Should we let the inmates run the asylum?

I’ve just spent a few days in Seattle with Microsoft, finding among other things that the company seems to own half of the city. I was originally going to refer to the software giant’s campus as a bona fide suburb in its own right, but it might be more true to refer to Seattle as a suburb of Microsoft.

Sorry if that offends any Seattleans (Seattlatians? Seattlivites?), but since you almost certainly either work for or directly supply Microsoft, you probably don’t mind too much.

The other thing I learned, besides quite how much the company enjoys PowerPoint presentations, is that it is heavily involved in helping the US government to define IT-related legislation.

At the moment it’s engaged in providing advice on what sort of privacy legislation should be enacted to define the rules around online advertising. This is a hot topic right now, with VP of the EC (which sounds like a hip hop duo to me) Neelie Kroes recently asking EU members to agree privacy standards on this side of the pond.

In her announcement she referenced standards created by two advertising bodies, the EASA and IAB Europe.

Involving industry in defining legislation is a good thing, from certain perspectives. No one is better placed to understand the issues, and above all what constitutes a realistic and workable approach to regulation, than the organisations whose bread and butter the issues are.

On the other hand, companies aren’t often renowned for their altruism or eagerness to be limited by red tape.

If they’re keen to get involved in regulation, it’s surely only to pre-empt any governmental ruling with something that assuages official concerns while not significantly hampering their chief goal: the accumulation of money.

Industry doesn’t really care about your privacy, but it does want to avoid negative publicity and ICO fines. (Having said that, the ICO hands out fines so rarely that you sometimes have to wonder how seriously the watchdog takes its remit.)

The online advertising industry doesn’t really want to implement Kroes’ ideas, which involve allowing users to opt-out of browser tracking and cookies. But if it thinks it can avoid the severest rules by choosing some slightly weaker ones itself, well that’s just good sense. Perhaps they could allow a check-box to turn off browser tracking, but instead rely on browser fingerprinting, where the configuration of browser settings, add-ons and plug-ins basically allow the same thing.

Fortunately Kroes seems wise to this, but there could be something else, some other technology out there which she doesn’t know about. And can we rely on industry to be open about all its tricks?

I would suggest not.