As we just told the BEUC conference on consumer protection and online marketing, we couldn’t make this up if we tried. Here’s what Microsoft Advertising says it can do via its UK site for marketers:
Just say who, when and where
Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them. Just name the characteristics that matter most to you. It could be anything from the consumer’s age, gender or country, to the day of the week you want to target the audience on.
[and here’s what they say about behavioral retargeting, which they euphemistically now call “re-messaging“]”
With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay intouch and help create continual engagement with your brand. Re-messaging is effective on its own, but works at its best whencombined with other forms of targeting and campaign performance. By placing action tags on your website, we can track visitors throughout the course of their online journey and re-message them on our network. For example the consumer may have previously searched for a hotel but not booked, compared credit cards but not applied, or visited a promotional website. Whatever it may be, if they’ve gone part way to making a purchase or performing an action, we can help you continue the conversation and ensure that the relevant message is seen by the people it matters most to.
Facebook is expanding what brands and other marketers can do to target its users. As InsideFacebook explains, “Facebook has just launched a new way to draw more people to your Facebook Page or application, called “Friends of connections†targeting. Here’s how it works: before today, advertisers could already target any of their “connections,†where connections are defined as:
Fans of any of your Pages
Users of any of your Applications
Members of any of your Groups
Attendees of any of your Events
Now, advertisers can target ads specifically to friends of any of these connections as well. When this option is selected, friends of connections who see the ad will also see a message about which of their friends is connected to the advertiser…This feature should lead to increased conversion on Facebook Ads…this is the first time it has allowed advertisers to specifically target just friends of connections…We also spoke directly to Tim Kendall, Facebook’s director of monetization…In many ways we view Social Ads as less surreptitious than many types of behavioral targeting technologies.”
Here’s what we included in our recent filing at the FTC.
The Failure of Industry Self-regulation
It should be evident to all that self-regulation to protect consumer privacy online has been a dismal failure, and the FTC must have the courage to admit this. After all, it wasn’t until CDD/USPIRG and other consumer groups filed well-publicized complaints (and helped create a public outcry over the privacy implications of the Google/DoubleClick deal) that the FTC finally issued its privacy principles in 2007.[183] And it took such pressure to awaken the National Advertising Initiative (NAI) and its members from the deep freeze of inaction, belatedly scrambling to “enhance†their “Self-Regulatory Code of Conduct, a set of binding Principles that has governed members since 2001.â€[184] Since its inception, the NAI had been asleep at the digital self-regulatory “switch.†Otherwise we would not have had the ever-growing personalized data collection, profiling, and targeting apparatus that NAI’s members so enthusiastically embraced. The NAI, it should not be forgotten, was only created to head off serious action by the FTC back in 2000 as a result of the growing concern with online profiling.[185]
The revised NAI principles reveal how the group remains incapable of ensuring the protection of consumer privacy. They also demonstrate how the NAI cannot be relied on to offer the FTC—or the public—independent and honest proposals that would protect consumers from contemporary online data collection practices. For example, its revised principles—sadly—define sensitive information is the narrowest of terms: “Social Security Numbers or other Government-issued identifiers; Insurance plan numbers; Financial account numbers; Information that describes the precise real-time geographic location of an individual derived through location-based services such as through GPS-enabled devices; Precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.â€[186]
The NAI and its members know full well that copious amounts of data relating to the financial and health status of consumers is currently being collected. Indeed expenditures for online financial marketing alone was $3 billion in 2008. The collection of consumer information resulting from online lead generation—which saw some $1.7 billion in spending last year—is deeply connected to data about a person’s interest in loans or credit.[187] A growing business in online pharmaceutical marketing is also actively harvesting consumer data, for purposes that include behavioral targeting. If the NAI were a serious independent entity capable of protecting consumers, it would have effectively articulated how sensitive information should be protected.
NAI’s narrow definition of personally identifiable information (PII) is out of touch with online marketing reality: “PII includes name, address, telephone number, email address, financial account number, government-issued identifier, and any other data used or intended to be used to identify, contact or precisely locate a person.â€[188] We urge the commission to examine NAI members’ sites so it can view for itself the stark discrepancies between what is promised advertisers in terms of personalized consumer targeting and the NAI’s purposefully narrow and inaccurate definition of PII.
Finally, we find it absurd that all the NAI could do in serving the privacy interests of young people is to conform to the legal standards of the Children’s Online Privacy Protection Act. (COPPA is a law CDD’s executive director played a key leadership role in helping pass in 1998.) It is unfortunate that the NAI could not offer new safeguards for children, including policies to protect adolescent privacy.
Unfortunately, the “Self-Regulatory Principles for Online Behavioral Advertising,†released in July 2009 by the American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, and the Interactive Advertising Bureau, are equally inadequate.[189] While an improvement over the stance embraced by the IAB in 2008, when it claimed there were no privacy concerns related to behavioral advertising, the new principles cannot be relied on to protect consumers.[190] Its “Sensitive Data†principle in particular, much like the NAI’s, is so inadequate that the FTC should consider bringing an Unfair and Deceptive Complaint against its authors. There are only two categories of information listed under the sensitive principle: Children and “Health and Financial Data.†Under the latter, AAAA et al’s principle is simply that “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for Online Behavioral Advertising without Consent.â€[191] Again, this flies in the face of what the members of these groups actually do when collecting health and financial data for online advertising. As for protecting children, the AAAA and its associates—like the NAI—simply endorse the legal framework already required by COPPA. But by failing to address adolescent privacy, the AAAA et al. reveal that they are really concerned only with maintaining the data collection/profiling/targeting status quo.
As the history of self-regulation of the media in the U.S. makes clear, we need strong baseline laws and regulations to ensure serious industry compliance. That’s why this new proceeding must lead to FTC action that will ensure that consumer privacy online is finally safeguarded.
The Federal Trade Commission should examine the privacy issues connected to the Google/AdMob deal. As we informed the FTC yesterday, AdMob says it can target via “age, gender, HHI, ethnicity, education & context.”
The CDD/USPIRG complaint on mobile advertising provides useful analysis. Here’s an excerpt on its discussion about AdMob:
AdMob: “Mining All the Data We’ve Capturedâ€
AdMob is a “mobile advertising network†seeking to “target mobile users and monetize mobile traffic.†There is inadequate notice and little opportunity to opt-out of this data- gathering. Few mobile users realize that their communications and actions are monitored and recorded in order to create intimate profiles for marketing purposes.
AdMob also targets the youth demographic. It segments “market audiences†into several categories, including a “Digital Natives†category, which include boys and girls as young as 13. AdMob also focuses on social networking sites, claiming it “enables developers to monetize Facebook mobile applications by integrating AdMob’s industry-leading mobile publishing solutions into any Facebook mobile application. Developers building mobile web applications for the Facebook community using the Facebook Platform for Mobile can easily integrate the AdMob code to start serving ads….â€
And AdMob is continually seeking to mine and monetize the data gathered on unsuspecting youths and other mobile users. AdMob’s CEO Omar Hamoui admitted, “We are investing a fair amount of development resources into mining all the data we’ve captured over the last 12 months of ad serving and targeting.â€
AdMob gathers this data (and targets youths) without adequate notice to the consumer, making it difficult for a mobile user to weigh the costs and benefits and choose whether to opt out of this profiling. This constitutes unfair and deceptive practices, and the Federal Trade Commission should scrutinize these actions.
Last week, NGO’s and activists from across the world met in Madrid Spain to discuss threats to privacy and human rights. It was part of the Public Voice’s excellent work to ensure that civil society is well represented in the debates over privacy and other digital media issues. Over 100 NGO’s, including my own CDD, were initial endorsers of the “Global Privacy Standards for a Global World” Madrid Declaration. It was well received by policy makers, including the data protection commissioner community. The all day meeting and related efforts was organized by the remarkable Katitza Rodriquez. Bravo to her and everyone involved.
The Declaration and related work at the Data Protection conference provided a much needed counter-balance to the failure of leading online companies to seriously address their data collection practices and plans.
That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG. I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.  It’s available here.
Here’s an excerpt:  Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,†where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.
The Facebook economy—built on allowing marketers to harness what’s called the “social graph”–is big business (and will grow as consumers also buy more virtual goods). AllFacebook reports that:
“When the Facebook platform launched two and a half years ago a massive cost per install economy sprouted up. Whether it was individual developers looking for more users or large brands looking to expand the user base of their branded applications, money was flowing…There are entire ad networks still supported by the cost per install economy…So how much do fans sell for? There’s a wide range but I’ve heard Facebook is selling fans between $4 and $10. That adds up to substantial revenue for Facebook. For example, let’s assume that the top 100 advertisers each want to purchase 100,000 fans. Theoretically Facebook could generate $100 million just from the top 100 advertisers. As you move down the long tail the numbers begin to add up quickly.”
source: If Brands Want Fans, Facebook Will Sell Them Fans. Nick O’Neill. AllFacebook. Oct. 20, 2009.
The 4A’S advertising trade and lobby organization sent a letter to the Department of Justice yesterday supporting the Microsoft/Yahoo search merger deal. Among the five signatories from some of the biggest and most powerful ad companies was the head of the Publicis Groupe. But missing from the `approve this deal’ letter was any acknowledgment that Publicis is a partner of Microsoft–something we and other consumer groups have asked the DoJ to investigate as part of its review.
The recent deal between Microsoft and Publicis includes the sale of Razorfish, combined online ad activities and also data sharing.  In addition, Microsoft is expected to own 3% of Publicis after the deal closes, according to the Wall Street Journal.
The letter to the DoJ should have disclosed this and other conflicts of interest.
The intrepid Variety columnist Brian Lowry took readers on a tour of a neuromarketing outfit that works for show-biz companies, among others. Here’s a excerpt:
Innerscope Research was birthed just three years ago, but the company has already found various entertainment and advertising clients for its biometric research, which employs eye-tracking technology as well as EKG monitors to gauge subconscious response along four key criteria: heart rate, breathing, moisture levels (or sweat) and movement.
“It’s very hard for people to accurately reflect their internal world,” says Innerscope CEO Carl Marci, noting that 75% of brain processing “is below conscious awareness.”…they have notched a number of entertainment clients looking to augment traditional research, including Fox, NBC and Discovery, along with a growing number of advertisers…Biometrics thus provides a diagnostic tool, able to pinpoint physical reactions to specific moments that the viewer might not even realize…Innerscope’s findings have included the revelation that people exhibit emotional responses as they fast-forward through commercial pods, meaning that ads are still registering to those viewing via TiVo or another digital video recorder. The company can also pinpoint whether a movie trailer, say, is generating the sort of “emotional engagement” that marketers hope to achieve.
“This allows our clients to see what their audience is seeing and feeling, not what they say they’re seeing and feeling,” Marci explains [Innerscope CEO Carl Marci].
source: The future of focus group testing/This test gets under your skin. Brian Lowry. Variety. October 5-11, 2009,
That’s from an important new researchpaper by Professor Catherine Dwyer of the Seidenberg School of Computer Science and Information Systems, Pace University. “Behavioral Targeting: A Case Study on Consumer Tracking on Levis.com” was presented at the 15th Americas Conference on Information Systems.  We have sent the paper to Congress, the European Commission and the FTC. In its summary, Prof. Dwyer explains that:
In order to illustrate the nature of consumer tracking, a case study was conducted that examined behavioral targeting within Levis.com, the e-commerce site for the Levis clothing line. The results show the Levis web site loads a total of nine tracking tags that link to eight third party companies, none of which are acknowledged in the Levis privacy policy. Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents.
