We have revised CDD’s website, and have started a new blog. Please go to democraticmedia.org and sign up.
EU Sets the Bar for Privacy–Will U.S. and online marketers work to undermine the rights of citizens and consumers?
The Obama Administration and several leading online companies are fearful that the EU’s interest in strengthening privacy safeguards will undercut the data collection, profiling, and interactive ad targeting of U.S. digital marketers. The U.S. wants to seek a “separate, but equal” privacy and consumer protection regime–claiming that whatever we do in the U.S. on privacy should be treated as the equivalent by the EU. Self-regulation and those silly icons won’t work, as we know. This week, EU Justice Commissioner Viviane Reding laid out a vision to better protect EU citizen privacy. Here’s an excerpt from it that should help guide the debate here–and with the negotiation between the US and EU on a new “safe harbor” treaty on data privacy:
EU Commissioner Reding’s speech this week reveals the battlelines bet. co’s, US, EU
Peoples’ rights need to be built on four pillars:
The first is the “right to be forgottenâ€: a comprehensive set of existing and new rules to better cope with privacy risks online. When modernising the legislation, I want to explicitly clarify that people shall have the right – and not only the “possibility” – to withdraw their consent to data processing. The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data rather than individuals having to prove that collecting their data is not necessary.
The second pillar is “transparency”. It is a fundamental condition for exercising control over personal data and for building trust in the Internet.
Individuals must be informed about which data is collected and for what purposes. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated. They must be told about the risks related to the processing of their personal data so that they don’t loose control over their data or that their data is not misused. This is particularly important for young people in the online world.
I want to make sure that greater clarity is required when signing up to social networking. Unfavourable conditions – restricting control of users over their private data or making data irretrievably public – are often not clearly mentioned. In particular, children should be fully aware of the possible consequences when they first sign up to social networks. All information on the protection of personal data must be given in a clear and intelligible way – easy to understand and easy to find.
The third pillar is “privacy by default”. Privacy settings often require considerable operational effort in order to be put in place. Such settings are not a reliable indication of consumers’ consent. This needs to be changed.
The “privacy by default” rule will also be helpful in cases of unfair, unexpected or unreasonable processing of data – such as when data is used for purposes other than for what an individual had initially given his or her consent or permission or when the data being collected is irrelevant. “Privacy by default” rules would prevent the collection of such data through, for example, software applications. The use of data for any other purposes than those specified should only be allowed with the explicit consent of the user or if another reason for lawful processing exists.
The fourth principle is “protection regardless of data location”. It means that homogeneous privacy standards for European citizens should apply independently of the area of the world in which their data is being processed. They should apply whatever the geographical location of the service provider and whatever technical means used to provide the service. There should be no exceptions for third countries’ service providers controlling our citizens’ data. Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.
For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.
Stakeholders at a recent public consultation on data protection asked me to make clear that our data protection rules also apply to data retention. Storage of data is already included in the broad definition of “processing” but the general public is unaware that processing includes storing / retention.
IAB Self-Reg Plan Permits Further Data Profiling–Even When You opt-out!
File this under, please send the icon-based scheme back to rewrite! [our emphasis]
Excerpt via clickz.com:Â excerpt:Â The online ad industry’s self-regulatory program could allow some companies to continue tracking consumers even when they’ve opted out through the system…As it exists currently, the self-regulatory program overseen by the alliance allows consumers to opt out from data collection and use for behavioral advertising, explained Stu Ingis, a partner at Venable, a law firm working with the industry coalition. If data is only being collected for behavioral advertising, it will no longer be collected from those who opt out using the program. However, when companies involved with the program also use data for additional purposes such as analytics, they may continue tracking and collecting data from people who have opted out through the program – even though those who have opted-out will no longer receive behaviorally targeted ads.
Microsoft’s Research into Behavioral Targeting & Profiling via its Beijing Research Lab
There’s a “Great Digital Game” going on, where companies such as Google, Facebook, Microsoft and leading ad agencies compete to expand the clout of online marketing around the globe. As I told EU and other privacy regulators last Friday, the Obama Administration is being pressed by US online marketers to forge trade deals that will allow the leading companies to conduct business in the Asia-Pacific and EU region without worrying about serious privacy and consumer protection rules. I do think it’s ironic–and really misleading–to point to online marketing as a U.S. economic success story that requires special treatment. The revenues generated by Google, Facebook and the others are principally from advertising. Whether they are truly models of innovation that will bring the kind of sustainable long-term job and economic growth we need is questionable.
At the core of the “Great Digital Game”–where U.S. companies strive to dominate the global interactive ad marketplace–is data collection for user targeting. Microsoft, which has a principal online ad research facility in Beijing, was recently seeking a Senior Data Mining Analyst. Read this excerpt from the job description and think about privacy, civil liberties in China and other autocratic regimes, consumer protection and the ethical role of U.S. online ad companies: “Microsoft Ad Platform China is building world-class engineering teams in Beijing, focusing on online Ads related systems and services such as behavior targeting and advertiser analytics. The team partner closely with the Redmond Ad Platform team, enabling the discovery and inference of user profiles, intent and interaction while respecting privacy and trust, with the ultimate goal of maximizing benefits for users, advertisers and publishers…Core Job Responsibilities: Conduct and manage applied research and modeling work in the areas of user segmentation, profiling, and targeting. Research and experiment on data mining algorithms for user segmentation and dynamic segment expansion. Utilize data mining technologies and use various data sources, some of which may include MSN/Windows Live web usage, search query, demographic, subscription, and 3rd party data, to gain insight into Internet user behavior and intent that will set the foundation for Microsoft targeting offerings and data services. Provide complete solutions to business problems using data mining techniques, statistics and data analysis. Serve as subject matter expert and drive thought leadership in the areas of user profiling, ad targeting, and personalization for Microsoft online services.”
First & Third Party Combined Data Targeting Grows–Safeguards Needed on Publisher Sites
As USPIRG and CDD told the FTC last month, the growing integration of first and third party data for consumer targeting requires a uniform approach to protect privacy. Entangling a consumer via a host of outside third-party databases used for stealth profiling and targeting is unacceptable–especially when used for financial and health marketing, or targeting youth. Adobe, for example, just announced that it’s “Online Marketing Suite” now incorporates “a wide range of third-party data from providers such as Acxiom (demographics, segmentation and buying behavior), Bizo (business demographics), DataLogix (buying behavior and purchase intent), eXelate (demographics, buying behavior and purchase intent) and TARGUSinfo’s AdAdvisor (demographics, brand preferences, product needs and CRM data).” Adobe also is “partnering with DataXu, InviteMedia, MediaMath and Turn to provide customers with the means to act on valuable audience data. Publishers can deliver larger audiences to advertisers by combining their own ad inventory with inventory acquired through the use of DSP partners.”
Both the Congress, the FTC and the European Commission have to address the growing merging of first and third party data that occurs without a users awareness or informed consent. Meanwhile, ad agencies such as Omnicom have created their own data tracking and targeting services. One executive recently noted that “There’s been increasing momentum in the use of third-party data. It’s a critical element of our stack – to use the right third-party audience intelligence data both for targeting and sometimes more importantly for audience insights post impression delivery. I don’t know the exact percentage, but I would say there are a significant percentage of our impressions that are bought with some form of third party data.“
Google’s Eric Schmidt on Mobile Marketing [Annals of Why We Need Mobile Privacy and Consumer Protection Safeguards]
Google CEO Eric Schmidt gave the keynote address at the Interactive Advertising Bureau’s “Ecosystem 2.0” conference. As reported, he explained that [our emphasis]:
“The smartphone is the iconic device of our time,” Schmidt told the record IAB audience of 750 in Palm Springs, California. A year ago, he added, he predicted that mobile use would surpass PCs within two years. “It happened two weeks ago. And the PC is not going to catch up,” Schmidt said, as he labeled the new era, “Mobile First.”…The hyperlocal potential of mobile, Schmidt continued, means that smartphones and tablets bring a practical application to marketing that no other medium can match: A connection that will lead you to the store, open the door, and direct you to a product you need. “A RadioShack ad can tell you where you are and how to get to the nearest store.” And equipped with Near Field Communication chip (NFC), the newest generation of smartphones not only can tell you what to buy, it can enable a tap-and-pay transaction…Think of the offers mechanisms for advertisers,” Schmidt offered. “We’ve spent 20 years trying to get here. And now there’s an explosion in commerce. Particularly for the consumer who says, “I want to buy something and want to buy it right now,” he added, “We can do it.”
And, in large part, that capability means that mobile media consumption “is happening faster than all our internal predictions.”
Some 78% of smartphone internet users already use their smartphones as they shop. And, as consumer comfort with – and acceptance of – new mobile technology continues, Schmidt envisions “a world, in the very near future, where computers remember things and you never need to worry about forgetting anything. You want it to remember something and it will. And you’re never lost. No one is ever lost. You never turn off the [mobile device] and you’ll always know where you are. And where you want to go….”
Opt-in, First-and Third-Party sites: What CDD & PIRG Told the FTC
[First in a series based on our FTC filing from 18 Feb. Excerpt]:
Consumers should be accorded the same kind of user opt-in control on first-party and third-party sites alike. First-party sites, it is clear, engage in a wide range of data collection and targeting approaches unknown even to their regular visitors, and user consent for these practices should be required. In addition, as first-party publishers increasingly engage in forms of data sales and sharing for the purposes of consumer tracking and targeting, the distinctions between first and third parties are eroding. …Turn, for example, operates a “data-driven†ad-targeting platform that “crunches 2000+ behavioral, contextual, inventory, and ad selection variables within 25 milliseconds… all to determine the right ad, right time, right price, and right audience.† “Turn operates one of the largest marketing platforms on the Internet… ranked 6th in US audience reach, just behind companies like Google….† A recent research paper by TURN discusses how its “data mining solution enables marketers to cost-effectively identify interactions and variables of thousands of data points. It also allows them to look at the entire user profile at the time of impression receipt and do a thorough analysis of the impact of all the variables on a campaign (including latent variables which go beyond the audience segmentation and are often times overlooked).† Turn explains that its “secret sauce†is a “scalable infrastructure [that] enables us to read an individual user’s data profile from among hundreds of millions of profiles within a very small time frame, generally 2 or 3 milliseconds. And, we do this over 100,000 times a second (8+ billion times a day).†…
The company says in that statement that it “does not collect PII,†while saying that the following is only non-personal information: “…the IP address used to access the Internet, the type of browser used, which and how many Business Partner web pages have been viewed, search terms entered on Business Partner websites, referring/exit pages, and the date and time a Turn Ad was viewed.†In its discussion of the use of cookies and Web beacons, the company claims that such tracking and analysis isn’t personally identifiable. But the privacy policy and the claim that its targeting is all based on non-PII dta flies in the face of what its long list of “data partners†provide (let alone its own pronouncements on the ability to track and target an “entire user profileâ€). Its data partners include Bizo, IXI, TARGUSinfo, Polk, Datalogix, Almondnet, Bluekai and eXelate.
Bizo data provides “business demographics of a person which may include, but is not limited to job function, seniority, company size, industry, geography, etc.†IXI’s digital ad data enables online marketers to “target only the consumers that have the right financial profile for each offer and brand…. [with] real-time user classification capabilities…. [that] ranks online consumers based on their expected ability to pay their financial obligations… [and] provides a powerful, complete and accurate estimate of your prospects’ and customers’ total household income… [along with an] estimate of a household’s spending after accounting for the fixed expenses of life (housing, utilities, public transportation, personal insurance and pensions).â€Â  TARGUSinfo’s data includes “names, addresses, landline phone numbers, mobile phone numbers, email addresses, IP addresses and predictive attributes†(continually updated “10 times dailyâ€).  TARGUSinfo also facilitates the collection of “audience targeting data high-quality, offline attributes—including demographics, shopping behaviors, lifestyles, preferences and brand affinities—that are verified… to accurately identify Internet users and link them to attributes—such as demographics, buying behaviors and attitudes—in a real-time… manner…. enabling you to target the most relevant ad to every user regardless of location or media buying methodology.† “AdAdvisor services use cookies that give you a window to rich, predictive data on over 50 million unique US users.† Polk can provide “consumer detail (e.g., age, household income, gender), phone numbers, email addresses,†along with “comprehensive customer profiles with unique automotive variables…. The number of registered vehicles in a household, When a household will likely be in the market for their next vehicle purchase, How much will likely be spent on the next vehicle purchase,†and “reliable and extensive ethnic data including those with the highest levels of purchasing power—Hispanics and Asians.† Datalogix, “a source for real-world data for online targeting†uses “tens of millions of …Affiniti Cookies to support online targeting.† “DataLogix’ audience platform is powered by a database with over $1 trillion dollars in consumer spending behavior.† “Available data spans hundreds of product categories and a host of recency, frequency and monetary value data elements.† AlmondNet “partner(s) with Data-Owners & Media-Owners to facilitate the delivery of relevant, targeted (based on recently-conducted searches for products/services) ads to consumers wherever they go…,†“…based on their observed online behavior wherever they may be found.† “[O]ur technology collects information about Users from our data partners, and from Users as they visit our partner web sites.â€
Ball State University, Privacy, and Research Sponsorship by Marketers
Ball State University has developed a reputation for engaging in interactive media research, often working with marketing companies such as Nielsen. Its Center for Media Design just released research on privacy, suggesting in their comments that the debates on privacy have been over-simplied, including by advocates. Like many others, Ball State examines privacy and fails to fully explore how online data collection really works in the context of contemporary digital marketing. But given Ball State’s close ties with online marketers–including the staff of the Center for Media Design–perhaps it’s not surprising that its review didn’t place the issue under the appropriate critical lens.
For example, Sequent Partners, which works on online marketing and other related issues, is a partner of Ball State. Sequent explains that:
Sequent Partners is the majority shareholder in Media Behavior Institute, a consumer-centric and media-neutral multimedia research company formed in 2008 and which enjoys a uniquely close relationship with Ball State University. Media Behavior Institute applied the University’s observational research and conducted the Nielsen Council for Research Excellence Video Consumer Mapping study, the most ambitious multi-media measurement ever conducted.
Sequent Partners is also a shareholder and active member of the Media Trust LLC. This team was formed specifically to analyze in-market advertising and media response, and best-of-class sources of single-source data. Media Trust offers the most insightful set of evaluation tools for media and advertising.
Sequent Partners also has a long-term development and product management relationship with OTX Research (Ipsos ASI) in the area of multimedia advertising research.
Working at the Media Behavior Institute is Mike Bloxham, the long-time research director for the Center for Media Design, who just left the university to also work at a digital media start-up.
The privacy debate is an important one, as are many of the issues at stake in the digital communications era. The public needs independent research to help address these serious and complex issues. Scholars and universities have an important role to play. Ball State is not the only school with its hand-out for grants and research contracts.  But such relationships create conflicts that need to be addressed, including ensuring the research is designed to serve the broader public–not just the special interests supporting the school.
Facebook’s new DC Lobbyist: Oops, I mean “Customer Service” Rep!
Are they a lobbyist to reach out to the GOP or a mere “customer service” representative who can help guide powerful politicians through the Facebook social media marketing maze? Read this excerpt from Clickz.com and decide for yourself:
Facebook has hired a Republican Party insider to beef up its political outreach team. Former digital strategist at the National Republican Senatorial Committee, Katie Harbath…will join the firm’s small Washington, D.C.-based team as associate manager, policy…The company considers the role to be a customer service position, aimed at helping legislators and their staffers, congressional committees and political campaigns make better use of Facebook. Until now, Facebook’s U.S. Politics Page, politics-related media partnerships, and Capitol Hill outreach has been handled primarily by two Facebook public policy execs, Adam Conner Andrew Noyes, the firm’s manager, public policy communications….[and] Twitter also is building out a D.C. staff. In January, Adam Sharp, was set to begin his work as the company’s government and political partnerships manager. He is charged with helping lawmakers, politicians, and government staff take better advantage of the micro-blogging site.
Pepsi Exec Tells What Keeps Facebook’s Zuckerberg “Up at Night”–Guess What it Is [Annals of Social Media Marketing & Privacy]
Shiv Singh is the head of digital marketing for Pepsi’s beverage line-up. At a recent “Social Media Week” event, he discussed how brands should increase efforts to “listen” to social media conversations. Mr. Singh said that:
“Twenty-five percent of all time spent online is spent on Facebook. We only get to see and listen to a small slice of that. That [larger slice] is the missing link. We sometimes overstate the benefits of listening and we don’t acknowledge the fact that we’re not listening to everything as a whole. Mark Zuckerberg and his team at Facebook are brilliant, but if there’s one thing that keeps him awake at night it’s that the default state for profiles is not public.â€
No doubt, if privacy advocates and responsible policymakers–and concerned Facebook users–hadn’t objected, the profiles would be public by default. Given that Facebook’s ad revenues are connected to having such a goldmine of data free to its partners, having profiles be public by default would give us privacy nightmares.