Category: online lead generation

Consumers Union Tells Congress that FTC should do more work on “Online Behavioral Marketing… to protect consumer privacy”

Here’s an excerpt from today’s testimony by CU’s Gail Hillebrand before the House Commerce Committee’s consumer protection subcommittee.  The hearing was on the role of the FTC as a new (and much needed) Consumer Financial Products Protection Agency is potentially created.  The testimony was endorsed by other leading consumer groups, including Consumer Federation of America, Public Citizen and US PIRG.

Online Behavioral Marketing – More must be done to protect consumer privacy.
Consumers are being asked to pay a heavier and heavier price in order to take advantage of the full range of goods and services offered through the Internet, as marketers, researchers, data-mining companies and even service and content providers create profiles of personally identifiable information based on consumer behavior.  Internet service providers, content providers and vendors must take greater responsibility in considering the collateral impact their behavioral tracking models have on consumers.
The FTC should:
• investigate the online marketplace in light of new developments in the data mining field;
• expose marketing practices that compromise user privacy;
• issue the necessary injunctions to halt current practices that abuse consumers; and
• adopt policy principles outlining what can be considered technology neutral Fair Information Practices.

Online Consumers Require Real Privacy Safeguards, Not the Digital Fox [AAAA, ANA, BBB, DMA & IAB] in Charge of the Data Hen House

The self-regulatory proposals released today [2 July 2009]  by five marketing industry trade and lobby groups are way too little and far too late. This move by the online ad industry is an attempt, of course, to quell the growing bi-partisan calls in Congress to enact meaningful digital privacy and consumer protection laws. It’s also designed to assuage a reawakened Federal Trade Commission–whose new chair, Jon Leibowitz, recently appointed one the country’s most distinguished consumer advocates and legal scholars to direct its Bureau of Consumer Protection (David Vladeck). The principles are inadequate, even beyond their self-regulatory approach that condones, in effect, the “corporate fox guarding the digital data henhouse.” Effective government regulation is required to protect consumers. We should have learned a painful lesson by now with the failure of the financial industry to oversee itself. The reckless activities of the financial sector—made possible by a deregulatory, hands-off government policy–directly led to the current financial catastrophe. As more of our transactions and daily activities are conducted online, including those involving financial and health issues–through PCs, mobile phones, social networks, and the like–it is critical that the first principle be to ensure the basic protection of consumer privacy. Self-dealing “principles” concocted by online marketers simply won’t provide the level of protection consumers really require.

The industry appears to have embraced a definition of behavioral targeting and profiling that is at odds with how the practice actually works. Before any data is collected from consumers, they need to be candidly informed about the process–such as the creation and evolution of their profile; how tracking and data gathering occurs site to site; what data can be added to their profile from outside databases; the role that data targeting plays on so-called first-party websites, etc. In addition, the highest possible consumer safeguards are necessary when financial and health data are involved. Under the loosey-goosey trade industry principles, however, only “certain health and financial data” are to be treated as a “sensitive” category. This would permit widespread data collection involving personal information regarding our health and financial concerns. The new principles, moreover, fail to protect the privacy of teenagers; nor do they seriously address children’s privacy. (I was one of the two people that led the campaign to enact the Children’s Online Privacy Protection Act).

The failure to develop adequate safeguards for sensitive consumer information illustrates, I believe, the inability of the ad marketing groups to seriously address online privacy. The so-called “notice and choice” approach embraced by the industry has failed. More links to better-written privacy statements don’t address the central problem: the collection of more and more user data for profiling and targeting purposes. There needs to be quick Congressional action placing limits on the collection, use and retention of consumer data; opt-in control over profile information; and the creation of a meaningful sensitive data category. Consumer and privacy groups intend to work with Congress to ensure that individuals don’t face additional losses due to unfair online marketing practices.

[press statement by the Center for Digital Democracy]

IAB UK’s “Good Practice Principles” on Behavioural Targeting: Alice in Wonderland Meets Online Data Collection

Last week in Brussels at a EU Consumers Summit, Google and other interactive ad companies pointed to the new Interactive Advertising Bureau/UK “Good Practice Principles for online behavioural advertising” as a model for meaningful self-regulation.  The companies that have endorsed the principles include  AOL/Platform A, AudienceScience, Google, Microsoft Advertising, NebuAd, Phorm, Specific Media, Yahoo! SARL, and Wunderloop.   The message sent to EU regulators was, in essence, don’t really worry about threats to privacy from online profiling and behavioural targeting.  But a review of the Principles suggest that there is a serious lack of “truth in advertising” when it comes to being truly candid about data collection and interactive marketing.  These Principles are insufficient–and are really a political attempt to foreclose on meaningful consumer policy safeguards.

Indeed, when one examines the new online “consumer guide” which accompanies the Principles,  one has a kind of Alice in Wonderland moment.  That’s because instead of being candid about the real purpose of behavioral advertising–and the system of interactive marketing it is a part of–the IAB paints an unreal and deliberately cheery picture where data collection, profiling, tracking, and targeting are just harmless techniques designed to give you a better Internet experience.   UK consumers–and policymakers–deserve something more forthright.

First, the IAB conveniently ignores the context in which behavioural targeting is just one data collection technique.  As they know, online marketers are creating what they term a “media and marketing ecosystem.”  A truly honest “Good Practice Principles” would address all the principal ways online marketers target consumers.  That would include, as IAB/UK knows well, such approaches as social media marketing, in-game targeting, online video, neuromarketing, engagement, etc.  A real code would address issues related to the use of behavioural data targeting and other techniques when used for such areas as finance (mortgages, loans, credit cards); health products; and targeting adolescents.

The IAB/UK also fails to reconcile how it describes behavioural targeting to its members and what it says to consumers and policymakers.  For example, the group’s glossary defines behavioural targeting as:  “A form of online marketing that uses advertising technology to target web users based on their previous behaviour. Advertising creative and content can be tailored to be of more relevance to a particular user by capturing their previous decision making behaviour (eg: filling out preferences or visiting certain areas of a site frequently) and looking for patterns.“  But its new “Good Practice” consumer guide says that “Online behavioural advertising is a way of serving advertisements on the websites you visit and making them more relevant to you and your interests. Shared interests are grouped together based upon previous web browsing activity and web users are then served advertising which matches their shared interests. In this way, advertising can be made as relevant and useful as possible.”

Incredibly, the IAB/UK claims that “the information used for targeting adverts is not personal, in that it does not identify you – the user – in the real world. Data about your browsing activity is collected and analysed anonymously.”  Such an argument flies in the face of what the signatories of the “Good Practice Principles” really tell their online ad customers.  For example, Yahoo in the UK explains that its “acclaimed behavioural targeting tool allows advertisers to deliver specific targeted ads to consumers at the point of purchase.”  Yahoo has used behavioural targeting in the UK to help sell mortgages and other financial products.  Microsoft’s UK Ad Solutions tells customers it can provide a variety of behavioural targeting tools so it “can deliver messaging to the people who are actively looking to engage with what you’re offering…With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay in touch and help create continual engagement with your brand…Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them.”  Time Warner’s Platform A/AOL says Through our Behavioural Network, we can target your most valuable visitors across our network, earning you additional revenues, or simply fulfil your own campaign obligations.  By establishing certain user traits or demographics within your audience, we are able to target those individuals with the most relevant advertising (tied into their common characteristics), or simply reach those same users in a different environment.”  Or Audience Science’s UK office that explains “While other behavioural targeting technologies simply track page visits, the AudienceScience platform analyzes multiple indicators of intent:

•  Which pages and sections they have visited

•  What static and dynamic content they have read

•  What they say about themselves in registration data

•  Which search terms they use

•  What IP data indicates about them, including geography, SIC code, Fortune 500 rank, specific Internet domains,   and more

Because AudienceScience processes so many indicators of intent, it enables you to create precisely targeted audience segments for advertisers.”  And Google, which knows that the UK is “arguably the most advanced online marketplace in the world” has carefully explained to its UK customers all the data they collect and make available for powerful online targeting.

The Notice, Choice and Education “Good Practice” scheme relies on an ineffective opt-out.  Instead of real disclosure and consumer/citizen control, we have a band-aid approach to privacy online.  The IAB also resorts to a disingenuous scare tactic when it suggests that without online marketing, the ability of the Internet to provide “content online for free” would be harmed.  No one has said there shouldn’t be advertising–what’s been said is that it must be done in a way which respects privacy, the citizen, and the consumer.   Clearly, the new IAB/UK code isn’t a model that can be relied on to protect the public.  UK regulators must play a more proactive role to ensure privacy and consumer welfare online is meaningfully protected.

UK Online Ad Lobby Group: “behavioural targeting is going to be the future of the internet.” [Annals of Behavioral Targeting]

The debate over behavioural targeting, profiling and interactive advertising is heating up in the European Union.  We just spoke at a EU event on the topic.  More later on that meeting (which featured Google, Microsoft, Nokia and others, all wearing their Brussels best).  Google and others pointed to a new code on behavioural targeting created by the UK’s Interactive Ad Bureau, which they suggest is a model (and is designed to foreclose on real privacy safeguards).  I will be writing about this code in the next post.  But here’s what the chairman of the IAB UK, Richard Eyre, said about protecting privacy online and the Internet’s future [via Brand Republic.  March 31, 2009]. Excerpts:

Richard Eyre, chairman of the Internet Advertising Bureau, has said he accepts the European Union’s decision to investigate behavioural targeting as “logical” but hopes that the current self-regulatory process “will satisfy everyone”.

Eyre was responding to the EU’s decision to investigate behavioural targeting by online advertisers, in a move that could result in legislation that overrides the code recently introduced by the IAB with the support of Ofcom and search giants Google and Microsoft…Eyre said that he understood that the EU had to have a point of view on the issue because behavioural targeting is a new tool about which the general public is still forming its opinion. However he hopes the self-regulatory code on behavioural targeting recently introduced by the IAB will satisfy everyone. Eyre said: “It is very easy to dismiss the issues as an invasion of privacy but the fact is that behavioural targeting is going to be the future of the internet.”Eyre told ISBA’s annual conference recently that behavioural targeting would be a “game-changer” for advertisers.
PS:  As for Microsoft’s position on privacy, here’s an excerpt from a March 5, 2009 New Media Age story:  “Zuzanna Gierlinska, head of Microsoft Media Network, said, “It’s better that regulation comes from within the market rather than from government, which might not be fully aware of how behavioural targeting works.”  source:  “Industry unites to defend trust in online advertising.”   Suzanne Bearne.  nma.co.uk

CDD Asks Facebook to Address Digital Marketing & Data Mining in Principles–including for outside developers

We have significant questions about the proposed Principles and Statement and how they will affect individual privacy.  CDD has submitted comments.  Here’s an excerpt:  “Ultimately, users must have full knowledge of and control over any and all user data collected by Facebook or by any third party using Facebook’s platform. Facebook must change its Principles and Statement to give users this knowledge and control. 

We urge Facebook to use this wording:

2. Ownership and Control of Information

People own their information. They have the freedom to share it with anyone they want and take it with them anywhere they want, including removing it from the Facebook Service. People have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices. As part of user control of their data, every Facebook user has the right to know and fully control if and how data is collected from them, especially if the data is to be used in advertising. Facebook will be transparent in how it collects and analyzes data for advertising, including profiling and targeting of users. Facebook also will detail to users what particular data collecting and mining will be done for advertising purposes. Facebook will ensure that every company that works with it, via third-party applications or otherwise, also details to users if their data is collected or mined, how this data will be collected or mined and for what the data that is collected or mined will be used. Those controls, however, are not capable of limiting how those who have received information may use it, particularly outside the Facebook Service…

Users need to know how third-party developers use the data accessed or collected, including how the data is used for advertising and marketing. For example, if games and widgets and other third-party applications base their business model on capturing user data for lead generation, the users must be clearly told the details of this data capture and lead generation, and users must give their explicit approval first.  Users have the right to control third-party use, access to, collection or sharing of user data, and Facebook needs to make this clear in its Principles.”

Facebook, Advertising, Third-Party $Apps, Terms of Service, Data Collection & Privacy

The role that third party developers play accessing user data on social networks such as Facebook has long been a privacy concern for us.  The business practices, including data collection, profiling and targeting that form the basis of social networking “monetization” strategies are hidden from public view.  My CDD and USPIRG, in our various privacy complaints to the FTC, asked the agency to examine this area.  Maybe the new Obama FTC will do so.  But for now, here’s some excerpts from Facebook’s advice “on common business models” to application developers, as well as from its list of “third party developers” involved in social media marketing:

“As you think about building your app on Facebook, we want to help by highlighting some keys ways of thinking about your app as a business… Apps that are meaningful, trustworthy and well designed have real staying – and monetizing – power… we host a Platform with instant access to more than 175 million active users… Once you’ve created a sustainable, engaging social application, there are many different ways to help monetize it… Advertising: We at Facebook have had success serving targeted advertisements to our users based on information we know about them. By leveraging the data we give you access to (as detailed in our Developer Terms of Service) and data users share with you directly as a part of your application experience, you can serve highly relevant ads… Virtual Credits / Virtual Goods:… instead of accepting payments directly from users for subscriptions or virtual goods, some applications instead allow users to complete affiliate offers by filling out surveys or agreeing to try new products. There are a number of providers who consolidate these types of offers…
Third Party Providers to Help You Monetize:
Advertising:
AdParlor:  “Over 500 Million users worldwide are on a social networking site. These users are comfortable sharing their age, gender, and location, and can be reached through targeted advertising.”…
Shopitmedia: “you can target based on:
1. Location
2. Gender
3. Age
4. Application Category”…
Affiliate marketing…
Analytics…

Payments

Two Words on Why the FTC’s Self-Reg Approach is Wrong: Financial Meltdown

It has been deregulation, including forms of self-regulation, which led to the current financial crisis.  Regulators and most policymakers looked the other way, while many from the investment community created a Ponzi scheme bigger than Bernie Madoff’s.  The online marketing of mortgages and loans played a role in the `borrow’ and `buy’ culture which contributed to the economic mess we are in.

It’s now more important than ever that online marketing, including the structure of data collection and privacy, be regulated.  Congress has to act to make sure consumers understand the loans and other financial products they are being offered interactively online.  The financial crisis, noted Google, is actually fostering the growth of online marketing (as consumers look for less expensive ways to shop).   As Google recently explained to advertisers, the “slowdown is actually accelerating the use of consumer online shopping for goods and services.”  The “mass market is now online,” they noted.

Consumers need to completely understand and fully control how data is collected and used when they seek financial services.  The behavioral targeting system involved with mortgage loan sales, we believe, is totally unknown to consumers (and sadly, regulators).  That’s why my group and others criticized last week’s FTC report.  It’s self-regulatory approach is based on a failed policy (from the people on both sides of the aisle who got us into this mess).  We can have both regulation/fair rules and make the commercial market prosper.  It’s time for the online ad industry to support a regulatory policy that will help make our financial future more secure.

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

CDD Memo to President-elect Obama’s FTC Transition team

My organization provided the FTC-transition team of President-elect Obama a brief memo on what the agency should do as it changes leadership. With a new majority, the FTC should be in the forefront of addressing how the financial and marketing system has evolved in ways which threaten our fiscal well-being and privacy, among many other concerns.  Here’s an excerpt:

The Federal Trade Commission has a potentially extraordinary role to play in the new Administration.  The agency should be engaged in developing and promoting policies that protect privacy, ensure consumer welfare, and stimulate economic development.  Unfortunately, in recent years the commission has largely failed to comprehend the threats to consumer privacy arising from the data collection-based online marketing system.  It ignored, for example, the role that data collection and behavioral targeting played in the marketing of subprime loans and other consumer financial products…
Under new leadership, the FTC should view its role as a champion of consumers…. in consumer protection, privacy, and online-related competition policy, the agency has failed to conduct the kind of serious inquiry that would enable it to make sophisticated recommendations or decisions.  It has not developed a 21st century framework that will protect consumers in the digital marketing “ecosystem.”  We saw this with behavioral advertising and privacy policy, protecting children and youth from marketing linked to the obesity crisis, and in the approval of the Google and DoubleClick merger, for example.
If the FTC is to help the country move forward during this crucial period of economic transition, it should:
•    Make Consumer Protection its highest priority
•    Recruit new staff for consumer protection with a background and commitment to consumer interests
•    Engage in a serious and ongoing analysis of the digital marketplace, with a focus on the impact of interactive advertising/behavioral targeting on financial products, health and medical services, product purchasing, and children and adolescents
•    Propose new policies to protect consumer privacy and welfare online…
•    Work with the FCC and state authorities to create a new Mobile Marketing, Consumer Protection, and Privacy Task Force (with annual reports to the public, and, where appropriate, new legislation recommended to Congress).