Pay for Engagement Ad Model Raises Consumer Protection Issues

Let alone issues related to editorial independence.  Here’s an excerpt from the UK’s Marketing Week on what P&G is doing with the pay per engagement model (something we believe has privacy implications):

Brands are moving away from simple CPM deals and click-through rates. Indeed, back in September it emerged that Procter & Gamble was briefing media owners about a new payment model that would see publishers paid more for users that go beyond simply seeing the ads and sign up for newsletters, play games or watch videos, for example…It also means media owners having to work harder on the relationship between content and advertising… As publishers continue to struggle, the possibility of bringing significant brand money online is too compelling to argue about the conditions attached.

A Google Online Ad Goal: “engage advertising agencies and brand marketers in programs that move the needle for their companies”

That phrase is part of a Google job ad for a “Display Account Manager” focused on the auto industry  (based in Detroit).  Here’s an excerpt:

You will drive the online video marketplace forward and engage advertising agencies and brand marketers in programs that move the needle for their companies. The primary responsibility of the Display Account Manager is to drive new business revenue for YouTube and other Google display services and products with Fortune 1000 advertisers across multiple industries. You’ll manage business relationships to ensure that your clients’ needs and requirements are met. Additionally, you will be involved in the operational execution of your clients’ campaigns. This role is not for the faint of heart…Identify and execute on new business with new clients and upsell opportunities for existing clients and prospect within accounts and agencies to uncover leads, new contacts, and revenue.

Games Microsoft Plays: “consumer online behavior” tracked on its video gaming service [a “massive” invasion of privacy!]

Microsoft’s just announced a new consumer tracking and profiling tool for advertisers using its Massive video gaming platform service. Calling it a “breakthrough” in its press release, the new Microsoft/comScore research tool enables advertisers:

“… to see the direct impact that in-game advertisements have on consumer online behavior…, advertisers will get an inside look at the degree to which in-game ads motivate gamers to visit Web sites, conduct brand-related search queries and engage in other online actions, something that previously had gone unmeasured…Through this collaboration with comScore, we will also now be able to measure those consumer actions that result from in-game ads. We think this has the potential to literally ‘change the game’ for both advertisers and publishers who want to improve the effectiveness of their in-game ad efforts.”

AdEffx Action Lift for Gaming matches in-game console ad serving data from Massive with comScore’s third-party, post-campaign panel data to track and measure in-game advertising effectiveness. By combining Microsoft’s proprietary, non-personally identifying Anonymous ID data, which is common across Xbox LIVE and Microsoft Web properties (known as Windows Live ID), with user data from comScore’s panel of 2 million Internet users worldwide, comScore can determine if panelists who saw in-game advertising subsequently visited a brand’s Web site, searched brand-related terms or engaged in other online behaviors important to advertisers.”

Microsoft Advertising offers “Profile Targeting”

As we just told the BEUC conference on consumer protection and online marketing, we couldn’t make this up if we tried.  Here’s what Microsoft Advertising says it can do via its UK site for marketers:

Just say who, when and where

Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them. Just name the characteristics that matter most to you. It could be anything from the consumer’s age, gender or country, to the day of the week you want to target the audience on.

[and here’s what they say about behavioral retargeting, which they euphemistically now call “re-messaging“]”

With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay intouch and help create continual engagement with your brand.  Re-messaging is effective on its own, but works at its best whencombined with other forms of targeting and campaign performance. By placing action tags on your website, we can track visitors throughout the course of their online journey and re-message them on our network. For example the consumer may have previously searched for a hotel but not booked, compared credit cards but not applied, or visited a promotional website. Whatever it may be, if they’ve gone part way to making a purchase or performing an action, we can help you continue the conversation and ensure that the relevant message is seen by the people it matters most to.

Facebook’s latest ad targeting–“Friends of Connections Targeting” [so watch your privacy setttings!]

Facebook is expanding what brands and other marketers can do to target its users.  As InsideFacebook explains, “Facebook has just launched a new way to draw more people to your Facebook Page or application, called “Friends of connections” targeting. Here’s how it works: before today, advertisers could already target any of their “connections,” where connections are defined as:

  1. Fans of any of your Pages
  2. Users of any of your Applications
  3. Members of any of your Groups
  4. Attendees of any of your Events

Now, advertisers can target ads specifically to friends of any of these connections as well. When this option is selected, friends of connections who see the ad will also see a message about which of their friends is connected to the advertiser…This feature should lead to increased conversion on Facebook Ads…this is the first time it has allowed advertisers to specifically target just friends of connections…We also spoke directly to Tim Kendall, Facebook’s director of monetization…In many ways we view Social Ads as less surreptitious than many types of behavioral targeting technologies.”

CDD/USPIRG to FTC: Self-Reg is a Failure (and should be investigated for “unfair and deceptive” complaint!)

Here’s what we included in our recent filing at the FTC.

The Failure of Industry Self-regulation

It should be evident to all that self-regulation to protect consumer privacy online has been a dismal failure, and the FTC must have the courage to admit this. After all, it wasn’t until CDD/USPIRG and other consumer groups filed well-publicized complaints (and helped create a public outcry over the privacy implications of the Google/DoubleClick deal) that the FTC finally issued its privacy principles in 2007.[183] And it took such pressure to awaken the National Advertising Initiative (NAI) and its members from the deep freeze of inaction, belatedly scrambling to “enhance” their “Self-Regulatory Code of Conduct, a set of binding Principles that has governed members since 2001.”[184] Since its inception, the NAI had been asleep at the digital self-regulatory “switch.” Otherwise we would not have had the ever-growing personalized data collection, profiling, and targeting apparatus that NAI’s members so enthusiastically embraced. The NAI, it should not be forgotten, was only created to head off serious action by the FTC back in 2000 as a result of the growing concern with online profiling.[185]

The revised NAI principles reveal how the group remains incapable of ensuring the protection of consumer privacy. They also demonstrate how the NAI cannot be relied on to offer the FTC—or the public—independent and honest proposals that would protect consumers from contemporary online data collection practices. For example, its revised principles—sadly—define sensitive information is the narrowest of terms: “Social Security Numbers or other Government-issued identifiers; Insurance plan numbers; Financial account numbers; Information that describes the precise real-time geographic location of an individual derived through location-based services such as through GPS-enabled devices; Precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”[186]

The NAI and its members know full well that copious amounts of data relating to the financial and health status of consumers is currently being collected. Indeed expenditures for online financial marketing alone was $3 billion in 2008. The collection of consumer information resulting from online lead generation—which saw some $1.7 billion in spending last year—is deeply connected to data about a person’s interest in loans or credit.[187] A growing business in online pharmaceutical marketing is also actively harvesting consumer data, for purposes that include behavioral targeting. If the NAI were a serious independent entity capable of protecting consumers, it would have effectively articulated how sensitive information should be protected.

NAI’s narrow definition of personally identifiable information (PII) is out of touch with online marketing reality: “PII includes name, address, telephone number, email address, financial account number, government-issued identifier, and any other data used or intended to be used to identify, contact or precisely locate a person.”[188] We urge the commission to examine NAI members’ sites so it can view for itself the stark discrepancies between what is promised advertisers in terms of personalized consumer targeting and the NAI’s purposefully narrow and inaccurate definition of PII.

Finally, we find it absurd that all the NAI could do in serving the privacy interests of young people is to conform to the legal standards of the Children’s Online Privacy Protection Act. (COPPA is a law CDD’s executive director played a key leadership role in helping pass in 1998.) It is unfortunate that the NAI could not offer new safeguards for children, including policies to protect adolescent privacy.

Unfortunately, the “Self-Regulatory Principles for Online Behavioral Advertising,” released in July 2009 by the American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, and the Interactive Advertising Bureau, are equally inadequate.[189] While an improvement over the stance embraced by the IAB in 2008, when it claimed there were no privacy concerns related to behavioral advertising, the new principles cannot be relied on to protect consumers.[190] Its “Sensitive Data” principle in particular, much like the NAI’s, is so inadequate that the FTC should consider bringing an Unfair and Deceptive Complaint against its authors. There are only two categories of information listed under the sensitive principle: Children and “Health and Financial Data.” Under the latter, AAAA et al’s principle is simply that “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for Online Behavioral Advertising without Consent.”[191] Again, this flies in the face of what the members of these groups actually do when collecting health and financial data for online advertising. As for protecting children, the AAAA and its associates—like the NAI—simply endorse the legal framework already required by COPPA. But by failing to address adolescent privacy, the AAAA et al. reveal that they are really concerned only with maintaining the data collection/profiling/targeting status quo.

As the history of self-regulation of the media in the U.S. makes clear, we need strong baseline laws and regulations to ensure serious industry compliance. That’s why this new proceeding must lead to FTC action that will ensure that consumer privacy online is finally safeguarded.

Google+AdMob=Mobile Privacy Issues for the FTC. Questions should be raised about mobile targeting via “ethnicity”

The Federal Trade Commission should examine the privacy issues connected to the Google/AdMob deal.  As we informed the FTC yesterday, AdMob says it can target via “age, gender, HHI, ethnicity, education & context.”

The CDD/USPIRG complaint on mobile advertising provides useful analysis. Here’s an excerpt on its discussion about AdMob:

AdMob: “Mining All the Data We’ve Captured”
AdMob is a “mobile advertising network” seeking to “target mobile users and monetize mobile traffic.” There is inadequate notice and little opportunity to opt-out of this data- gathering. Few mobile users realize that their communications and actions are monitored and recorded in order to create intimate profiles for marketing purposes.
AdMob also targets the youth demographic. It segments “market audiences” into several categories, including a “Digital Natives” category, which include boys and girls as young as 13.  AdMob also focuses on social networking sites, claiming it “enables developers to monetize Facebook mobile applications by integrating AdMob’s industry-leading mobile publishing solutions into any Facebook mobile application. Developers building mobile web applications for the Facebook community using the Facebook Platform for Mobile can easily integrate the AdMob code to start serving ads….”

And AdMob is continually seeking to mine and monetize the data gathered on unsuspecting youths and other mobile users. AdMob’s CEO Omar Hamoui admitted, “We are investing a fair amount of development resources into mining all the data we’ve captured over the last 12 months of ad serving and targeting.”

AdMob gathers this data (and targets youths) without adequate notice to the consumer, making it difficult for a mobile user to weigh the costs and benefits and choose whether to opt out of this profiling. This constitutes unfair and deceptive practices, and the Federal Trade Commission should scrutinize these actions.

Bravo to Public Voice’s “Global Privacy Standards for a Global World” Madrid Declaration

Last week, NGO’s and activists from across the world met in Madrid Spain to discuss threats to privacy and human rights.  It was part of the Public Voice’s excellent work to ensure that civil society is well represented in the debates over privacy and other digital media issues.  Over 100 NGO’s, including my own CDD, were initial endorsers of the “Global Privacy Standards for a Global World” Madrid Declaration. It was well received by policy makers, including the data protection commissioner community.  The all day meeting and related efforts was organized by the remarkable Katitza Rodriquez.  Bravo to her and everyone involved.

The Declaration and related work at the Data Protection conference provided a much needed counter-balance to the failure of leading online companies to seriously address their data collection practices and plans.

“Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy”

That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG.  I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.   It’s available here.

Here’s an excerpt:   Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.