IAB UK’s “Good Practice Principles” on Behavioural Targeting: Alice in Wonderland Meets Online Data Collection

Last week in Brussels at a EU Consumers Summit, Google and other interactive ad companies pointed to the new Interactive Advertising Bureau/UK “Good Practice Principles for online behavioural advertising” as a model for meaningful self-regulation.  The companies that have endorsed the principles include  AOL/Platform A, AudienceScience, Google, Microsoft Advertising, NebuAd, Phorm, Specific Media, Yahoo! SARL, and Wunderloop.   The message sent to EU regulators was, in essence, don’t really worry about threats to privacy from online profiling and behavioural targeting.  But a review of the Principles suggest that there is a serious lack of “truth in advertising” when it comes to being truly candid about data collection and interactive marketing.  These Principles are insufficient–and are really a political attempt to foreclose on meaningful consumer policy safeguards.

Indeed, when one examines the new online “consumer guide” which accompanies the Principles,  one has a kind of Alice in Wonderland moment.  That’s because instead of being candid about the real purpose of behavioral advertising–and the system of interactive marketing it is a part of–the IAB paints an unreal and deliberately cheery picture where data collection, profiling, tracking, and targeting are just harmless techniques designed to give you a better Internet experience.   UK consumers–and policymakers–deserve something more forthright.

First, the IAB conveniently ignores the context in which behavioural targeting is just one data collection technique.  As they know, online marketers are creating what they term a “media and marketing ecosystem.”  A truly honest “Good Practice Principles” would address all the principal ways online marketers target consumers.  That would include, as IAB/UK knows well, such approaches as social media marketing, in-game targeting, online video, neuromarketing, engagement, etc.  A real code would address issues related to the use of behavioural data targeting and other techniques when used for such areas as finance (mortgages, loans, credit cards); health products; and targeting adolescents.

The IAB/UK also fails to reconcile how it describes behavioural targeting to its members and what it says to consumers and policymakers.  For example, the group’s glossary defines behavioural targeting as:  “A form of online marketing that uses advertising technology to target web users based on their previous behaviour. Advertising creative and content can be tailored to be of more relevance to a particular user by capturing their previous decision making behaviour (eg: filling out preferences or visiting certain areas of a site frequently) and looking for patterns.“  But its new “Good Practice” consumer guide says that “Online behavioural advertising is a way of serving advertisements on the websites you visit and making them more relevant to you and your interests. Shared interests are grouped together based upon previous web browsing activity and web users are then served advertising which matches their shared interests. In this way, advertising can be made as relevant and useful as possible.”

Incredibly, the IAB/UK claims that “the information used for targeting adverts is not personal, in that it does not identify you – the user – in the real world. Data about your browsing activity is collected and analysed anonymously.”  Such an argument flies in the face of what the signatories of the “Good Practice Principles” really tell their online ad customers.  For example, Yahoo in the UK explains that its “acclaimed behavioural targeting tool allows advertisers to deliver specific targeted ads to consumers at the point of purchase.”  Yahoo has used behavioural targeting in the UK to help sell mortgages and other financial products.  Microsoft’s UK Ad Solutions tells customers it can provide a variety of behavioural targeting tools so it “can deliver messaging to the people who are actively looking to engage with what you’re offering…With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay in touch and help create continual engagement with your brand…Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them.”  Time Warner’s Platform A/AOL says Through our Behavioural Network, we can target your most valuable visitors across our network, earning you additional revenues, or simply fulfil your own campaign obligations.  By establishing certain user traits or demographics within your audience, we are able to target those individuals with the most relevant advertising (tied into their common characteristics), or simply reach those same users in a different environment.”  Or Audience Science’s UK office that explains “While other behavioural targeting technologies simply track page visits, the AudienceScience platform analyzes multiple indicators of intent:

•  Which pages and sections they have visited

•  What static and dynamic content they have read

•  What they say about themselves in registration data

•  Which search terms they use

•  What IP data indicates about them, including geography, SIC code, Fortune 500 rank, specific Internet domains,   and more

Because AudienceScience processes so many indicators of intent, it enables you to create precisely targeted audience segments for advertisers.”  And Google, which knows that the UK is “arguably the most advanced online marketplace in the world” has carefully explained to its UK customers all the data they collect and make available for powerful online targeting.

The Notice, Choice and Education “Good Practice” scheme relies on an ineffective opt-out.  Instead of real disclosure and consumer/citizen control, we have a band-aid approach to privacy online.  The IAB also resorts to a disingenuous scare tactic when it suggests that without online marketing, the ability of the Internet to provide “content online for free” would be harmed.  No one has said there shouldn’t be advertising–what’s been said is that it must be done in a way which respects privacy, the citizen, and the consumer.   Clearly, the new IAB/UK code isn’t a model that can be relied on to protect the public.  UK regulators must play a more proactive role to ensure privacy and consumer welfare online is meaningfully protected.

UK Online Ad Lobby Group: “behavioural targeting is going to be the future of the internet.” [Annals of Behavioral Targeting]

The debate over behavioural targeting, profiling and interactive advertising is heating up in the European Union.  We just spoke at a EU event on the topic.  More later on that meeting (which featured Google, Microsoft, Nokia and others, all wearing their Brussels best).  Google and others pointed to a new code on behavioural targeting created by the UK’s Interactive Ad Bureau, which they suggest is a model (and is designed to foreclose on real privacy safeguards).  I will be writing about this code in the next post.  But here’s what the chairman of the IAB UK, Richard Eyre, said about protecting privacy online and the Internet’s future [via Brand Republic.  March 31, 2009]. Excerpts:

Richard Eyre, chairman of the Internet Advertising Bureau, has said he accepts the European Union’s decision to investigate behavioural targeting as “logical” but hopes that the current self-regulatory process “will satisfy everyone”.

Eyre was responding to the EU’s decision to investigate behavioural targeting by online advertisers, in a move that could result in legislation that overrides the code recently introduced by the IAB with the support of Ofcom and search giants Google and Microsoft…Eyre said that he understood that the EU had to have a point of view on the issue because behavioural targeting is a new tool about which the general public is still forming its opinion. However he hopes the self-regulatory code on behavioural targeting recently introduced by the IAB will satisfy everyone. Eyre said: “It is very easy to dismiss the issues as an invasion of privacy but the fact is that behavioural targeting is going to be the future of the internet.”Eyre told ISBA’s annual conference recently that behavioural targeting would be a “game-changer” for advertisers.
PS:  As for Microsoft’s position on privacy, here’s an excerpt from a March 5, 2009 New Media Age story:  “Zuzanna Gierlinska, head of Microsoft Media Network, said, “It’s better that regulation comes from within the market rather than from government, which might not be fully aware of how behavioural targeting works.”  source:  “Industry unites to defend trust in online advertising.”   Suzanne Bearne.  nma.co.uk

Two Words on Why the FTC’s Self-Reg Approach is Wrong: Financial Meltdown

It has been deregulation, including forms of self-regulation, which led to the current financial crisis.  Regulators and most policymakers looked the other way, while many from the investment community created a Ponzi scheme bigger than Bernie Madoff’s.  The online marketing of mortgages and loans played a role in the `borrow’ and `buy’ culture which contributed to the economic mess we are in.

It’s now more important than ever that online marketing, including the structure of data collection and privacy, be regulated.  Congress has to act to make sure consumers understand the loans and other financial products they are being offered interactively online.  The financial crisis, noted Google, is actually fostering the growth of online marketing (as consumers look for less expensive ways to shop).   As Google recently explained to advertisers, the “slowdown is actually accelerating the use of consumer online shopping for goods and services.”  The “mass market is now online,” they noted.

Consumers need to completely understand and fully control how data is collected and used when they seek financial services.  The behavioral targeting system involved with mortgage loan sales, we believe, is totally unknown to consumers (and sadly, regulators).  That’s why my group and others criticized last week’s FTC report.  It’s self-regulatory approach is based on a failed policy (from the people on both sides of the aisle who got us into this mess).  We can have both regulation/fair rules and make the commercial market prosper.  It’s time for the online ad industry to support a regulatory policy that will help make our financial future more secure.

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

CDD Memo to President-elect Obama’s FTC Transition team

My organization provided the FTC-transition team of President-elect Obama a brief memo on what the agency should do as it changes leadership. With a new majority, the FTC should be in the forefront of addressing how the financial and marketing system has evolved in ways which threaten our fiscal well-being and privacy, among many other concerns.  Here’s an excerpt:

The Federal Trade Commission has a potentially extraordinary role to play in the new Administration.  The agency should be engaged in developing and promoting policies that protect privacy, ensure consumer welfare, and stimulate economic development.  Unfortunately, in recent years the commission has largely failed to comprehend the threats to consumer privacy arising from the data collection-based online marketing system.  It ignored, for example, the role that data collection and behavioral targeting played in the marketing of subprime loans and other consumer financial products…
Under new leadership, the FTC should view its role as a champion of consumers…. in consumer protection, privacy, and online-related competition policy, the agency has failed to conduct the kind of serious inquiry that would enable it to make sophisticated recommendations or decisions.  It has not developed a 21st century framework that will protect consumers in the digital marketing “ecosystem.”  We saw this with behavioral advertising and privacy policy, protecting children and youth from marketing linked to the obesity crisis, and in the approval of the Google and DoubleClick merger, for example.
If the FTC is to help the country move forward during this crucial period of economic transition, it should:
•    Make Consumer Protection its highest priority
•    Recruit new staff for consumer protection with a background and commitment to consumer interests
•    Engage in a serious and ongoing analysis of the digital marketplace, with a focus on the impact of interactive advertising/behavioral targeting on financial products, health and medical services, product purchasing, and children and adolescents
•    Propose new policies to protect consumer privacy and welfare online…
•    Work with the FCC and state authorities to create a new Mobile Marketing, Consumer Protection, and Privacy Task Force (with annual reports to the public, and, where appropriate, new legislation recommended to Congress).

Ad Industry Lawyer Spins in Ad Age that Privacy Will Be on “Back Burner.” Not Only Incorrect–but self-serving

This week’s Advertising Age has a “Legal Issues to Watch in 2009” column.  Written by Douglas J. Wood of Reed Smith, it claims that: “PRIVACY TO THE BACK BURNER- Congress and regulators are in a Catch-22: While under constant pressure from constituents and consumerists to curtail the use of personal information or behavioral targeting, they recognize that advertising is the backbone of the internet. So while there will be occasional skirmishes, the war on privacy will continue in its stalemate. Regulators will also see browser makers offering more control to consumers to block ads and the collection of personal information as adequate progress.”

Mr. Wood, it turns out is “a member of Reed Smith’s Executive Committee and the firm’s Advertising Technology & Media Group…and is General Counsel to both the Association of National Advertisers and the Advertising Research Foundation.

Perhaps Mr. Wood is too busy to really follow Hill and FTC developments, because he is wrong.  There will be considerable activity on the Hill and elsewhere.   His column should have been labeled as written by the lawyer for the ad industry lobby group.  But it does reflect a lack of insight about the online ad industry’s problems related to privacy and consumer protection.

The “Revised” Network Advertising Initiative Principles: Ghost-written by Bernard Madoff?

That was really what we felt reading the “NAI Response to Public Comments” released yesterday.  It accompanied the 2008 principles announcement by the self-regulatory trade online marketing trade group.  The “response” is worth reading, because it really reveals the inability of the group to meaningfully address how to protect consumers online.  You would think that an organization which has Microsoft, Google, Yahoo, Time Warner and many others as paying members could at least clearly state what happens to our data in the online marketing process.  But the real goal of the NAI is to prevent the enactment of serious state and federal privacy policies that would protect consumers. My group put out a statement yesterday discussing the new principles.

The credibility of Google, Microsoft, Yahoo and Time Warner are at stake.  They should be able to ensure that their own organization can honestly address the implications of online advertising.  But it’s time to abandon any call for self-regulation.  That has been a failure.  It’s clear that a growing number of consumer and privacy groups are calling for a legislative solution, as well as a more effective FTC.  Responsible online ad companies will support such regulation.

Google’s “Policy Fellowships”–Self-Serving Efforts to Help Ward Off Privacy and Online Marketing Protections?

Google has selected 15 organizations for its 2009 “Google Policy Fellowship.” Fellows are funded by Google and will work on “Internet and technology policy” issues over the summer. Take a look at some of the groups it selected and what they say the projects will be (and their positions on Internet issues). And then ask–is Google working to help undermine the public interest in communications policy? Think online privacy and interactive marketing as you read these following excerpts from a number of these groups:

“The Competitive Enterprise Institute is a 501(c)(3) non-profit public interest organization dedicated to advancing the principles of free enterprise and limited government. We believe that individuals are best helped not by government intervention, but by making their own choices in a free marketplace…Electronic privacy: CEI seeks to reframe the online privacy debate in terms of the potential benefits to consumers of greater information sharing, transparency, and marketing. Fellows will explore competing privacy policies and how they are evolving as the public grows more aware of privacy risks. This research will also encompass privacy-enhancing technologies that empower consumers to safeguard personal data on an individualized basis.”

“The Progress & Freedom Foundation (PFF) is a market-oriented think tank that studies the digital revolution and its implications for public policy… Online Advertising & Privacy Policy Issues: PFF defends online advertising as the lifeblood of online content and services, particularly for the “long tail,” and emphasizes a layered approach to privacy protection, including technological self-help, user education, industry self-regulation, and enforcement of existing laws, as a less restrictive—and generally more effective—alternative to increased regulation.”

“The Technology Policy Institute is a think tank that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world… Privacy and data security: benefits and costs to consumers of online information flows, and the effects of alternative privacy policies on consumers and the development of the Internet.”

“The Cato Institute’s research on telecommunications and information policy advances the Institute’s vision of free minds and free markets within the information policy, information technology, and telecommunications sectors of the American economy…Information Policy: Examining how increased data sensing, storage, transfer, processing, and use affect human values like privacy, fairness and Due Process, personal security, and seclusion. Articulating complex technological, social, and legal issues in ordinary language. Promoting the policies that protect these human values consistent with a free society and maximal human liberty.”

Google is also funding fellowships at other groups, including the partially Google funded Center for Democracy and Technology. The CDT connected Internet Education Foundation (which helps run the Congressional Internet Caucus, where Google is a corporate Advisory member) also will house a Google Fellow. There are a few public interest groups hosting Fellows that have an independent track record, including Media Access Project, EFF, and Public Knowledge. But awarding Fellowships to groups which will help it fight off responsible privacy and online marketing safeguards provides another insight into Google’s own political agenda.

New AT&T-funded “Future of Privacy” Group: Will it Support Real Privacy Protection or Serve as a Surrogate for Self-regulation and Data Collection?

A new group co-directed by former DoubleClick and AOL chief privacy officer Jules Polonetsky, called the “Future of Privacy Forum,” has been announced. It is connected to the law firm representing AT&T–Proskauer Rose–which has a considerable practice in the online marketing and data collection area. Other backers include Intel, General Electric, IBM and Wal-Mart.

We are concerned, however, that the role of the Forum is to help discourage Congress from enacting an opt-in regime for data collection. Both ISPs–such as AT&T, Verizon, Comcast and Time Warner–as well as online advertising companies such as Google/DoubleClick, Yahoo, and Microsoft must be governed by privacy laws which empower and protect consumers. The role of ISPs in any data collection for targeted online marketing, in particular, requires serious analysis and stringent safeguards. AT&T, Google, Microsoft, Comcast, the online ad networks, and social media marketers (to name a few) must be required to provide meaningful disclosure, transparency, accountability and user control (with special rules governing health, financial and data involving children and youth). Self-regulation has failed. If the Future of Privacy group is to have any legitimacy, it will work to support serious federal rules. But if it trots out some sort of voluntary code of conduct as a way to undermine the growing call for real privacy safeguards, this new group may soon be viewed as beholden to its funders and backers.