harm that comes to individuals (i.e., the example of the user and the medical condition) is more
than offset by the benefits that accrue to the
public. Advertising promotes economic effi
ciency, and advertising that can be tailored
directly to individuals, only serves to further
promote economic efficiency and thus, gener
ally benefits the public. Further, by initiating the
blind profile Internet advertisers could claim
that the potential for harm was significantly min
imized. Proponents of electronic monitoring could then claim the invasion of privacy was eth
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing 251
ically justified. In reality, it was only justifiable based on one ethical perspective, Utilitarianism.
Further, in Doubleclick's situation, had it pro ceeded with its intention to link user profiles
with identified individuals it would have under
mined the very ethical foundation that justified its electronic monitoring practice.
DoubleClick^ response to opposition
It is apparent from the foregoing discussion
that linking user data to personally identifiable
information could result in a formerly ethical
invasion of privacy becoming unethical.
DoubleClick responded to the privacy concerns
in a variety of ways after aborting its plan. DoubleClick also initiated a significant media
campaign to explain how users could opt-out of
DoubleClick's service. DoubleClick had an
operable opt-out service for over three years pre
ceding the most recent controversy but had not
promoted it extensively. The opt-out mechanism
requires a user to visit a site and download a
cookie. This cookie serves as notice to
DoubleClick that they are not to download any cookies on the user's computer. DoubleClick
would be free to download a cookie onto a
hardrive as long as the "opt-out cookie" is not
present.
In theory, it could be argued that this gives autonomous individuals a choice with respect to
electronic monitoring and thus provides a
Kantian justification for the activity. However, this option is little known and is likely to
remain so notwithstanding advertising efforts.
Accordingly it is difficult to claim that this truly
gives control to users and respects their individual
autonomy.
A Chief Privacy Officer (CPO) was also hired
along a Privacy Advisory Board Chair to act as
a consumer ombudsman. Overall the response was indicative of a company that developed a
greater sensitivity to privacy issues (perhaps for
commercial reasons) but that had not developed a deeper understanding of the ethical issues at
stake. That is, the actions do not suggest that they have analyzed and understood the ethical issues
and tried to develop a principled response. To
give DoubleClick some benefit of the doubt, it
may be that the new CPO and privacy advisory board chair will infuse the organization with a
deeper understanding of the ethical issues at stake
and develop ethically based approaches to dealing with such issues. Doubleclick's share price
largely recovered after the implementation of the
foregoing measures suggesting that even if the
response was ethically unsatisfactory in the short
term, at least the market was satisfied with
Doubleclick's immediate response. As noted above DoubleClick indicated it
would not engage in such activity until such time
as industry wide privacy standards were devel
oped. This was relevant in that DoubleClick
could still justify its electronic monitoring on a
Utilitarian basis. That said, they probably lost
some degree of public trust on the issue.
DoubleClick has been directly involved in the
development of the Interactive Advertising Bureau's (IAB) recently developed Privacy Guidelines. The Privacy Guidelines are intended
to form the foundation of a self-regulatory
regime with respect to personally identifiable
information gathered by electronic means on the
Internet. Unfortunately, regarding the use of
cookies in electronic monitoring, the guidelines state only that IAB member organizations should
notify users, through privacy policies, of such
technologies in use and provide users the ability to disable such cookies or other information
gathering system. This represents no change from
the current situation and for the reasons outlined
above, does not provide a proper foundation
for the ethical use of cookies in electronic
monitoring. The Privacy Guidelines have also proposed
measures that allow individuals to place limits on
the use of personally identifiable information
that an organization may possess. Once again, it is premised on an opt-out format. That is,
organizations are generally free to collect and
use personally identifiable information in the
first instance subject to an individual informing an organization of limits to be placed on use of
such information. It is an ingenious approach that appears to place control of personally identifiable information in the hands in individ
uals that, realistically, requires minimal change
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
252 Darren Charters
in the current practices of organizations that
use electronic monitoring to gather such infor
mation.
Further, the Privacy Guidelines have a funda
mental problem in that their only real value is as
a tool of moral suasion. Although the Privacy Guidelines encourage Internet businesses to
adopt the practices established therein, there is
no mechanism whatsoever for disciplining busi
nesses who elect to ignore them. For all the effort
put into the exercise, the Privacy Guidelines
amount to nothing more than best practice sug
gestions for Internet marketers with respect to
privacy issues.
If DoubleClick respects the initial basis on
which it proceeded with electronic monitoring, it can claim to have an ethical basis for such
conduct. However, considering Doubleclick's
willingness to discontinue the previously protec tive practice one has to wonder how vigilant
DoubleClick, or other companies, will be about
supporting the privacy of Internet users in a
highly competitively market. Since DoubleClick
maintains profiles for their own business benefit, it is not possible to claim that they stand in a
position of trust with respect to managing such
information. However, their position is ethically more sensitive than they appeared to originally
comprehend. Based on this, there is cause to
argue that it is no longer sufficient to continue
to permit electronic monitoring in its current
state. This is buttressed by the inherent weakness
of relying on a self-regulatory regime that effec
tively has no sanctioning authority or disciplinary
power.
The alternative, and it is not a mutually exclu
sive option, would be move to a permission based form of electronic monitoring. This option
will be discussed below. The practice of elec
tronic monitoring would still be ethically justi fiable in such circumstance. However, it is
apparent that Doubleclick's current opt-out
practice is not the platform on which such per mission based electronic marketing should be
premised. This is due to the fact that users have
extremely limited knowledge of it and, more
fundamentally, it places the onus on the user to
take active steps to prevent electronic moni
toring. The same argument applies with respect
to the ethical suitability of building such capa bilities into Internet browser software.
An alternative ethical justification
If one accepts that privacy is the right to control
access to information about one's self then the
solution to electronic monitoring is apparent. The choice about whether or not to be moni
tored in the first instance should be made by the individual user. In fact, in the wake of the
DoubleClick experience many commentators
and privacy advocates have taken the position that express consent by a user should be a
regulatory precondition to downloading cookies
that enable electronic monitoring.13 Placing the
power to control electronic monitoring with
users is ethically justifiable on a Kantian basis.
First, giving users a choice to be monitored
gives individuals autonomy and appears to respect their capabilities of rational choice. However, it
could be argued in a wider sense that Internet
advertisers are still utilizing individuals as a
means to profit and that this violates Kant's
second categorical imperative. However, if an
individual knowingly and rationally elects to
permit such monitoring this must undermine, at
least to a minimum degree, such an argument.
Accordingly, any electronic monitoring that
occurs with express rational permission can be
claimed to be ethical on a Kantian basis. This
is a significant step, because it provides an alter
native basis for ethically justifying electronic
monitoring.
A corollary to the foregoing discussion is that
while electronic monitoring is most frequently
opposed on the basis of potential harm, which
is a Utilitarian concern, the permission-based
approach in no way guarantees an outcome that
will make the practice ethically justifiable on a
Utilitarian basis. In other words, the solution
being proposed by many commentators is at
ethical odds to the frequency stated concern of
potential significant harm. If everyone freely elects to permit electronic monitoring the poten tial for harm is no different than it was prior to
such a practice. For example, it is not difficult
to imagine that information based on website
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
Electronic Monitoring and Privacy Issues in Business-Marketing 253
usage, if in the hands of certain groups, could
be used to make decisions about individuals that
cause harm. The only difference is that now users
have voluntarily accepted the risk. It should also
be recognized however, that providing choice to
users necessarily undermines the concept that
there is a private sphere that should generally be
respected irrespective of individual opinion. As
such, it is a fundamental rejection of one concept of the right to privacy.
Even if the foregoing is accepted it has little
application to the profiles that have been gener ated to date. In fact there will likely be continual
pressure to exploit the marketing advantages that
such databases provide. Further, there appears to
be limited willingness for companies to zealously
regulate themselves at an individual or even an
industry-wide level. In this respect there is a
regulatory role for governments to play. There
is a possibility that individual harm will result
from such database consolidation. In addition,
regulations should be developed which aim to
provide at least minimal individual privacy pro tection with respect to such database manage
ment and/or consolidation. It is apparent that this
represents as much a threat to individual privacy as electronic monitoring in the first instance.
Conclusion
The reality of the present situation is that
DoubleClick has no intention of discontinuing an activity that provides its competitive advan
tage. However, it should not want to jeopardize itself by apparently engaging in conduct that
amounts to an unethical invasion of privacy. DoubleClick allayed initial concerns by ensuring that all profiles maintained individual anonymity.
By this action DoubleClick could claim that its
electronic marketing was in fact an ethical
invasion of privacy. However, DoubleClick
would have undercut its ethical position by using their databases to link user data with personal identification information.
The DoubleClick experience indicates that
businesses ignore ethical issues at their peril. While the general public may not be sensitive
to all the nuances of ethical issues it is fair to say
that people understand the concepts of potential harm and freedom to choose. Electronic moni
toring is an invasion of privacy that has poten tial for harm. Companies must be able to justify the practice from an ethical perspective whether
its through taking measures on behalf of users to
minimize harm or placing the choice to assume
the risk of harm with users themselves. Providing
guarantees with respect to individual anonymity
accomplished this. It gave companies an ethical
basis on which to engage in electronic moni
toring on a covert basis.
Unfortunately, casual regard for the sensitive
caretaker position occupied by such companies has given critics reason to support a form of elec
tronic monitoring premised solely on voluntary
acquiescence. It is not surprising to believe that
such an approach would yield less fruitful results
for Internet marketers. It is an outcome that
industry participants are attempting to avoid
through the establishment of a self-regulatory
regime. However, Mr. O'Connor's comments at
the outset of the paper along with current self
regulatory initiatives provide little reason for the
public to maintain its faith in the current pater nalistic environment. There is every reason to
believe, both practically and ethically, that gov ernment regulators should place control of elec
tronic monitoring directly and completely in the
hands of computer users.
Notes
1 McQueen, R., "How To Get Ahead in
Advertising", National Post, March 1, 2000, p. Dl.
Mr. O'Connor's quote, wherein he commented on
the failure of DoubleClick's proposed initiative, was
taken from a newspaper article that examined the
issue. 2
The facts of the abandoned DoubleClick initiative
provided herein are publicly available and were
gathered from multiple published news sources. 3
Mr. O'Connor provided the insight in the same
newspaper article from which the initial quote was
taken. 4
For a recent paper on electronic monitoring in
the employment context see Alder, G. S., "Ethical
Issues in Electronic Performance Monitoring: A
Consideration of Deontological and Teleological
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions
254 Darren Charters
Perspectives", Journal of Business Ethics 17(7), May 1998, pp. 729-743. 5
Information regarding Internet cookies is also
publicly available from a wide variety of Internet resources. The U.S. Department of Energy Computer
Incident Advisory Capability has published a bulletin on the topic "1-034: Internet Cookies". It is avail
able at http://ciac.llnl.gov/ciac/bulletins/i-034.shtm. 6 Green, H., "Privacy Online: The FTC Must Act
Now", Business Week, November 29, 1999, p. 48. 7
Telecommunications companies have the techno
logical capacity to develop personally identifiable user
profiles based on the phone activities of customers.
Such profiles also have commercial value from a
business marketing perspective. 8 A good example of the subversion of the right of
privacy in favor of a strong right is the U.S. West, Inc. v. FCC case. The FCC attempted to impose regula tory restrictions on the ability of U.S. telecommuni
cation companies to use, disclose, or allow access to
customer proprietary network information (CPNI). U.S. West mounted a successful legal challenge against
the regulatory obligations imposed by the FCC. The Tenth Circuit held that, absent any clear evidence of
harm to an individual's right of privacy through the use of CPNI, the right of commercial speech pos sessed by corporate entities should be paramount. 9
Reproduced from Parent, "Privacy Morality and the Law", Philosophy and Public Affairs 12 (1983),
p. 269. 10
Julie Tuan in "US. West, Inc. v. FCC", Berkeley
Technology Law Journal 15 (2000), p. 353 discusses similar issues of privacy in her criticism of the Tenth
Circuit's decision. 11
The Interactive Advertising Bureau (IAB) has
attempted to address the collection, use, and redistri
bution of sensitive information in its Privacy Guidelines. However, the guidelines on this point are
poorly drafted containing both permissive and manda
tory language. Ultimately, the guidelines suffer from even more fundamental flaws that are discussed herein. 12
Reproduced from Benn, S., "Privacy, Freedom,
and Respect For Persons", in Pennock and Chapman, eds., Privacy, pp. 10-11.
13 Such a position was taken by Heather Green in
the commentary "Privacy Online: The FTC Must Act Now" wherein she discussed her concerns about
the DoubleClick proposal prior to the statements of the Electronic Privacy Information Center.
References
Alder, G. S.: 1998, 'Ethical Issues in Electronic
Performance Monitoring: A Consideration of
Deontological and Teleological Perspectives', Journal of Business Ethics 17(7) (May), 729-743.
Boatright, M.: 2000, 'Privacy', Ethics and the Conduct
of Business, 3rd ed. (Prentice-Hall, Saddle River New Jersey), pp. 159-183.
Culver, C, J. Moor, W. Duerfeldt, M. Kapp and M. Sullivan: 1994, 'Privacy', Professional Ethics
3(3 & 4), 3-25.
Green, H.: 1999, 'Privacy Online - The FTC Must
Act Now', Business Week, No. 3657 (Nov. 29), 48.
Introna, L. and A. Pouloudi: 1999, 'Privacy in the
Information Age: Stakeholders, Interests and
Values', The Journal of Business Ethics 22(1), 27-38.
McCloskey, H.: 1980, 'Privacy and the Right to
Privacy', Philosophy 55(211), 17-38.
Tuan, J.: 2000, 'U.S. West, Inc. v. FCC, Berkeley
Technology Law Journal 15, 353.
'1-034: Internet Cookies.' U.S. Department of Energy Computer Incident Advisory Capability. 1998.
<http://ciac.llnl.gov/ciac/bulletins/i-034.shtm> (March 1, 2000).
'IAB Privacy Guidelines.' Internet Advertising Bureau. 2000. <http//www.iab.net/privacy guide lines/htm> (August 7, 2000).
University of Waterloo School of Accountancy, 200 University Avenue West,
Waterloo, Ontario, N2L 3G1,
Hagey Hall, Room 155, Canada
This content downloaded from 203.217.177.216 on Wed, 6 Aug 2014 22:41:05 PMAll use subject to JSTOR Terms and Conditions