Pandora to Investors: We are Afraid of “Do-Not-Track” Privacy Rules and also Google’s Clout

From Pandora’s recent S-1 IPO filing at the SEC [our bold]:
excerpt:  Existing privacy-related laws and regulations are evolving and subject to potentially differing interpretations, and various federal and state legislative and regulatory bodies may expand current or enact new laws regarding privacy and data security-related matters. We may find it necessary or desirable to join self-regulatory bodies or other privacy-related organizations that require compliance with their rules pertaining to privacy and data security. We also may be bound by contractual obligations that limit our ability to collect, use, disclose, and leverage listener data and to derive economic value from it. New laws, amendments to or re-interpretations of existing laws, rules of self-regulatory bodies, industry standards and contractual obligations, as well as changes in our listeners’ expectations and demands regarding privacy and data security, may limit our ability to collect, use, and disclose, and to leverage and derive economic value from listener data. We may also be required to expend significant resources to adapt to these changes and to develop new ways to deliver relevant advertising or otherwise provide value to our advertisers. In particular, government regulators have proposed “do not track” mechanisms, and requirements that users affirmatively “opt-in” to certain types of data collection that, if enacted into law or adopted by self-regulatory bodies or as part of industry standards, could significantly hinder our ability to collect and use data relating to listeners. Restrictions on our ability to collect, access and harness listener data, or to use or disclose listener data or any profiles that we develop using such data, would in turn limit our ability to stream personalized music content to our listeners and offer targeted advertising opportunities to our advertising customers, each of which are critical to the success of our business...


We use DoubleClick’s ad-serving platform to deliver and monitor ads for our service. There can be no assurance that our agreement with DoubleClick, which is owned by Google, will be extended or renewed upon expiration, that we will be able to extend or renew our agreement with DoubleClick on terms and conditions favorable to us or that we could identify another alternative vendor to take its place. Our agreement with DoubleClick also allows DoubleClick to terminate our relationship before the expiration of the agreement on the occurrence of certain events, including if DoubleClick determines that our use of its service could damage or cause injury to DoubleClick or reflect unfavorably on DoubleClick’s reputation
….In fiscal 2010 and the nine months ended October 31, 2010, advertising revenue accounted for 90.9% and 86.4%, respectively, of our total revenue, and we expect that advertising will comprise a substantial majority of revenue for the foreseeable future. In fiscal 2010 and the nine months ended October 31, 2010, Google accounted for 11.4% and 7.4%, respectively, of our total revenue. We deliver online ads provided by Google through our service, and Google sources us with advertising customers through ad exchanges.

Neuromarketing Research–Sponsors include Miller Coors, American Express, Hershey’s

excerpt on the Advertising Research Foundation’s “Inaugural NeuroStandards Retreat”–

On January 12-14, 2011 at Campbell Soup Headquarters in Camden, New Jersey, 40 senior review panel members, research vendors, gold brand sponsors, gold media sponsors, silver sponsors and ARF personnel gathered to discuss significant insights and key findings from the unprecedented Engagement 3: NeuroStandards Collaboration. This groundbreaking ARF research project,… will provide much-needed transparency about biometric and neurological research methods.
In advance of the retreat, each of the research vendors involved (Gallup & Robinson, Innerscope, MSW Research/LAB, Mindlab International, NeuroCompass, Neuro-Insight, Sands Research, and Sensory Logic) were asked to analyze eight commercials—one from each gold brand sponsor (American Express, Campbell Soup, Clorox, Colgate-Palmolive, General Motors, Hershey’s, Miller Coors and JP Morgan Chase).

The research vendors presented their reports to each sponsor prior to the retreat. The reports were also reviewed by a number of subject matter experts (for example, Electroencephalography (EEG) experts looked at EEG reports, Functional Magnetic Resonance Imaging (fMRI) experts looked at fMRI reports). Subject matter expert reports were then distributed to a panel of expert reviewers who provided their assessment at the retreat…

The expert reviews, discussions and key findings from the ARF NeuroStandards Retreat will be presented in March at Re:think 2011 – The ARF 75th Anniversary Annual Convention. Some of the major topics that will be explored include:

How neuromarketing research can produce new insights for advertising, branding, and other marketing research projects;
Which biometric and neurological methods are best suited for specific research objectives and what are the advantages and disadvantages of these methods compared to traditional research methodologies…

Did the Commerce Dep’t Give a Special Deal to the Online Data Collection Lobby?

It sure sounds that way, given what the Interactive Ad Bureau wrote on the new privacy proposal (our emphasis):

“The green paper is another important step in what has been an inclusive, productive process to develop the Administration’s strategy for increasing consumer online privacy, while balancing the realities of our national economy. It provides vital support for industry self regulation. The Department of Commerce’s recognition that these efforts can be an effective means for increasing transparency around data practices and empowering consumers with a comprehensive, easy-to-use opt-out mechanism is key, given other recent reports. Increasing consumer confidence in the Internet is a common goal. We agree that supporting these industry codes in a timely fashion is critical, and our cross-industry coalition looks forward to working with the Administration to ensure our program is both robust and enforceable.”

The Commerce Department met with our coalition of consumer and privacy groups only once–after we had written to the White House asking for a meeting with officials there.  There was no formal briefing for the country’s leading consumer and privacy groups prior to the report’s release. Yet we understand Commerce did one for industry. As the Obama White House proceeds with its plans for the forthcoming “multi-stakeholder” deliberations, they must be structured in a manner that ensures significant consumer and privacy participation (which means that groups funded by the online ad industry have to be dealt with in different fashion).

Statement of Jeff Chester on the Department of Commerce’s Internet Policy Task Force Privacy and E-Commerce: a Bill of Behavioral Targeting “Rights” for Online Marketers?

The Obama Administration asks some important questions about protecting the privacy of U.S. consumers.  But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.   The time for questions has long passed.

Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder” process to help develop “enforceable codes of conduct.”  If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.    They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.   The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data.  The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace.  While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.

This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online.  The Commerce Department is focused on promoting the interests of industry and business—not consumers.  It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.   Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse.  We call on the Administration and Congress to address this issue.  A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.

The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free” zones.  Under the cover of promoting “innovation” and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy).  The Obama Administration appears to be promoting a kind of “separate, but equal” framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach.  The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.

We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.

IAB Gets a new Chance to Play Constructive Role as Randall Rothenberg Goes to Time Inc.

The departure of Randall Rothenberg, the head of the Interactive Advertising Bureau, provides a critical opportunity for the IAB to revisit its position on protecting consumer online privacy (including Do Not Track).  Under Mr. Rothenberg, the IAB lobbied Congress to restrict the FTC’s ability to protect consumers, including on privacy.  With new leadership, the IAB could begin playing a more constructive role by working with consumer groups to build a consensus on federal privacy rules.  Instead of confrontation and denial, we hope the online ad lobby pursues serious engagement with privacy advocates.   The IAB has become just another inside the Beltway lobbying group–and has lost credibility among many policymakers.  A new IAB leader should be someone who can really help the mission of the industry by engaging in the kind of diplomacy and debate that supports the higher purposes of online advertising, digital publishing, and the public interest.
At Time, Mr. Rothenberg will now be in charge of its online ad network, which uses behavioral targeting and other interactive data techniques.  How Time responds to the growing call for better consumer privacy will be one of Mr. Rothenberg’s new challenges.

Do-Not-Track will Boost Journalism/Publishing Says Nieman Fdn. Expert

Online ad lobbyists disingenuously claim that privacy safeguards will doom the commercial Internet, choking off content and publishers.  They are fearful that consumers will have the power to actually decide who can collect and make money off their data–instead of their “Big Brother Can Steal Your Data Anytime, Anywhere” model.  In a new column written for the journalism think-tank and resource Nieman Foundation,  Ken Doctor (who covers the business of news for them) writes [excerpt, our emphasis]:  “Enter a new age of Do Not Track. Maybe, in that world, news media’s role — and its engagement with audiences — becomes much more valuable. Maybe, it’s a reintermediation of a kind, as news media’s role in the shopping/buying lives of its readers re-emerges, digitally.  How might this happen? If we look at the potential newsonomics of Do Not Track, we can see at least two ways that real revenue can be driven out of the reordering of the tracking world…If Do Not Track puts more power back into the hands of the publisher, then publishers may be help to re-sell the information — and that could help build toward the new business model news publishers’ need…The big opportunity, perhaps, is the ability of news publishers to transparently offer reader/consumers the opportunity to “opt in” to a wider world of reading and shopping targeting. Then, they could re-emerge, in the tablet era no less, as community and national centers of news — and commerce. Forget Foursquare; readers could check into their favorite news companies.

Neuromarketing & Privacy: German Data Protection Authority Enacts Safeguards

We have long been sounding the alarm over the role of neuromarketing in advertising, especially for online marketing.  We are gratified that the Data Protection Authority in Hamburg Germany, according to this law firm post, just imposed safeguards on the role of neuromarketing.  It explains that [excerpt]: “[O]n November 23, the data protection authority (DPA) of the German Federal State of Hamburg imposed a €200,000 fine [link in German] against the Hamburg-based savings & loan Hamburger Sparkasse due to violations of the German Federal Data Protection Act (the BDSG) for, among other reasons, using neuromarketing techniques without customer consentIndeed, according to the head of the Hamburg DPA, Prof. Johannes Caspar, the intent was to send a clear signal to the market against the use of modern neuromarketing and comparable methods in violation of data protection law.  The case also clearly illustrates that German regulators are willing to enforce the new data protection regime and are well prepared to impose significant fines upon companies rather than giving them merely a warning notice…The decision of the Hamburg DPA may also attract attention beyond Germany and influence the interpretation of data protection laws in other countries, in particular with respect to the compliance of neuromarketing and brain sciences techniques with data protection laws.  Due to the sensitivity of such activities, it is likely that regulators in the EU will follow the approach taken by the Hamburg DPA.”

Google’s Privacy Challenge: Face up to your online advertising culture of data collection

Google keeps making new announcements about how it will–finally, this time!–protect consumer privacy.  This latest PR salvo–after the Canadian Privacy Commissioner ruled that Google had “contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks in neighbourhoods across the country”– is designed to help quell EU and US policymakers enacting safeguards that would rein in some of company’s data collection practices.  Yesterday’s announcement illustrates one of Google greatest problems: it can’t admit that its entire business model is based on collecting infinite amounts of information on individual consumers.  Google’s most recent acquisitions–Admob, Invite Media, and Teracent, for example–are designed to generate new data-mining based revenues.   Google is trapped in its own success: it can’t step off the digital data collection treadmill with Facebook and others in hot pursuit.  But consumers and citizens should expect more honesty coming from the “don’t do evil” web giant–not just new promises to better behave.

Google has named Alma Whitten to head a team designed to better address privacy issues.  During her recent testimony before the Senate Commerce Committee, Dr. Whitten didn’t provide the kind of critical analysis required on the impact of Google’s online ad business and privacy.  Doing so now–and honestly addressing and redressing the problem–will be a key test.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

Behavioral Targeting is About Tracking an “Individual,” Explains Online Marketer

The online ad industry and lobby better stop saying that cookies and other forms of data collection aren’t personally identifiable–so-called PII [personally identifiable information].  As we know, behavioral targeting (BT) identifies, profiles, tracks and targets an individual.  Here’s just one example of how online marketers discuss what BT really is when they are talking among themselves and to clients (our emphasis):

What is behavioral targeting?
Behavioral targeting is a technique used by online advertisers to improve the effectiveness of their campaigns by increasing the relevance of product offers and promotions on a visitor-by-visitor basis.

Behavioral targeting uses information collected on an individual’s web-browsing behavior, such as the pages they have visited or the searches they have made, to select and deliver online ads to the users who are most likely to be interested…As the effective mixing and mining of audience data has become increasingly important to online advertisers, the role of behavioral targeting and retargeting have grown more central…The typical approach to behavioral targeting starts by using web analytics to group visitors into discrete channels. Each channel is analyzed and a virtual profile is created to for each channel…
Most platforms identify visitors by assigning a unique id cookie to each and every visitor to the site, allowing them to be tracked throughout their web journey.  An example is a user who visits content about auto insurance, clicks on an insurance advertiser button or banner, and then searches for “auto insurance.” This user would be assigned to the insurance prospect channel and the next time that user goes to Yahoo they will see ad for insurance…