Microsoft’s Research into Behavioral Targeting & Profiling via its Beijing Research Lab

There’s a “Great Digital Game” going on, where companies such as Google, Facebook, Microsoft and leading ad agencies compete to expand the clout of online marketing around the globe.  As I told EU and other privacy regulators last Friday, the Obama Administration is being pressed by US online marketers to forge trade deals that will allow the leading companies to conduct business in the  Asia-Pacific and EU region without worrying about serious privacy and consumer protection rules.  I do think it’s ironic–and really misleading–to point to online marketing as a U.S. economic success story that requires special treatment.  The revenues generated by Google, Facebook and the others are principally from advertising.  Whether they are truly models of innovation that will bring the kind of sustainable long-term job and economic growth we need is questionable.

At the core of the “Great Digital Game”–where U.S. companies strive to dominate the global interactive ad marketplace–is data collection for user targeting.  Microsoft, which has a principal online ad research facility in Beijing, was recently seeking a Senior Data Mining Analyst.  Read this excerpt from the job description and think about privacy, civil liberties in China and other autocratic regimes, consumer protection and the ethical role of U.S. online ad companies:  “Microsoft Ad Platform China is building world-class engineering teams in Beijing, focusing on online Ads related systems and services such as behavior targeting and advertiser analytics. The team partner closely with the Redmond Ad Platform team, enabling the discovery and inference of user profiles, intent and interaction while respecting privacy and trust, with the ultimate goal of maximizing benefits for users, advertisers and publishers…Core Job Responsibilities: Conduct and manage applied research and modeling work in the areas of user segmentation, profiling, and targeting. Research and experiment on data mining algorithms for user segmentation and dynamic segment expansion. Utilize data mining technologies and use various data sources, some of which may include MSN/Windows Live web usage, search query, demographic, subscription, and 3rd party data, to gain insight into Internet user behavior and intent that will set the foundation for Microsoft targeting offerings and data services. Provide complete solutions to business problems using data mining techniques, statistics and data analysis. Serve as subject matter expert and drive thought leadership in the areas of user profiling, ad targeting, and personalization for Microsoft online services.”

Google’s Eric Schmidt on Mobile Marketing [Annals of Why We Need Mobile Privacy and Consumer Protection Safeguards]

Google CEO Eric Schmidt gave the keynote address at the Interactive Advertising Bureau’s “Ecosystem 2.0” conference.  As reported, he explained that [our emphasis]:

“The smartphone is the iconic device of our time,” Schmidt told the record IAB audience of 750 in Palm Springs, California. A year ago, he added, he predicted that mobile use would surpass PCs within two years. “It happened two weeks ago. And the PC is not going to catch up,” Schmidt said, as he labeled the new era, “Mobile First.”…The hyperlocal potential of mobile, Schmidt continued, means that smartphones and tablets bring a practical application to marketing that no other medium can match: A connection that will lead you to the store, open the door, and direct you to a product you need. “A RadioShack ad can tell you where you are and how to get to the nearest store.” And equipped with Near Field Communication chip (NFC), the newest generation of smartphones not only can tell you what to buy, it can enable a tap-and-pay transaction…Think of the offers mechanisms for advertisers,” Schmidt offered. “We’ve spent 20 years trying to get here. And now there’s an explosion in commerce. Particularly for the consumer who says, “I want to buy something and want to buy it right now,” he added, “We can do it.”

And, in large part, that capability means that mobile media consumption “is happening faster than all our internal predictions.”

Some 78% of smartphone internet users already use their smartphones as they shop. And, as consumer comfort with – and acceptance of – new mobile technology continues, Schmidt envisions “a world, in the very near future, where computers remember things and you never need to worry about forgetting anything. You want it to remember something and it will. And you’re never lost. No one is ever lost. You never turn off the [mobile device] and you’ll always know where you are. And where you want to go….”

Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

NTIA’s Strickling on Privacy: He Forgets Consumers!

Here’s an excerpt via Politico from their interview with Department of Commerce NTIA Chief–and potential privacy policy maven–Lawrence Strickling.  Note the absence of consumers in his description of the problem and issues.  The Commerce Department, which is jockeying to have a greater role in the privacy debate (which the largest data collectors like because they are afraid of the consumer watchdog-minded FTC), better start making consumer needs come first–if they are to have any credibility here in the U.S. and with the EU.   It appears from the interview the Commerce Department has largely made up its mind to rely on “voluntary enforceable codes of conduct.”   Here’s what Larry said in a Q & A:

NTIA is also getting into the privacy discussions.

It’s part of the larger Internet Policy Task Force that’s underway here at Commerce where our agency — along with other agencies — is looking at a number of Internet policy issues. Privacy is first and foremost on the list, but we’re also looking at the protection of intellectual property, cybersecurity, and we’ll be looking at the free flow of information. For Commerce, our theme links all these topics around the notion of innovation, preserving the job creation and business expansion aspects of the Internet and trying to protect that going forward. So in the area of privacy, the task force did issue the green paper late last year. Comments just came in on that, so people are starting to work their way through them, with the goal that we’ll take the green paper and turn it into a more final pronouncement of the Department of Commerce or perhaps even the administration’s policy on privacy later this spring.

Do you think there should be a government office specifically dedicated to privacy?

We certainly believe that if we’re going to move forward with these voluntary enforceable codes of conduct with the industry that the function of convening and organizing that process should sit [in the government]. Our believe is that the Department of Commerce, and in particular NTIA, is the appropriate place for that function to reside. When we start talking about offices that sounds more bureaucratic and maybe requires departmental administrative orders. But on the issue of making sure that function is done, yes, based on what we see in the comments, we think that’s an appropriate idea. We think it’s a necessary idea in terms of working with industry and we’ll see how this all plays out over the course of the spring.

What is NTIA doing internationally on the privacy front?

Privacy has big international implications because the Council of Europe is looking at redoing what they’ve done in privacy. The European Union is looking at this issue. OECD is looking at the issue. So we’re very cognizant of the need to make sure our policy, whatever it is, is designed in a way to best harmonize with what’s happening in the rest of the world, and in particularly Europe.

U.S. Online Marketers Want Obama Adm. to Press for Weaker Privacy Safeguards for EU, Asia-Pacific & Other Global Citizens & Consumers

The U.S.’s larger marketing, advertising and media lobbying organizations want the Obama Administration to help them continue to engage in behavioral data profiling and other digital marketing techniques without meaningful safeguards.  Trade groups–including the Direct Marketing Association, Interactive Ad Bureau, and the 4A’s–  told the Obama Commerce Department it wants it to negotiate a trade deal with the EU and elsewhere that would give U.S. online ad companies, in essence, a free pass on data collection and tracking.  Can you believe they want U.S. self-regulation (ineffective and a cover to permit the expansion of consumer data collection) to be the global standard.  File this under digital Chutzpah!  They wrote in a [my emphasis]  filing:

We support the Department’s recommendation that the U.S. government continue to develop a framework for mutual recognition of an international data privacy framework. The Department has an important role in representing and advocating for the interests of American businesses.  We believe that the Department has the experience and expertise needed not only to represent the interests of U.S. industry, but to lead the global privacy policy debate.  We recommend that the Department advocate for a global framework consistent with U.S. privacy standards, including the Self-Regulatory Principles for Online Behavioral Advertising, which have allowed U.S. companies to lead the world in innovation and to remain economically competitive.  In addition to decreasing regulatory barriers to trade and commerce, global interoperability should promote—or at a minimum not impede—economic competition and innovation.  We believe the U.S. approach to privacy policy meets these goals.

Here’s who signed the filing.  Attention EU–watch out.  And a question for the Obama Administration.  Which side of the keeping the online medium a real reflection of democratic potential will you be on?

American Advertising Federation
American Association of Advertising Agencies
ASAE
Association of National Advertisers
Coalition for Healthcare Communications
Direct Marketing Association
Electronic Retailing Association
Interactive Advertising Bureau
MPA — The Association of Magazine Media
National Business Coalition on E-Commerce and Privacy
Newspaper Association of America
Performance Marketing Association
TechAmerica

Statement of Jeff Chester on the Department of Commerce’s Internet Policy Task Force Privacy and E-Commerce: a Bill of Behavioral Targeting “Rights” for Online Marketers?

The Obama Administration asks some important questions about protecting the privacy of U.S. consumers.  But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.   The time for questions has long passed.

Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder” process to help develop “enforceable codes of conduct.”  If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.    They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.   The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data.  The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace.  While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.

This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online.  The Commerce Department is focused on promoting the interests of industry and business—not consumers.  It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.   Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse.  We call on the Administration and Congress to address this issue.  A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.

The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free” zones.  Under the cover of promoting “innovation” and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy).  The Obama Administration appears to be promoting a kind of “separate, but equal” framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach.  The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.

We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.

The new “OpenRTB” online ad exchange platform–consumer protection and privacy concerns

Both Advertising Age and Adexchanger.com report on the new “real-time bidding” consortium.  Real-time bidding stands for a process where each of us are tracked and sold to the highest bidder, in real-time, so we can be targeted with ads (from financial products to pharmaceuticals to travel and more).  The OpenRTB effort provides “industry standards for communication between buyers of advertising and sellers of publisher inventory.”  Initial members include leading data targeting companies Data Xu, MediaMath, Turn, Ad Meld, Pubmatic and the Rubicon Project.

The further integration of data tracking and selling platforms raises consumer protection, privacy and competition issues.  Consumers need to be able to decide for themselves about whether they wish to be targeted through such exchanges.  The consortium offers its online ad partners tools to streamline the digital marketing process.  Where are the tools for a consumer–so they can determine how they are treated online through these anonymous and impersonal systems?  In its haste to advance online behavioral targeting, the new OpenRTB consortium appears to have left privacy and consumer choice and control aside. Regulators, privacy and consumer advocates and others will need to maintain a close watch on the new online targeting alliance.  Meanwhile, we hope that this new group will adopt new consumer protection safeguards–and not rely on the flimsy argument that groups such as the NAI and triangled icons somehow protect the public.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

The new Self-Reg Online Ad Plan–Digital “Deja-vu” All Over Again! See What they Say about the NAI Now!

In 1999, online marketers promised consumers they would protect their privacy.  Leading interactive ad companies created the Network Advertising Initiative (NAI) as a scheme to head-off proposals by the FTC that would help regulate online profiling.  Now it turns out, says the online ad industry, the NAI really couldn’t work.  So they have developed yet another self-regulatory effort.  Here’s what online marketers told Ad Week today:  “The move marks the most significant regulation the industry has imposed on companies and goes significantly farther than the Network Advertising Initiative, which held third-party advertisers needed to allow consumers to opt out. Doing so, however, was a cumbersome process.“   So the industry didn’t tell the FTC or consumers that the NAI wasn’t consumer friendly and “cumbersome.”  Yet they have used the NAI as a political bulwark to head-off consumer protection rules.  Shame on them.  Meanwhile, in the same story, it’s revealed that only now–as pressure mounts to protect online consumers—does the industry recognize protecting privacy is important:  “The guys that drive the industry have figured out this privacy stuff does matter,” said Scott Meyer, CEO of Better Advertising Project, which will help companies comply with the requirements.

The new “aboutads.info” website established by the industry fails to provide consumers serious information about cookies and behavioral targeting and profiling.  It reveals how little the industry is committed to protecting privacy and informing U.S. consumers about the process.  To see how this new plan is really designed to protect the data collection business, examine the rules for sensitive information. Beyond the children’s privacy law (COPPA) we got enacted in 1998, this scheme permits full-scale collection and use of financial and health information.   Under the “new” self-reg policies, the narrowest of definitions for respecting your financial and health information has been created:  “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions or medical records about a specific individual for OBA without Consent.”
Shame on them.  Online marketers spent some $3 billion last year on online financial marketing and will spend $1 billion for pharma and health related targeting in 2010. Consumer data collected by online financial and health marketers, much of which is sensitive and personal, is ok under the industry’s “new” plan.

PS:  The folks at Better Advertising need to take a course in online marketing–and change its new website so it really informs consumers about the process.  What it has now would get a C-minus in any class on online marketing.  They can start with 360 degree targeting, online and offline profiling, rich media, a serious description of online auctions, the tracking process, work on “engagement” and neuromarketing,” social media marketing, etc.  Consumers deserve better.

The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.