Category: Behavioral Targeting

Where Does Google and Microsoft Really Stand–with the IAB and ad lobby or for Consumer Protection?

Both Google and Microsoft serve on the executive committee of the Interactive Ad Bureau, a trade association fighting against consumer privacy proposals in Congress and the FTC.  The IAB just sent a letter signed by other ad and marketing industry lobbyists opposing Obama and congressional proposals to expand the ability of the FTC to better protect consumers.  My CDD just sent emails to officials at both Google and Microsoft asking them to clarify where they stand on the IAB’s letter [see below].  Do our two leading online marketing leaders support financial and regulatory reform, including protecting privacy?  Or does the IAB letter–and Google and Microsoft’s own role helping govern that trade lobby group–really reflect their own position against better consumer protection? Not coincidently, the IAB’s PAC has expanded its PAC contribution giving to congress.

Why does the IAB and other ad groups want to scuttle a more capable FTC?  Think online financial products, including mortgages, pharmaceutical operated social networks, digital ads targeting teens fueling the youth obesity crisis, ads created by brain research to influence our subconscious minds, a mobile marketing system that targets us because it knows our location, interests and behavior.  The IAB is terrified that a responsible consumer protection agency will not only peek under the ‘digital hood,’ as the Obama FTC is currently doing.  But actually propose policies and bring cases that rein in irresponsible and harmful business practices.  So Microsoft and Google:  who are with?  Consumers or the special interest advertising lobby?
*****

letter to Google:  22 January 2010

Dear Pablo, Jane, Peter and Alan:

As you may know, the Interactive Advertising Bureau recently sent a letter  to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Google serves on the executive committee of the IAB’s board.  For the record, does Google support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Google disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Google state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

letter to Microsoft:  22 Jan. 2010:

Dear Mike and Frank:

As you may know, the Interactive Advertising Bureau recently sent a letter to Congress, along with other ad related groups, opposing the expansion of FTC regulatory authority as proposed in the Consumer Financial Protection Agency bill and related reauthorization [http://www.clickz.com/3636212].

Microsoft serves on the executive committee of the IAB’s board.  For the record, does Microsoft support IAB’s stance that, as news reports say, if the FTC is given additional enforcement and penalty-making authority, “the FTC could essentially act as an unelected legislature governing industries and sectors across the economy.”

If Microsoft disagrees with the IAB’s letter, I ask that it make its position public as soon as possible.  I also respectfully request Microsoft state its position regarding the Consumer Financial Protection Agency proposal, as well as its position on expanding FTC authority.

Regards,

Jeff Chester
Center for Digital Democracy
www.democraticmedia.org

Tracking Mobile Users by Behavior and Race: Why the FTC Must Address Mobile Privacy ASAP

Here’s a brief excerpt from the “The mobiThinking guide to mobile advertising networks 2010.”  Our emphasis.

Microsoft Mobile Advertising: Targeting capabilities include device, demographic (gender, age, household income), geographic and behavior.

Advertising.com/AOL: Full suite of targeting options, including device, browser, operating system, carrier, on/off-deck, geography, time-segment, content, and multiple demographic combinations.

Nokia Interactive Advertising: Demographics, location, handset type, and in the US by channels (e.g. auto, news, sports.

Quattro Wireless: a) contextual: media type, channel, publisher; b) demographic: gender, age, ethnicity, education; c) location; d) mobile: carrier, device class, manufacturer, model, features, operating system, browser; e) frequency of exposure.

Jumptap: Jumptap offers 64 different targeting options including: demographic, geographic location, carrier, on/off-deck (operator portal), device types and browser, time of day, day of week, content category and frequency controls. These targeting parameters are derived from multiple data courses, including contextual information and true carrier subscriber information. Premium brand advertising guarantees the ad will appear on certain sections of chosen site at the time specified.

Millennial Media: Audience targeting: Millennial can uniquely identify a user across all sites on the network – they are grouped into audiences, based on their observed behaviors on sites, participation and review of click-stream data, so campaigns can be targeted at specific audiences. (Millennial discloses these techniques, with an opt-out in accordance with the Self-Regulatory Principles for Online Behavioral Advertising, July 2009). Advertisers can also do Run of Network (RON) campaigns or target by channel, custom subnet, takeover, network blocks or demographic. There is also targeting via geography, carrier, handset model/manufacturer/operating system, handset features, age of device, time of day, location, Wi-Fi, etc.

Online Financial Marketing, Subprime Loans, Digital Banking & Neuromarketing–Why We Need the Consumer Protection Financial Agency

How we handle our money–including credit, loans and banking–is moving online.  Digital marketing of mortgages, credit cards, student loans and other financial products will become the dominant way we relate to banking and related services.  The CEO of Capital One has already said that ” [A] mobile phone is just a credit card with an antenna.”  So called M-commerce (mobile commerce) will be a crucial avenue where we actually apply for credit on “the fly,” so to speak, with our cell phones themselves used to buy products.   Banks and other financial companies are using Facebook, other social media, online video, Twitter, search engines and interactive online marketing techniques to sell their services to consumers.  They are also using digital media in PR campaigns designed to make consumers forget about their unethical behaviors which led to the current fiscal crisis.

Financial services companies are even using so-called neuromarketing–testing messages via fMRIs, for example–to help hone their marketing messages.  Neurofocus, a Nielsen backed company that helps create digital and other ads based on brainwave research, released a study  earlier this year that “dived deep into test subjects subconscious minds to discover their hidden, unspoken beliefs and feelings about financial institution brands.” They “tested consumers in its laboratory to determine exactly what financial brand messages they responded to best, at the deep subconscious level of their minds, where brand perceptions, brand loyalty, and purchase intent are truly formed.”  Financial marketers are also using behavioral targeting online, which stealthily collects data on us for tracking and target marketing. That’s why we keep seeing ads for credit cards and other money-related products.  The information gathered as we fill in forms on the Internet  can be sold as part of the online lead generation business.  Online lead generation played a role in the subprime debacle, as consumers provided marketers with personal information that helped trigger pitches for mortgages and other credit.

Alternet has just published my article on these issues.  It can be found here.

Consumer and Privacy Groups at FTC Roundtable to Call for Decisive Agency Action

Washington, DC, December 6, 2009 – On Monday December 7, 2009, consumer representatives and privacy experts speaking at the first of three Federal Trade Commission (FTC) Exploring Privacy Roundtable Series will call on the agency to adopt new policies to protect consumer privacy in today’s digitized world. Consumer and privacy groups, as well as academics and policymakers, have increasingly looked to the FTC to ensure that Americans have control over how their information is collected and used.

The groups have asked the Commission to issue a comprehensive set of Fair Information Principles for the digital era, and to abandon its previous notice and choice model, which is not effective for consumer privacy protection.

Specifically, at the Roundtable on Monday, consumer panelists and privacy experts will call on the FTC to stop relying on industry privacy self-regulation because of its long history of failure. Last September, a number of consumer groups provided Congressional leaders and the FTC a detailed blueprint of pro-active measures designed to protect privacy, available at: http://www.democraticmedia.org/release/privacy-release-20090901.

These measures include giving individuals the right to see, have a copy of, and delete any information about them; ensuring that the use of consumer data for any credit, employment, insurance, or governmental purpose or for redlining is prohibited; and ensuring that websites should only initially collect and use data from consumers for a 24-hour period, with the exception of information categorized as sensitive, which should not be collected at all. The groups have also requested that the FTC establish a Do Not Track registry.

Quotes from Monday’s panelists:

Marc Rotenberg, EPIC: “There is an urgent need for the Federal Trade Commission to address the growing threat to consumer privacy.  The Commission must hold accountable those companies that collect and use personal information. Self-regulation has clearly failed.”

Jeff Chester, Center for Digital Democracy: “Consumers increasingly confront a sophisticated and pervasive data collection apparatus that can profile, track and target them online. The Obama FTC must quickly act to protect the privacy of Americans,including information related to their finances, health, and ethnicity.”

Susan Grant, Consumer Federation of America: “It’s time to recognize privacy as a fundamental human right and create a public policy framework that requires that right to be respected,” said Susan Grant, Director of Consumer Protection at Consumer Federation of America. “Rather than stifling innovation, this will spur innovative ways to make the marketplace work better for consumers and businesses.”

Pam Dixon, World Privacy Forum: “Self-regulation of commercial data brokers has been utterly ineffective to protect consumers. It’s not just bad actors who sell personal information ranging from mental health information, medical status, income, religious and ethnic status, and the like. The sale of personal information is a routine business model for many in corporate America, and neither consumers nor policymakers are aware of the amount of trafficking in personal information. It’s time to tame the wild west with laws that incorporate the principles of the Fair Credit Reporting Act to ensure transparency, accountability, and consumer control.”

Written statements and other materials for the roundtable panelists are available at the following links:

CDD/USPIRG: http://www.democraticmedia.org/node/419

WPF: http://www.worldprivacyforum.org/pdf/WPF_Comments_FTC_110609fs.pdf

CFA: http://www.consumerfed.org/elements/www.consumerfed.org/File/5%20Myths%20about%20Online%20Behavioral%20Advertising%2011_12_09.pdf

EPIC: www.epic.org

Google’s Teracent Acquisition: Why so-called `Smart’ Ads are on the privacy agenda

Yahoo has its smart ad product; now with its acquisition of Teracent so does Google.  Smart ads learn about you and can dynamically change form so the display ad can better target you.  Here’s how Google explained what the technology can do:

Teracent’s technology can pick and choose from literally thousands of creative elements of a display ad in real-time — tweaking images, products, messages or colors. These elements can be optimized depending on factors like geographic location, language, the content of the website, the time of day or the past performance of different ads.

This technology can help advertisers get better results from their display ad campaigns. In turn, this enables publishers to make more money from their ad space and delivers web users better ads and more ad-funded web content.

We’re looking forward to welcoming the Teracent team to Google and to making this technology available to our display advertising clients — including those who run display ad campaigns on the Google Content Network and our DoubleClick clients.

Microsoft Advertising offers “Profile Targeting”

As we just told the BEUC conference on consumer protection and online marketing, we couldn’t make this up if we tried.  Here’s what Microsoft Advertising says it can do via its UK site for marketers:

Just say who, when and where

Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them. Just name the characteristics that matter most to you. It could be anything from the consumer’s age, gender or country, to the day of the week you want to target the audience on.

[and here’s what they say about behavioral retargeting, which they euphemistically now call “re-messaging“]”

With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay intouch and help create continual engagement with your brand.  Re-messaging is effective on its own, but works at its best whencombined with other forms of targeting and campaign performance. By placing action tags on your website, we can track visitors throughout the course of their online journey and re-message them on our network. For example the consumer may have previously searched for a hotel but not booked, compared credit cards but not applied, or visited a promotional website. Whatever it may be, if they’ve gone part way to making a purchase or performing an action, we can help you continue the conversation and ensure that the relevant message is seen by the people it matters most to.

CDD/USPIRG to FTC: Self-Reg is a Failure (and should be investigated for “unfair and deceptive” complaint!)

Here’s what we included in our recent filing at the FTC.


The Failure of Industry Self-regulation

It should be evident to all that self-regulation to protect consumer privacy online has been a dismal failure, and the FTC must have the courage to admit this. After all, it wasn’t until CDD/USPIRG and other consumer groups filed well-publicized complaints (and helped create a public outcry over the privacy implications of the Google/DoubleClick deal) that the FTC finally issued its privacy principles in 2007.[183] And it took such pressure to awaken the National Advertising Initiative (NAI) and its members from the deep freeze of inaction, belatedly scrambling to “enhance” their “Self-Regulatory Code of Conduct, a set of binding Principles that has governed members since 2001.”[184] Since its inception, the NAI had been asleep at the digital self-regulatory “switch.” Otherwise we would not have had the ever-growing personalized data collection, profiling, and targeting apparatus that NAI’s members so enthusiastically embraced. The NAI, it should not be forgotten, was only created to head off serious action by the FTC back in 2000 as a result of the growing concern with online profiling.[185]

The revised NAI principles reveal how the group remains incapable of ensuring the protection of consumer privacy. They also demonstrate how the NAI cannot be relied on to offer the FTC—or the public—independent and honest proposals that would protect consumers from contemporary online data collection practices. For example, its revised principles—sadly—define sensitive information is the narrowest of terms: “Social Security Numbers or other Government-issued identifiers; Insurance plan numbers; Financial account numbers; Information that describes the precise real-time geographic location of an individual derived through location-based services such as through GPS-enabled devices; Precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”[186]

The NAI and its members know full well that copious amounts of data relating to the financial and health status of consumers is currently being collected. Indeed expenditures for online financial marketing alone was $3 billion in 2008. The collection of consumer information resulting from online lead generation—which saw some $1.7 billion in spending last year—is deeply connected to data about a person’s interest in loans or credit.[187] A growing business in online pharmaceutical marketing is also actively harvesting consumer data, for purposes that include behavioral targeting. If the NAI were a serious independent entity capable of protecting consumers, it would have effectively articulated how sensitive information should be protected.

NAI’s narrow definition of personally identifiable information (PII) is out of touch with online marketing reality: “PII includes name, address, telephone number, email address, financial account number, government-issued identifier, and any other data used or intended to be used to identify, contact or precisely locate a person.”[188] We urge the commission to examine NAI members’ sites so it can view for itself the stark discrepancies between what is promised advertisers in terms of personalized consumer targeting and the NAI’s purposefully narrow and inaccurate definition of PII.

Finally, we find it absurd that all the NAI could do in serving the privacy interests of young people is to conform to the legal standards of the Children’s Online Privacy Protection Act. (COPPA is a law CDD’s executive director played a key leadership role in helping pass in 1998.) It is unfortunate that the NAI could not offer new safeguards for children, including policies to protect adolescent privacy.

Unfortunately, the “Self-Regulatory Principles for Online Behavioral Advertising,” released in July 2009 by the American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, and the Interactive Advertising Bureau, are equally inadequate.[189] While an improvement over the stance embraced by the IAB in 2008, when it claimed there were no privacy concerns related to behavioral advertising, the new principles cannot be relied on to protect consumers.[190] Its “Sensitive Data” principle in particular, much like the NAI’s, is so inadequate that the FTC should consider bringing an Unfair and Deceptive Complaint against its authors. There are only two categories of information listed under the sensitive principle: Children and “Health and Financial Data.” Under the latter, AAAA et al’s principle is simply that “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for Online Behavioral Advertising without Consent.”[191] Again, this flies in the face of what the members of these groups actually do when collecting health and financial data for online advertising. As for protecting children, the AAAA and its associates—like the NAI—simply endorse the legal framework already required by COPPA. But by failing to address adolescent privacy, the AAAA et al. reveal that they are really concerned only with maintaining the data collection/profiling/targeting status quo.

As the history of self-regulation of the media in the U.S. makes clear, we need strong baseline laws and regulations to ensure serious industry compliance. That’s why this new proceeding must lead to FTC action that will ensure that consumer privacy online is finally safeguarded.

Google+AdMob=Mobile Privacy Issues for the FTC. Questions should be raised about mobile targeting via “ethnicity”

The Federal Trade Commission should examine the privacy issues connected to the Google/AdMob deal.  As we informed the FTC yesterday, AdMob says it can target via “age, gender, HHI, ethnicity, education & context.”

The CDD/USPIRG complaint on mobile advertising provides useful analysis. Here’s an excerpt on its discussion about AdMob:

AdMob: “Mining All the Data We’ve Captured”
AdMob is a “mobile advertising network” seeking to “target mobile users and monetize mobile traffic.” There is inadequate notice and little opportunity to opt-out of this data- gathering. Few mobile users realize that their communications and actions are monitored and recorded in order to create intimate profiles for marketing purposes.
AdMob also targets the youth demographic. It segments “market audiences” into several categories, including a “Digital Natives” category, which include boys and girls as young as 13.  AdMob also focuses on social networking sites, claiming it “enables developers to monetize Facebook mobile applications by integrating AdMob’s industry-leading mobile publishing solutions into any Facebook mobile application. Developers building mobile web applications for the Facebook community using the Facebook Platform for Mobile can easily integrate the AdMob code to start serving ads….”

And AdMob is continually seeking to mine and monetize the data gathered on unsuspecting youths and other mobile users. AdMob’s CEO Omar Hamoui admitted, “We are investing a fair amount of development resources into mining all the data we’ve captured over the last 12 months of ad serving and targeting.”

AdMob gathers this data (and targets youths) without adequate notice to the consumer, making it difficult for a mobile user to weigh the costs and benefits and choose whether to opt out of this profiling. This constitutes unfair and deceptive practices, and the Federal Trade Commission should scrutinize these actions.

“Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy”

That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG.  I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.   It’s available here.

Here’s an excerpt:   Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.

Groups & Scholars Urge Congress to Strengthen FTC’s Ability to Protect Consumers

The advertising lobby has been working to undermine the FTC’s ability to serve the public interest.  Advertisers are fearful that the FTC–finally awakened from a long digital slumber–will actually investigate the numerous problems linked especially to marketing (think prescription drugs, financial marketing of subprime loans, etc.).  They are especially concerned that the FTC will effectively address privacy and consumer protection problems related to privacy, interactive advertising, children and adolescents, and “green” marketing.  Here’s the letter which was sent late yesterday to Chairman Waxman and Ranking Member Barton:


October 28, 2009

Chairman Henry Waxman

Rep. Joe Barton, Ranking Member

Energy and Commerce Committee

(via email)

Dear Chairman Waxman and Rep. Barton:

We write to support the provisions in H.R. 3126, the “Consumer Financial Protection Agency Act of 2009” (CFPA Act), designed to ensure that the Federal Trade Commission has the resources and authority to protect consumers from unfair and deceptive practices.

We believe that the FTC must play a more proactive role addressing critical consumer concerns, including privacy, online marketing, and food advertising to young people.  Therefore, we fully support the legislative language in H.R.3126 that would enable the commission to conduct consumer protection rulemaking under the provisions of the Administrative Procedures Act (APA); provide it with aiding and abetting liability for violations of the Section 5 of the FTC Act involving unfair or deceptive practices; and enable it to seek civil penalty liability for unfair and deceptive practices found to violate Section 5.  We also support providing the FTC independent litigating authority in civil penalty cases.

As you know, the FTC’s ability to serve consumers has been hamstrung because of its “Magnuson-Moss” rulemaking procedure.  As a result, the FTC has not been able to effectively engage in a timely and effective rulemaking process.  By providing the FTC with the same APA rulemaking authority enjoyed by other federal agencies, it will enable the commission to engage in consumer protection activities in a timely manner.

Respectfully,

American Academy of Child and Adolescent Psychiatry

Campaign for Commercial Free Childhood

Center for Democracy and Technology

Center for Digital Democracy

Center for Science in the Public Interest

Children Now

Consumer Federation of America

Consumer Action

Consumers Union

Consumer Watchdog

Free Press

Electronic Frontier Foundation

Media Access Project

Privacy Rights Clearinghouse

Privacy Times

Public Citizen

Public Knowledge

Public Health Institute

U.S. PIRG

World Privacy Forum

David Britt, CEO (retired) Sesame Workshop

Prof. Kelly Brownell, Yale University

Prof. Robert McChesney, University of Illinois at Urbana-Champaign

Prof. Kathryn C. Montgomery, American University

Prof. Joseph Turow, University of Pennsylvania

Prof. Ellen Wartella, UC Riverside