EU Sets the Bar for Privacy–Will U.S. and online marketers work to undermine the rights of citizens and consumers?

The Obama Administration and several leading online companies are fearful that the EU’s interest in strengthening privacy safeguards will undercut the data collection, profiling, and interactive ad targeting of U.S. digital marketers.  The U.S. wants to seek a “separate, but equal” privacy and consumer protection regime–claiming that whatever we do in the U.S. on privacy should be treated as the equivalent by the EU.  Self-regulation and those silly icons won’t work, as we know.  This week, EU Justice Commissioner Viviane Reding laid out a vision to better protect EU citizen privacy.  Here’s an excerpt from it that should help guide the debate here–and with the negotiation between the US and EU on a new “safe harbor” treaty on data privacy:

EU Commissioner Reding’s speech this week reveals the battlelines bet. co’s, US, EU

excerpt:

Peoples’ rights need to be built on four pillars:

The first is the “right to be forgotten”: a comprehensive set of existing and new rules to better cope with privacy risks online. When modernising the legislation, I want to explicitly clarify that people shall have the right – and not only the “possibility” – to withdraw their consent to data processing. The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data rather than individuals having to prove that collecting their data is not necessary.

The second pillar is “transparency”. It is a fundamental condition for exercising control over personal data and for building trust in the Internet.

Individuals must be informed about which data is collected and for what purposes. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated. They must be told about the risks related to the processing of their personal data so that they don’t loose control over their data or that their data is not misused. This is particularly important for young people in the online world.

I want to make sure that greater clarity is required when signing up to social networking. Unfavourable conditions – restricting control of users over their private data or making data irretrievably public – are often not clearly mentioned. In particular, children should be fully aware of the possible consequences when they first sign up to social networks. All information on the protection of personal data must be given in a clear and intelligible way – easy to understand and easy to find.

The third pillar is “privacy by default”. Privacy settings often require considerable operational effort in order to be put in place. Such settings are not a reliable indication of consumers’ consent. This needs to be changed.

The “privacy by default” rule will also be helpful in cases of unfair, unexpected or unreasonable processing of data – such as when data is used for purposes other than for what an individual had initially given his or her consent or permission or when the data being collected is irrelevant. “Privacy by default” rules would prevent the collection of such data through, for example, software applications. The use of data for any other purposes than those specified should only be allowed with the explicit consent of the user or if another reason for lawful processing exists.

The fourth principle is “protection regardless of data location”. It means that homogeneous privacy standards for European citizens should apply independently of the area of the world in which their data is being processed. They should apply whatever the geographical location of the service provider and whatever technical means used to provide the service. There should be no exceptions for third countries’ service providers controlling our citizens’ data. Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.

For example, a US-based social network company that has millions of active users in Europe needs to comply with EU rules. To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers.

Stakeholders at a recent public consultation on data protection asked me to make clear that our data protection rules also apply to data retention. Storage of data is already included in the broad definition of “processing” but the general public is unaware that processing includes storing / retention.

First & Third Party Combined Data Targeting Grows–Safeguards Needed on Publisher Sites

As USPIRG and CDD told the FTC last month, the growing integration of first and third party data for consumer targeting requires a uniform approach to protect privacy.  Entangling a consumer via a host of outside third-party databases used for stealth profiling and targeting is unacceptable–especially when used for financial and health marketing, or targeting youth.  Adobe, for example, just announced that it’s “Online Marketing Suite” now incorporates “a wide range of third-party data from providers such as Acxiom (demographics, segmentation and buying behavior), Bizo (business demographics), DataLogix (buying behavior and purchase intent), eXelate (demographics, buying behavior and purchase intent) and TARGUSinfo’s AdAdvisor (demographics, brand preferences, product needs and CRM data).”  Adobe also is “partnering with DataXu, InviteMedia, MediaMath and Turn to provide customers with the means to act on valuable audience data. Publishers can deliver larger audiences to advertisers by combining their own ad inventory with inventory acquired through the use of DSP partners.”

Both the Congress, the FTC and the European Commission have to address the growing merging of first and third party data that occurs without a users awareness or informed consent.  Meanwhile, ad agencies such as Omnicom have created their own data tracking and targeting services.  One executive recently noted that “There’s been increasing momentum in the use of third-party data. It’s a critical element of our stack – to use the right third-party audience intelligence data both for targeting and sometimes more importantly for audience insights post impression delivery. I don’t know the exact percentage, but I would say there are a significant percentage of our impressions that are bought with some form of third party data.

Google’s Eric Schmidt on Mobile Marketing [Annals of Why We Need Mobile Privacy and Consumer Protection Safeguards]

Google CEO Eric Schmidt gave the keynote address at the Interactive Advertising Bureau’s “Ecosystem 2.0” conference.  As reported, he explained that [our emphasis]:

“The smartphone is the iconic device of our time,” Schmidt told the record IAB audience of 750 in Palm Springs, California. A year ago, he added, he predicted that mobile use would surpass PCs within two years. “It happened two weeks ago. And the PC is not going to catch up,” Schmidt said, as he labeled the new era, “Mobile First.”…The hyperlocal potential of mobile, Schmidt continued, means that smartphones and tablets bring a practical application to marketing that no other medium can match: A connection that will lead you to the store, open the door, and direct you to a product you need. “A RadioShack ad can tell you where you are and how to get to the nearest store.” And equipped with Near Field Communication chip (NFC), the newest generation of smartphones not only can tell you what to buy, it can enable a tap-and-pay transaction…Think of the offers mechanisms for advertisers,” Schmidt offered. “We’ve spent 20 years trying to get here. And now there’s an explosion in commerce. Particularly for the consumer who says, “I want to buy something and want to buy it right now,” he added, “We can do it.”

And, in large part, that capability means that mobile media consumption “is happening faster than all our internal predictions.”

Some 78% of smartphone internet users already use their smartphones as they shop. And, as consumer comfort with – and acceptance of – new mobile technology continues, Schmidt envisions “a world, in the very near future, where computers remember things and you never need to worry about forgetting anything. You want it to remember something and it will. And you’re never lost. No one is ever lost. You never turn off the [mobile device] and you’ll always know where you are. And where you want to go….”

Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

Digital Pharma Watch—Study Shows Privacy at Risk on Social Media Health Sites

Just as the FTC and (we assume) the Commerce Department’s Internet Policy Task Force are examining what the new safeguards should be for sensitive data involving online health marketing, there is an important new research study in the Journal of the American Medical Infomatics Association.  As Information Week reports, the study “examined 10 diabetes-focused social networking sites [and]  found that the quality of clinical information, as well as privacy policies, significantly varied across these sites.  The study, “Social but safe? Quality and safety of diabetes-related online social networks,” was conducted by researchers in the Children’s Hospital Boston informatics program…and found that only 50% presented content consistent with diabetes science and clinical practice.  The research…also revealed that sites lacked scientific accuracy and other safeguards such as personal health information privacy protection, effective internal and external review processes, and appropriate advertising.”

The study underscores the issues raised by CDD and its colleague privacy and consumer protections groups last November in a complaint filed at the FTC.

NTIA’s Strickling on Privacy: He Forgets Consumers!

Here’s an excerpt via Politico from their interview with Department of Commerce NTIA Chief–and potential privacy policy maven–Lawrence Strickling.  Note the absence of consumers in his description of the problem and issues.  The Commerce Department, which is jockeying to have a greater role in the privacy debate (which the largest data collectors like because they are afraid of the consumer watchdog-minded FTC), better start making consumer needs come first–if they are to have any credibility here in the U.S. and with the EU.   It appears from the interview the Commerce Department has largely made up its mind to rely on “voluntary enforceable codes of conduct.”   Here’s what Larry said in a Q & A:

NTIA is also getting into the privacy discussions.

It’s part of the larger Internet Policy Task Force that’s underway here at Commerce where our agency — along with other agencies — is looking at a number of Internet policy issues. Privacy is first and foremost on the list, but we’re also looking at the protection of intellectual property, cybersecurity, and we’ll be looking at the free flow of information. For Commerce, our theme links all these topics around the notion of innovation, preserving the job creation and business expansion aspects of the Internet and trying to protect that going forward. So in the area of privacy, the task force did issue the green paper late last year. Comments just came in on that, so people are starting to work their way through them, with the goal that we’ll take the green paper and turn it into a more final pronouncement of the Department of Commerce or perhaps even the administration’s policy on privacy later this spring.

Do you think there should be a government office specifically dedicated to privacy?

We certainly believe that if we’re going to move forward with these voluntary enforceable codes of conduct with the industry that the function of convening and organizing that process should sit [in the government]. Our believe is that the Department of Commerce, and in particular NTIA, is the appropriate place for that function to reside. When we start talking about offices that sounds more bureaucratic and maybe requires departmental administrative orders. But on the issue of making sure that function is done, yes, based on what we see in the comments, we think that’s an appropriate idea. We think it’s a necessary idea in terms of working with industry and we’ll see how this all plays out over the course of the spring.

What is NTIA doing internationally on the privacy front?

Privacy has big international implications because the Council of Europe is looking at redoing what they’ve done in privacy. The European Union is looking at this issue. OECD is looking at the issue. So we’re very cognizant of the need to make sure our policy, whatever it is, is designed in a way to best harmonize with what’s happening in the rest of the world, and in particularly Europe.

U.S. Online Marketers Want Obama Adm. to Press for Weaker Privacy Safeguards for EU, Asia-Pacific & Other Global Citizens & Consumers

The U.S.’s larger marketing, advertising and media lobbying organizations want the Obama Administration to help them continue to engage in behavioral data profiling and other digital marketing techniques without meaningful safeguards.  Trade groups–including the Direct Marketing Association, Interactive Ad Bureau, and the 4A’s–  told the Obama Commerce Department it wants it to negotiate a trade deal with the EU and elsewhere that would give U.S. online ad companies, in essence, a free pass on data collection and tracking.  Can you believe they want U.S. self-regulation (ineffective and a cover to permit the expansion of consumer data collection) to be the global standard.  File this under digital Chutzpah!  They wrote in a [my emphasis]  filing:

We support the Department’s recommendation that the U.S. government continue to develop a framework for mutual recognition of an international data privacy framework. The Department has an important role in representing and advocating for the interests of American businesses.  We believe that the Department has the experience and expertise needed not only to represent the interests of U.S. industry, but to lead the global privacy policy debate.  We recommend that the Department advocate for a global framework consistent with U.S. privacy standards, including the Self-Regulatory Principles for Online Behavioral Advertising, which have allowed U.S. companies to lead the world in innovation and to remain economically competitive.  In addition to decreasing regulatory barriers to trade and commerce, global interoperability should promote—or at a minimum not impede—economic competition and innovation.  We believe the U.S. approach to privacy policy meets these goals.

Here’s who signed the filing.  Attention EU–watch out.  And a question for the Obama Administration.  Which side of the keeping the online medium a real reflection of democratic potential will you be on?

American Advertising Federation
American Association of Advertising Agencies
ASAE
Association of National Advertisers
Coalition for Healthcare Communications
Direct Marketing Association
Electronic Retailing Association
Interactive Advertising Bureau
MPA — The Association of Magazine Media
National Business Coalition on E-Commerce and Privacy
Newspaper Association of America
Performance Marketing Association
TechAmerica

Google & WPP Showcases their Academics–Helping Erode Privacy and Expand Data Mining of Consumers [video]

Take a look at this Google Business Channel YouTube video showcasing some of the academics who received funding and access to proprietary data for work designed to expand interactive marketing. [you may need to subscribe to the Business Channel.  Look for 2010 WPP-Google Marketing Research Awards]  Google and WPP have a “scholars” program designed to help these two online marketing giants and the field better data mine consumers.  One project is even being used to undermine the need for consumer privacy policies.  An academic in the video discusses the funding he received from Google/WPP for “Unpuzzling the Synergy of Display and Search Advertising: insights from Data Mining of Chinese Internet Users.” [Let’s discuss the human rights related issues later!]  Profs. Avi Goldfarb and Catherine Tucker, whose work has been cited by the online ad lobby in their attempts to stave off consumer protection–and who filed their own Comment in the Commerce privacy proceeding suggesting that somehow protecting privacy could undermine the economic vitality of the industry–are also in the video.

Scholars who take industry money to support research and policies must, of course, always significantly acknowledge such a special interest funding relationship (to the press and policymakers, esp).  There are serious conflicts of interests taking such funding, which should raise questions about the objectivity of the research.  Academics should also recognize, and accept personal responsibility, that their research is likely being used to advance an agenda that often places consumers and citizens at a disadvantage and at risk. For example, Google has not played a serious proactive role protecting privacy online and addressing the consumer protection related issues accompanying much of digital marketing.  Instead of scholars who act as public intellectuals, too often we have researchers who become political pawns used by the marketing and media industry lobby.

Here’s a list of the academics who took Google/WPP funds in 2010 to help these two online ad giants better understand “how online media influences consumer behavior, attitudes and decision making.expand the impact of online advertising.”

2010 Google & WPP Award participants:

  1. Michael Smith and Rahul Telang, Carnegie Mellon: Channels and Conflict: Efficient Marketing Strategies for Internet Digital Distribution Channels.
  2. Chrysanthos Dellarocas, Boston University and William Rand, University of Maryland: Media, Aggregators and the Link Economy: An Analytical and Empirical Examination of the Future of Content.
  3. Anita Elberse, Harvard University and Kenneth Wilbur, Duke University: What Is The Right Mix Between Offline And Online Advertising? A Study Of The Entertainment Industry.
  4. Arun Sundararajan, NYU and Gal Oestreicher-Singer, Tel Aviv University: The Breadth Of Contagion Of The Oprah Effect: Measuring The Impact Of Offline Media Events On Online Sales.
  5. Yakov Bart, Miklos Sarvary, Andrew Stephen, INSEAD: Consumer Responses To Mobile Location-Based Advertising.
  6. V Kumar, Vikram Bhaskaran and Rohan Mirchandani, Georgia State University: Measuring the Total Value of a Customer through Own Purchases and Word of Mouth Referrals: A Field Study in India.
  7. Alan Montgomery and Kinshuk Jerath, Carnegie Mellon: Predicting Purchase Conversion From Keyword Search Using Associative Networks.
  8. Shawndra Hill, University of Pennsylvania and Anand Venkataraman, 33Across: Collective Inference For Social Network-Based Online Advertising.
  9. Anindya Ghose, NYU: Modeling The Dynamics Of Consumer Behavior In Mobile Advertising And Mobile Social Networks.
  10. Jane Raymond, Bangor University: The Importance Of Relevance: Cognitive Science Research On Distraction By Advertisement On The Internet.
  11. Koen Pauwels, Dartmouth, Oliver Rutz, Yale, Shuba Srinivasan, Boston University and Randolph Bucklin, UCLA: Are Audience-Based Online Metrics Leading Indicators Of Brand Performance?

Online Data Targeting Companies Say: “The usage of data will penetrate the online ad ecosystem and the next few years should see data impacting the entire media buying process”

 excerpt from a post by a BlueKai exec:   “The usage of data will penetrate the online ad ecosystem and the next few years should see data impacting the entire media buying process – end to end.  Marketers already need to understand their audiences through customer interactions across multiple channels.  The most progressive marketers are maximizing both audience and campaign performance data as a way to drive marketing spend…as more and more agencies  adopt media strategies that deploy audience profiling and data analysis, there will be an increase in demand for the data scientist…Data driven audience targeting moves operation out of the back room black box systems and into the hands of marketers who are planning so they can really do a much better job of identifying your ideal customer, reach them by very specific targeting attributes and get a much better picture of what’s working and what’s not.  It seems like a no-brainer, but much of the online media spend today is not driven by data.  A data-centric approach to marketing is opening up a new world to online marketing which promises to be a world that provides transparency, target specificity, scale, accountability and results…The ability to combine audience and media performance data gives marketers a full picture of how they can get more of their marketing dollars. 2011 promises to be the year marketers take control of their data and look for solutions that can provide a full-service, full-loop solution will become vendors of choice.”

Microsoft on Privacy Regs vs its business model: “to monetize human attention”

As we prepare for a vigorous debate on protecting consumers and citizens, it’s useful to reflect how online marketing companies view the process.  This excerpt from a Politico story last month notes, that:

Representatives from Google and Microsoft agreed it is the companies’ jobs to make sure consumers can trust them with personal information by giving them more control over how that data is shared. But regulation is a slippery slope. “Our business model is to monetize human attention,” said Marc Davis of Microsoft’s Online Services Division. “Regulation does potentially threaten the value of that.” Added Google’s Betsy Masiello: “Those business models also rely entirely on user trust.” They agreed there’s no legal clarity over who owns what data, and whether online information is owned by the person who entered it online or the company who runs the platform that stores it. “We’ve created this new business class without any clarity,” Davis said.