Every single move you make online can, and often is, tracked by online marketers and advertising networks that gather and use the information for serving up targeted advertisements.
But the average American consumer is largely unaware that such tracking goes on, the extent to which it is happening or how exactly information is being used.
That's according to a new poll released this week by the Samuelson Clinic at the University of California, Berkeley, and the Annenberg Public Policy Center at the University of Pennsylvania. The survey of nearly 1,200 California adults studied consumer perceptions about online privacy and common advertising practices.
The survey results come as the US Federal Trade Commission (FTC) is holding a two-day meeting to address consumer protection issues raised by the online tracking of consumer activities for targeted advertising.
"Consumers still think that [online] privacy policies are representing that the Web site will not sell or use data in specific ways," said Chris Hoofnagle, one of the authors of the report and a senior staff attorney at the Berkeley Center for Law and Technology. But "there is a disconnect between the business practices and consumer expectations."
Most consumers treat online privacy notices like the 'UL' labels on physical products, he said. "People think privacy notices mean certain default protections. Consumers don't understand that privacy policies are just notices. They don't guarantee any rights."
Still, when survey respondents were offered a clear explanation of an online advertising model, about 85 percent rejected the idea that a site they value and trust should be allowed to serve up click stream advertisements based on data from their visits to various other sites.
Compounding user ignorance is the fact that many companies say they respect a user's choice not to be tracked, yet still find ways of circumventing that commitment, Hoofnagle said. For instance, some Web sites that promise not to allow third-party tracking cookies to be installed on a user's system do so anyway in a roundabout fashion via so-called first-party sub-domain cookies, he said. Similarly, some companies install flash cookies to uniquely track users across sites, he said.