Category: mobile privacy

Protecting Privacy and Consumers: Testimony on Behavioral Targeting Before House Commerce Subcommittees

Last week, I testified on the threat to both consumer privacy and welfare from the growing data collection, profiling, and targeting interactive online marketing system.  I told Congress it was critical to enact legislation that would protect consumers, especially as they use online and mobile networks for financial and health-related transactions (credit card applications, banking, health inquiries, etc.).  As you can see from the testimony, I said we should be able to have an online privacy policy that  ensures the public is protected, while also promoting the growth of the commercial online medium.

The link to the testimony via a press release is here.

Congressional Internet Caucus and the State of the Mobile Net: Corporate Donors Influence Group’s Agenda, Leaving Public Vulnerable to Loss of Privacy

When will members of the Congressional Internet Caucus wake up and address the role its special interest dominated “Advisory” Committee is playing?  The Caucus is holding a “State of the Mobile Net” conference on April 23.  It’s doubtful Congress will be receiving the unbiased information they need, given that the sponsors of the event are the leading companies engaged in mobile marketing and data collection.  As typical of the “business model” crafted by the Center for Democracy and Technology connected group known as the Internet Education Foundation, the event prominently acknowledges its  Platinum” sponsors: the CTIA lobby group, Google, Microsoft and Verizon.  Gold” sponsors are AT&T, Nokia, T-Mobile.  There is also a category called “promotional” sponsors which lists Yahoo and several others.

It’s highly unlikely that the meeting will discuss the real issues challenging consumer privacy and welfare on the mobile Internet (including, we expect, the recent CDD/USPIRG complaint filed at the FTC– which has helped launch an investigation into that market).   The Advisory Caucus is run by the Internet Education Foundation, whose board members include representatives from Google, Verizon, Comcast, Microsoft, Recording Industry of America, and the Consumer Electronics Association. So the line-up of speakers is crafted to make sure that corporate donor feathers–and their willingness to continue to financially contribute–aren’t ruffled.  On the privacy panel for the event we have, of course, a representative from CDT.   There are also mobile marketers–including Yahoo and loopt.  There is the DLA Piper law firm that advocates for industry and a lone academic. Consumers and citizens deserve better from Congress.

PS:  As an example of how incredibly biased the Advisory Committee to the Congressional Net Caucus is, look at the description and speaker line-up of its recent briefing on online advertising.  A supposed “unbiased” event,  it featured industry lobbyists and several groups funded by online marketers!  Incredibly shameful!

Advisory Committee to the Congressional Internet Caucus

Anatomy of Online Advertising: Understanding the Privacy Debate
March 30, 2009…The purpose of the briefing is to provide an unbiased foundation for understanding the various privacy issues that Congress will debate in the context of online advertising.

Panelists:

* Paula Bruening, Hunton & Williams
* Maureen Cooney, TRUSTe
* Michael Engelhardt, Adobe Systems
* Tim Lordan, Congressional Internet Caucus Advisory Committee
* Jules Polonetsky, Future of Privacy
* Heather West, Center for Democracy & Technology
* Mike Zaneis, Interactive Advertising Bureau

IAB UK’s “Good Practice Principles” on Behavioural Targeting: Alice in Wonderland Meets Online Data Collection

Last week in Brussels at a EU Consumers Summit, Google and other interactive ad companies pointed to the new Interactive Advertising Bureau/UK “Good Practice Principles for online behavioural advertising” as a model for meaningful self-regulation.  The companies that have endorsed the principles include  AOL/Platform A, AudienceScience, Google, Microsoft Advertising, NebuAd, Phorm, Specific Media, Yahoo! SARL, and Wunderloop.   The message sent to EU regulators was, in essence, don’t really worry about threats to privacy from online profiling and behavioural targeting.  But a review of the Principles suggest that there is a serious lack of “truth in advertising” when it comes to being truly candid about data collection and interactive marketing.  These Principles are insufficient–and are really a political attempt to foreclose on meaningful consumer policy safeguards.

Indeed, when one examines the new online “consumer guide” which accompanies the Principles,  one has a kind of Alice in Wonderland moment.  That’s because instead of being candid about the real purpose of behavioral advertising–and the system of interactive marketing it is a part of–the IAB paints an unreal and deliberately cheery picture where data collection, profiling, tracking, and targeting are just harmless techniques designed to give you a better Internet experience.   UK consumers–and policymakers–deserve something more forthright.

First, the IAB conveniently ignores the context in which behavioural targeting is just one data collection technique.  As they know, online marketers are creating what they term a “media and marketing ecosystem.”  A truly honest “Good Practice Principles” would address all the principal ways online marketers target consumers.  That would include, as IAB/UK knows well, such approaches as social media marketing, in-game targeting, online video, neuromarketing, engagement, etc.  A real code would address issues related to the use of behavioural data targeting and other techniques when used for such areas as finance (mortgages, loans, credit cards); health products; and targeting adolescents.

The IAB/UK also fails to reconcile how it describes behavioural targeting to its members and what it says to consumers and policymakers.  For example, the group’s glossary defines behavioural targeting as:  “A form of online marketing that uses advertising technology to target web users based on their previous behaviour. Advertising creative and content can be tailored to be of more relevance to a particular user by capturing their previous decision making behaviour (eg: filling out preferences or visiting certain areas of a site frequently) and looking for patterns.“  But its new “Good Practice” consumer guide says that “Online behavioural advertising is a way of serving advertisements on the websites you visit and making them more relevant to you and your interests. Shared interests are grouped together based upon previous web browsing activity and web users are then served advertising which matches their shared interests. In this way, advertising can be made as relevant and useful as possible.”

Incredibly, the IAB/UK claims that “the information used for targeting adverts is not personal, in that it does not identify you – the user – in the real world. Data about your browsing activity is collected and analysed anonymously.”  Such an argument flies in the face of what the signatories of the “Good Practice Principles” really tell their online ad customers.  For example, Yahoo in the UK explains that its “acclaimed behavioural targeting tool allows advertisers to deliver specific targeted ads to consumers at the point of purchase.”  Yahoo has used behavioural targeting in the UK to help sell mortgages and other financial products.  Microsoft’s UK Ad Solutions tells customers it can provide a variety of behavioural targeting tools so it “can deliver messaging to the people who are actively looking to engage with what you’re offering…With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay in touch and help create continual engagement with your brand…Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them.”  Time Warner’s Platform A/AOL says Through our Behavioural Network, we can target your most valuable visitors across our network, earning you additional revenues, or simply fulfil your own campaign obligations.  By establishing certain user traits or demographics within your audience, we are able to target those individuals with the most relevant advertising (tied into their common characteristics), or simply reach those same users in a different environment.”  Or Audience Science’s UK office that explains “While other behavioural targeting technologies simply track page visits, the AudienceScience platform analyzes multiple indicators of intent:

•  Which pages and sections they have visited

•  What static and dynamic content they have read

•  What they say about themselves in registration data

•  Which search terms they use

•  What IP data indicates about them, including geography, SIC code, Fortune 500 rank, specific Internet domains,   and more

Because AudienceScience processes so many indicators of intent, it enables you to create precisely targeted audience segments for advertisers.”  And Google, which knows that the UK is “arguably the most advanced online marketplace in the world” has carefully explained to its UK customers all the data they collect and make available for powerful online targeting.

The Notice, Choice and Education “Good Practice” scheme relies on an ineffective opt-out.  Instead of real disclosure and consumer/citizen control, we have a band-aid approach to privacy online.  The IAB also resorts to a disingenuous scare tactic when it suggests that without online marketing, the ability of the Internet to provide “content online for free” would be harmed.  No one has said there shouldn’t be advertising–what’s been said is that it must be done in a way which respects privacy, the citizen, and the consumer.   Clearly, the new IAB/UK code isn’t a model that can be relied on to protect the public.  UK regulators must play a more proactive role to ensure privacy and consumer welfare online is meaningfully protected.

UK Online Ad Lobby Group: “behavioural targeting is going to be the future of the internet.” [Annals of Behavioral Targeting]

The debate over behavioural targeting, profiling and interactive advertising is heating up in the European Union.  We just spoke at a EU event on the topic.  More later on that meeting (which featured Google, Microsoft, Nokia and others, all wearing their Brussels best).  Google and others pointed to a new code on behavioural targeting created by the UK’s Interactive Ad Bureau, which they suggest is a model (and is designed to foreclose on real privacy safeguards).  I will be writing about this code in the next post.  But here’s what the chairman of the IAB UK, Richard Eyre, said about protecting privacy online and the Internet’s future [via Brand Republic.  March 31, 2009]. Excerpts:

Richard Eyre, chairman of the Internet Advertising Bureau, has said he accepts the European Union’s decision to investigate behavioural targeting as “logical” but hopes that the current self-regulatory process “will satisfy everyone”.

Eyre was responding to the EU’s decision to investigate behavioural targeting by online advertisers, in a move that could result in legislation that overrides the code recently introduced by the IAB with the support of Ofcom and search giants Google and Microsoft…Eyre said that he understood that the EU had to have a point of view on the issue because behavioural targeting is a new tool about which the general public is still forming its opinion. However he hopes the self-regulatory code on behavioural targeting recently introduced by the IAB will satisfy everyone. Eyre said: “It is very easy to dismiss the issues as an invasion of privacy but the fact is that behavioural targeting is going to be the future of the internet.”Eyre told ISBA’s annual conference recently that behavioural targeting would be a “game-changer” for advertisers.
PS:  As for Microsoft’s position on privacy, here’s an excerpt from a March 5, 2009 New Media Age story:  “Zuzanna Gierlinska, head of Microsoft Media Network, said, “It’s better that regulation comes from within the market rather than from government, which might not be fully aware of how behavioural targeting works.”  source:  “Industry unites to defend trust in online advertising.”   Suzanne Bearne.  nma.co.uk

UK Mobile Marketing Deal will “revolutionise the way advertisers traditionally target audiences” [Annals of Mobile Marketing/UK/EU Division]

excerpt from press release:  “London: February 12th, 2009 – Gigafone, the leading mobile marketing solutions group, has announced that it has formed a partnership with Xtract…The new partnership promises to revolutionise the way advertisers traditionally target audiences. Xtract’s Social Links application identifies the social network structures within the customer base and finds the most influential people for marketers to target.  When incorporated into Gigafone’s targeted mobile marketing solution, where consumers can choose the type of ads they want to receive in return for incentives such as discount vouchers or free mobile minutes, the result is a completely new level of customer experience and a tangible tool for increasing the effectiveness of targeted marketing activities and measuring return on investment…

About Xtract
Xtract refines social interaction, behaviour and demographic data to create accurate 3D user profiles. These profiles for the first time utilise data as a dynamic tool in the day-to-day marketing for effective and intelligent targeting of marketing campaigns and advertising. Xtract’s Social Links is an automated, self-learning solution capable of analysing billions of mobile transactions with easy to use and actionable tools for operators to define accurate target groups for their marketing campaigns.”

Center for Democracy & Technology Goes for the “Gold” as it Raises $ for its “Gala” from AT&T, eBay, Microsoft, Google (and many other corporations)

CDT is having a “Gala Celebration” next month, supported by “Gold, Silver, and Bronze” sponsors.  AT&T, eBay, Microsoft and Google are listed at the $15,000 “Gold” level [“Two tables in Premium Location-Two tickets to the VIP Reception”]; Among the “Silver” sponsors [“One table-One ticket to the VIP Reception”] at the $7,500 tab include Time Warner (AOL), Dow Lohnes, Qorvis Communications (repping Sun, Cisco, etc), American Express, Verizon, Intel, US Chamber of Commerce, ID Analytics, Yahoo!, Arnold & Porter, IAC/Interactive Corp, Thompson LexisNexis, Hogan & Hartson (reps News Corp’s MySpace, among others), Comcast, and Sonnenschein Nath  & Rosenthal, LLP.   There are also a number of “Bronze” sponsor at the $1000 level [“One seat at a table”]. (CDT has a Facebook page on the event.)

CDT’s 2007 Gala, which honored Bill Gates, had “more than 900″ supporters” in attendance.

Porsche Teams with Yahoo for Mobile Behavioral Ad Targeting [Annals of Mobile Marketing]

Excerpt from Ad Age:

“…in just a 4-month-long pilot run, mobile outperformed Porsche’s wider campaign…The carmaker used Yahoo behavioral targeting tools to serve Porsche ads to smartphone users whose web-surfing behaviors had indicated they were in the market for coupes, SUVs, convertibles or luxury cars.”

source:  Mobile Effort Gets More to Say `I Can’ Purchase a Porsche.  Rita Chang.  Ad Age.  February 9, 2009 [sub. required]

more on Yahoo and behavioral targeting

Facebook, Advertising, Third-Party $Apps, Terms of Service, Data Collection & Privacy

The role that third party developers play accessing user data on social networks such as Facebook has long been a privacy concern for us.  The business practices, including data collection, profiling and targeting that form the basis of social networking “monetization” strategies are hidden from public view.  My CDD and USPIRG, in our various privacy complaints to the FTC, asked the agency to examine this area.  Maybe the new Obama FTC will do so.  But for now, here’s some excerpts from Facebook’s advice “on common business models” to application developers, as well as from its list of “third party developers” involved in social media marketing:

“As you think about building your app on Facebook, we want to help by highlighting some keys ways of thinking about your app as a business… Apps that are meaningful, trustworthy and well designed have real staying – and monetizing – power… we host a Platform with instant access to more than 175 million active users… Once you’ve created a sustainable, engaging social application, there are many different ways to help monetize it… Advertising: We at Facebook have had success serving targeted advertisements to our users based on information we know about them. By leveraging the data we give you access to (as detailed in our Developer Terms of Service) and data users share with you directly as a part of your application experience, you can serve highly relevant ads… Virtual Credits / Virtual Goods:… instead of accepting payments directly from users for subscriptions or virtual goods, some applications instead allow users to complete affiliate offers by filling out surveys or agreeing to try new products. There are a number of providers who consolidate these types of offers…
Third Party Providers to Help You Monetize:
Advertising:
AdParlor:  “Over 500 Million users worldwide are on a social networking site. These users are comfortable sharing their age, gender, and location, and can be reached through targeted advertising.”…
Shopitmedia: “you can target based on:
1. Location
2. Gender
3. Age
4. Application Category”…
Affiliate marketing…
Analytics…

Payments

Two Words on Why the FTC’s Self-Reg Approach is Wrong: Financial Meltdown

It has been deregulation, including forms of self-regulation, which led to the current financial crisis.  Regulators and most policymakers looked the other way, while many from the investment community created a Ponzi scheme bigger than Bernie Madoff’s.  The online marketing of mortgages and loans played a role in the `borrow’ and `buy’ culture which contributed to the economic mess we are in.

It’s now more important than ever that online marketing, including the structure of data collection and privacy, be regulated.  Congress has to act to make sure consumers understand the loans and other financial products they are being offered interactively online.  The financial crisis, noted Google, is actually fostering the growth of online marketing (as consumers look for less expensive ways to shop).   As Google recently explained to advertisers, the “slowdown is actually accelerating the use of consumer online shopping for goods and services.”  The “mass market is now online,” they noted.

Consumers need to completely understand and fully control how data is collected and used when they seek financial services.  The behavioral targeting system involved with mortgage loan sales, we believe, is totally unknown to consumers (and sadly, regulators).  That’s why my group and others criticized last week’s FTC report.  It’s self-regulatory approach is based on a failed policy (from the people on both sides of the aisle who got us into this mess).  We can have both regulation/fair rules and make the commercial market prosper.  It’s time for the online ad industry to support a regulatory policy that will help make our financial future more secure.

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.