Google keeps making new announcements about how it will–finally, this time!–protect consumer privacy. This latest PR salvo–after the Canadian Privacy Commissioner ruled that Google had “contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks in neighbourhoods across the country”– is designed to help quell EU and US policymakers enacting safeguards that would rein in some of company’s data collection practices. Yesterday’s announcement illustrates one of Google greatest problems: it can’t admit that its entire business model is based on collecting infinite amounts of information on individual consumers. Google’s most recent acquisitions–Admob, Invite Media, and Teracent, for example–are designed to generate new data-mining based revenues.  Google is trapped in its own success: it can’t step off the digital data collection treadmill with Facebook and others in hot pursuit. But consumers and citizens should expect more honesty coming from the “don’t do evil” web giant–not just new promises to better behave.
Google has named Alma Whitten to head a team designed to better address privacy issues. During her recent testimony before the Senate Commerce Committee, Dr. Whitten didn’t provide the kind of critical analysis required on the impact of Google’s online ad business and privacy. Doing so now–and honestly addressing and redressing the problem–will be a key test.
The online ad industry and lobby better stop saying that cookies and other forms of data collection aren’t personally identifiable–so-called PII [personally identifiable information]. As we know, behavioral targeting (BT) identifies, profiles, tracks and targets an individual. Here’s just one example of how online marketers discuss what BT really is when they are talking among themselves and to clients (our emphasis):
What is behavioral targeting?
Behavioral targeting is a technique used by online advertisers to improve the effectiveness of their campaigns by increasing the relevance of product offers and promotions on a visitor-by-visitor basis.
Behavioral targeting uses information collected on an individual’s web-browsing behavior,such as the pages they have visited or the searches they have made, to select and deliver online ads to the users who are most likely to be interested…As the effective mixing and mining of audience data has become increasingly important to online advertisers, the role of behavioral targeting and retargeting have grown more central…The typical approach to behavioral targeting starts by using web analytics to group visitors into discrete channels. Each channel is analyzed and a virtual profile is created to for each channel…
Most platforms identify visitors by assigning a unique id cookie to each and every visitor to the site, allowing them to be tracked throughout their web journey. An example is a user who visits content about auto insurance, clicks on an insurance advertiser button or banner, and then searches for “auto insurance.†This user would be assigned to the insurance prospect channel and the next time that user goes to Yahoo they will see ad for insurance…
Lobbyists like to hire academics in order to give their agenda the patina of scholarly respectability. Many academics are ideologically aligned with the interests of major media and telecom companies–supporting an unregulated environment (and like to reap the bucks as well). Some academics want to schmooze with deep-pocketed special interests. So it’s not a surprise to learn that Time Warner Cable has a “Research Program on Digital Communications.” They have already released a volume of papers on the “Future of Digital Communications: Policy Perspectives.” Time Warner’s so-called research agenda is so self-serving that it would be laughable if the goal wasn’t ultimately to undermine the public interest and consumer protection. Luckily, there are scholars and other policy experts who care more about their integrity and the academic issues and wouldn’t consider taking such funding. Here’s what the first “research question” is for those seeking funding to ultimately help undermine consumer privacy by enabling Time Warner and other digital marketers to expand their behavioral targeting approaches:
Topic One: Advertising, Two-Sided Markets, and the Role of Network Operators (ISPs, MSOs)
The emergence of more precisely targeted (interest-based or so-called “behavioralâ€) advertising offers potential benefits to consumers while at the same time raising possible concerns about privacy. Application providers, network owners, advertisers, content providers, and other interested parties may play a role in allowing these potential benefits to be realized. By facilitating two-sided markets, or platforms that enable two distinct but related groups of customers (such as advertisers and consumers) to obtain value, service providers can expand the scale and scope of their offerings to consumers. Industry groups and the Federal Trade Commission have developed principles for self-regulation online, while some advocacy organizations and members of Congress have pointed to potential harm from more targeted advertising and are calling for new government mandates.
Key questions concern the types of disclosures and the level of consumer consent that should be required.
Questions
• What are the benefits of more precisely targeted advertising, and how prevalent is the practice?
• What technological innovations support the development of more targeted advertising over digital media?
• How are consumers affected by increasingly prevalent forms of targeted advertising, and what is the appro-
priate public policy response?
• What is the role for self-regulation, government intervention, and industry standard-setting?
• What role should network operators play in regulation (voluntary or prescriptive)?
• Describe the future of the advertising marketplace and the role of new and potential entrants, such as
Internet service providers (ISPs), cable operators, and other multichannel video programming distributors
(MVPDs) offering interactive television services.
• How can two-sided markets help encourage the development of new broadband and video services?
• How can regulation of advertising or privacy affect, promote, or retard the development of these new
services?
AOL also describes to Reps. Barton and Markey the way they use cookies that doesn’t reflect what they say to clients--such as “Target users based on attributes from user registration or third-party data (e.g. age, gender, income, kids)… Retarget users who visit your website… Target users within households using Experian’s statistical modeling based on hundreds of offline data elements that are most predictive for defining the specific audience of consumers.†For question 1, they refer to their privacy policy—something few consumers would read or understand. Nor does the privacy policy spell out how AOL collects and targets users, as they do for potential clients. See and compare to privacy policy. See how they offer targeting based on political information.
Question 2: They didn’t answer completely. They should have included information from here. And what their partners collect.
Question 3. They should have said they urge advertisers to use pixels, beacons and other tracking tools:   “Place pixels on all high-traffic pages… Target broadly… Most networks, including Advertising.com, look at IP or cookie data to determine if a user is part of a specific demographic or has demonstrated a particular online behavior, such as shopping for a car, browsing cooking sites, and so on. With user targeting, you reach those consumers directly, regardless of the sites they happen to be visiting.â€
And they say that the third party cookies don’t identify the “specific user.â€Â But that’s what AOL says it can target: “Target users within households… Retarget users who visit your website… Target users within households that demonstrate the highest propensity to buy certain products…â€
Question 7. They don’t say what they do. It’s monetizing all the data: “We monetize nearly 1.5 billion impressions per day on average.â€
Yahoo isn’t alone in not being candid to Congress. Here’s what News Corp should have also said to the Congress about its data collection, profiling and targeting system.Â
It should have informed Congress how its Fox Interactive Media (FIM) data-mines its users daily. From its data-mining company: “FIM operates some of the highest-traffic websites in the world, including MySpace, and serves over 5 billion online ads across its sites per day. Each of these ads is optimized and targeted to specific audiences based on analysis of web traffic, user behavior and click patterns. As part of our targeted ad serving platform, we analyze nearly 2,000 identifying variables for each of the millions of visitors to our sites every day (tracking and analyzing, for example, whether a visitor likes jazz, but also whether they respond more to car ads than to pizza ads). While our targeting process was already one of the most advanced in the industry, we were eager to improve ad click-through rates further by fine- tuning targeting. To get to this next level of targeting precision, we needed to analyze massive volumes of data to discover patterns and identify relevant targeting criteria across segments and demographics. FIM implemented Greenplum for its parallel, multi-core architecture that could scale to support our massive data volumes, but also because the Greenplum data warehouse allows data analysis to be performed directly within the warehouseÂ
– instead of having to extract it first…our team can execute lightning-fast queries against a matrix that is 4 billion rows tall and 1 million rows wide, running tests against thousands of variables for each for the 5 billion ads FIM serves to visitors each day. What’s more, we can now complete 10,000 experiments against 20 million site visitors in just three hours. Previously, it took an entire day just to extract the data – and then another whole day to run the tests. The result has been faster and more efficient data analysis, which has in turn enabled more precise ad targeting, delivering up to 200% higher click- through rates for the 5 billion ads served daily across the FIM network…our research analytics team uses Greenplum Database to conduct tens of thousands of real-time tests against millions of users every day, analyzing each visitor’s reaction to ads against over with an absolute deluge of data.â€
If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak†specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry. None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates: that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.â€Â  All the companies hide behind `it’s a business as we created it and good for everyone’ facade. Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!). Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!). The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding.Â
The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates. Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,†“relevant,†or “interest†targeting. Online profiling and targeting is now called “customization.â€Â The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions. Finally, several of the companies submitted their privacy policies.  In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.
Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII). Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII†and hence fail to raise privacy concerns. Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works. The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data. Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…
Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers. Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1. For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process. Most of which are not spelled out or really explained in the privacy policy; See also, Yahoo’s “smart ad†technology that changes the copy in real time based on the data it collects. Its privacy policy really doesn’t explain it in the same way it pitches itself to clients. Yahoo says in its Hill letter that it “may†acquire data from external sources and gives the link to that section of its privacy policy. Not even a multi-tasking genius could opt-out all of that. Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story: “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.† In question 4-5, Yahoo claims its users have all the information they require via the privacy policy. But Yahoo’s information for perspective clients tells a more complete and different story: “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more. If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…â€Question 9, again, they call it “customized experience†to Congress—and “smart ads†that track and learn about you when they explain it to advertisers.  Question 10. Health and finance. Yahoo failed to tell Congress they track and target consumers health and financial info. And they target teens. For health; finance.
Danah Boyd, like many other digital media researchers, fails to examine the business practices which shape and construct most of contemporary online media. Ms. Boyd is quoted in last week’s Boston Globe about the Children’s Online Privacy Protection Act saying “[I]t’s well-intentioned, but this legislation has failed on every level.” Ms. Boyd is incorrect.  A whole range of interactive ad practices and techniques commonly found on most digital sites has not been embraced by the under-13 online advertising market. The goal of COPPA was to help structure the commercial online data collection and targeting practices aimed at young people–and it’s done so (just see what kind of data collection and targeting practices occur the minute anyone reaches 13. From that age onwards, everyone is fair game for a wide range of very disturbing practices, most of which collect and use our information). Ms. Boyd and the Globe article are also incorrect claiming that “Congress is considering renewing” COPPA.  The FTC is currently conducting a periodic review of COPPA’s rules and the Congress has held hearings on the law. But Congress doesn’t have to “renew” COPPA.
Finally, a challenge to Ms. Boyd. She is working for Microsoft–which is targeting youth across the globe via its advertising division. Microsoft Advertising is collecting data and targeting teens for junk food and other products. See Microsoft’s “How to Target Young People Online” and other materials, for example. Ms. Boyd needs to analyze what her employer–and other financial backers from the online ad industry supporting Berkman–are doing regarding youth–and hold them and herself accountable.
In 1999, online marketers promised consumers they would protect their privacy. Leading interactive ad companies created the Network Advertising Initiative (NAI) as a scheme to head-off proposals by the FTC that would help regulate online profiling. Now it turns out, says the online ad industry, the NAI really couldn’t work. So they have developed yet another self-regulatory effort. Here’s what online marketers told Ad Week today: “The move marks the most significant regulation the industry has imposed on companies and goes significantly farther than the Network Advertising Initiative, which held third-party advertisers needed to allow consumers to opt out. Doing so, however, was a cumbersome process.“  So the industry didn’t tell the FTC or consumers that the NAI wasn’t consumer friendly and “cumbersome.” Yet they have used the NAI as a political bulwark to head-off consumer protection rules. Shame on them. Meanwhile, in the same story, it’s revealed that only now–as pressure mounts to protect online consumers—does the industry recognize protecting privacy is important: “The guys that drive the industry have figured out this privacy stuff does matter,” said Scott Meyer, CEO of Better Advertising Project, which will help companies comply with the requirements.
The new “aboutads.info” website established by the industry fails to provide consumers serious information about cookies and behavioral targeting and profiling. It reveals how little the industry is committed to protecting privacy and informing U.S. consumers about the process. To see how this new plan is really designed to protect the data collection business, examine the rules for sensitive information. Beyond the children’s privacy law (COPPA) we got enacted in 1998, this scheme permits full-scale collection and use of financial and health information.  Under the “new” self-reg policies, the narrowest of definitions for respecting your financial and health information has been created: “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records about a specific individual for OBA without Consent.”
Shame on them. Online marketers spent some $3 billion last year on online financial marketing and will spend $1 billion for pharma and health related targeting in 2010. Consumer data collected by online financial and health marketers, much of which is sensitive and personal, is ok under the industry’s “new” plan.
PS: The folks at Better Advertising need to take a course in online marketing–and change its new website so it really informs consumers about the process. What it has now would get a C-minus in any class on online marketing. They can start with 360 degree targeting, online and offline profiling, rich media, a serious description of online auctions, the tracking process, work on “engagement” and neuromarketing,” social media marketing, etc. Consumers deserve better.
On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled. A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require. The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.
As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level. Here’s excerpts of what they say. See if that little icon is being honest when you click it. Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process. Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you! From the new “Targeting Local Markets” guide:
Explicit profile data Targeting. definition–
Explicit data is “registration quality data†collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…
Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing†experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.
To help undermine the impact of the forthcoming FTC proposal to protect consumer privacy, a coalition of online ad lobby groups will unveil yet another self-regulation plan. According to Mediapost, online consumers will soon see “[I]cons to signify behavioral advertising — or serving ads based on people’s Web activity.” Since 1999, online ad groups have rolled out self-regulatory regimes promising to protect consumers online. Each has failed to do so.  This new effort involves the very same groups and companies that offered self-regulatory promises in the past.  For example, see the World Privacy Forum’s report on the failure of the Network Advertising Initiative’s self-reg schemes; that group is part of the new effort, btw.
This new effort is seriously flawed–and before marketers and advertisers adopt it, it must be independently evaluated by consumer groups, independent academics, and the FTC. We believe that the system will fail to protect consumers–because it will not candidly inform them about how the data is collected and used. Meanwhile, in a revealing flip-flip, the IAB’s UK counterpart deep-sixed its just released safeguard on retargeting. According to a new report, “[O]nline advertising trade body the Interactive Advertising Bureau (IAB) has withdrawn a code of practice which recommended that behavioural advertising retargeting cookies should expire after 48 hours. The IAB’s Affiliate Marketing Council (AMC) published the code last week. It applied to the practice of ‘retargeting’ web users who had visited a site with ads for that site on other people’s websites, using cookies to track their movements and activities…That code has been withdrawn and will be reworked after further industry consultation, though, the IAB said. The code has disappeared from the IAB’s website.”
Consumers and citizens require real safeguards governed by law and regulation–not flimsy digital promises designed to sanction ever-expanding data collection practices.