Privacy advocates, however, say that the companies developing the Platform for Privacy Preferences (P3P), including Microsoft, are also profiting from tracking and collecting information about Web users.

Fresh off lobbying the U.S. Congress to let Internet and technology companies handle consumer protection, Microsoft says its new Explorer browser gives consumers choices on "cookies," or the electronic file records of a user's preferences and personal data .

However, critics -- even those who have actually applauded the cookie control feature on Microsoft's new browser set for release this summer -- argue that both corporate self-regulation and legal privacy protections as currently proposed remain grossly inadequate.

Industry Lax

Electronic Privacy Information Center (EPIC) staff attorney Chris Hoofnagle told NewsFactor Network that industry self-regulation has failed to hinder "online profiling that is expanding and unregulated, with millions and millions of messages in spam and repeat security lapses at corporations with sensitive, personal information."

Hoofnagle said that the companies behind the development of P3P -- including Microsoft, AOL, IBM, DoubleClick, Citigroup and the Direct Marketers Association -- are the same ones "that are interested in profiling."

P3P is an industry code that tells the browser whether a site uses cookies, what kind of personal or other information the cookies contain, and which companies, such as Web sites or Internet service providers, allow the planting of cookies.

"These companies have opposed meaningful privacy legislation and some of their practices have resulted in privacy violations themselves," Hoofnagle said. "Why did it take this company with such marketing power and resources to produce this?"

Default Disclosure

While Microsoft touts the new Internet Explorer as a tool for consumers to choose what information they give out and who gets it, privacy advocates argue the software's default setting keeps the cookie jar open.

"On the default setting, DoubleClick cookies would still be planted and used," Hoofnagle said. "One can adjust the settings manually to get heightened protection and the cookie management is good, but from a privacy point of view, privacy should be a right, not a preference."

Microsoft's privacy tools screen the privacy policies of Web sites and allow users to accept or reject cookies based on those practices. Microsoft says the "privacy thermostat" should be the standard for the industry, calling the default setting a reasonable middle line.

Weak Laws

Privacy proponents such as Hoofnagle contend not only that corporate privacy protections are too weak, but also that legislation being considered in the U.S. Congress is inadequate.

While a number of privacy and spam bills are progressing through the U.S. House and Senate, none require an opt-in condition for the collection of personal information and tracking, as well as spam. Opt-in refers to an Internet user's approval of cookies or spam, rather than an opt-out option, which requires the user to request that the cookies and spam be blocked.

"Most of these bills are not very strong," Hoofnagle said of current legislation. "Most are opt-out."