IAB Gets a new Chance to Play Constructive Role as Randall Rothenberg Goes to Time Inc.

The departure of Randall Rothenberg, the head of the Interactive Advertising Bureau, provides a critical opportunity for the IAB to revisit its position on protecting consumer online privacy (including Do Not Track).  Under Mr. Rothenberg, the IAB lobbied Congress to restrict the FTC’s ability to protect consumers, including on privacy.  With new leadership, the IAB could begin playing a more constructive role by working with consumer groups to build a consensus on federal privacy rules.  Instead of confrontation and denial, we hope the online ad lobby pursues serious engagement with privacy advocates.   The IAB has become just another inside the Beltway lobbying group–and has lost credibility among many policymakers.  A new IAB leader should be someone who can really help the mission of the industry by engaging in the kind of diplomacy and debate that supports the higher purposes of online advertising, digital publishing, and the public interest.
At Time, Mr. Rothenberg will now be in charge of its online ad network, which uses behavioral targeting and other interactive data techniques.  How Time responds to the growing call for better consumer privacy will be one of Mr. Rothenberg’s new challenges.

The new “OpenRTB” online ad exchange platform–consumer protection and privacy concerns

Both Advertising Age and Adexchanger.com report on the new “real-time bidding” consortium.  Real-time bidding stands for a process where each of us are tracked and sold to the highest bidder, in real-time, so we can be targeted with ads (from financial products to pharmaceuticals to travel and more).  The OpenRTB effort provides “industry standards for communication between buyers of advertising and sellers of publisher inventory.”  Initial members include leading data targeting companies Data Xu, MediaMath, Turn, Ad Meld, Pubmatic and the Rubicon Project.

The further integration of data tracking and selling platforms raises consumer protection, privacy and competition issues.  Consumers need to be able to decide for themselves about whether they wish to be targeted through such exchanges.  The consortium offers its online ad partners tools to streamline the digital marketing process.  Where are the tools for a consumer–so they can determine how they are treated online through these anonymous and impersonal systems?  In its haste to advance online behavioral targeting, the new OpenRTB consortium appears to have left privacy and consumer choice and control aside. Regulators, privacy and consumer advocates and others will need to maintain a close watch on the new online targeting alliance.  Meanwhile, we hope that this new group will adopt new consumer protection safeguards–and not rely on the flimsy argument that groups such as the NAI and triangled icons somehow protect the public.

Neuromarketing & Privacy: German Data Protection Authority Enacts Safeguards

We have long been sounding the alarm over the role of neuromarketing in advertising, especially for online marketing.  We are gratified that the Data Protection Authority in Hamburg Germany, according to this law firm post, just imposed safeguards on the role of neuromarketing.  It explains that [excerpt]: “[O]n November 23, the data protection authority (DPA) of the German Federal State of Hamburg imposed a €200,000 fine [link in German] against the Hamburg-based savings & loan Hamburger Sparkasse due to violations of the German Federal Data Protection Act (the BDSG) for, among other reasons, using neuromarketing techniques without customer consentIndeed, according to the head of the Hamburg DPA, Prof. Johannes Caspar, the intent was to send a clear signal to the market against the use of modern neuromarketing and comparable methods in violation of data protection law.  The case also clearly illustrates that German regulators are willing to enforce the new data protection regime and are well prepared to impose significant fines upon companies rather than giving them merely a warning notice…The decision of the Hamburg DPA may also attract attention beyond Germany and influence the interpretation of data protection laws in other countries, in particular with respect to the compliance of neuromarketing and brain sciences techniques with data protection laws.  Due to the sensitivity of such activities, it is likely that regulators in the EU will follow the approach taken by the Hamburg DPA.”

Google’s Privacy Challenge: Face up to your online advertising culture of data collection

Google keeps making new announcements about how it will–finally, this time!–protect consumer privacy.  This latest PR salvo–after the Canadian Privacy Commissioner ruled that Google had “contravened Canadian privacy law when it inappropriately collected personal information from unsecured wireless networks in neighbourhoods across the country”– is designed to help quell EU and US policymakers enacting safeguards that would rein in some of company’s data collection practices.  Yesterday’s announcement illustrates one of Google greatest problems: it can’t admit that its entire business model is based on collecting infinite amounts of information on individual consumers.  Google’s most recent acquisitions–Admob, Invite Media, and Teracent, for example–are designed to generate new data-mining based revenues.   Google is trapped in its own success: it can’t step off the digital data collection treadmill with Facebook and others in hot pursuit.  But consumers and citizens should expect more honesty coming from the “don’t do evil” web giant–not just new promises to better behave.

Google has named Alma Whitten to head a team designed to better address privacy issues.  During her recent testimony before the Senate Commerce Committee, Dr. Whitten didn’t provide the kind of critical analysis required on the impact of Google’s online ad business and privacy.  Doing so now–and honestly addressing and redressing the problem–will be a key test.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

Behavioral Targeting is About Tracking an “Individual,” Explains Online Marketer

The online ad industry and lobby better stop saying that cookies and other forms of data collection aren’t personally identifiable–so-called PII [personally identifiable information].  As we know, behavioral targeting (BT) identifies, profiles, tracks and targets an individual.  Here’s just one example of how online marketers discuss what BT really is when they are talking among themselves and to clients (our emphasis):

What is behavioral targeting?
Behavioral targeting is a technique used by online advertisers to improve the effectiveness of their campaigns by increasing the relevance of product offers and promotions on a visitor-by-visitor basis.

Behavioral targeting uses information collected on an individual’s web-browsing behavior, such as the pages they have visited or the searches they have made, to select and deliver online ads to the users who are most likely to be interested…As the effective mixing and mining of audience data has become increasingly important to online advertisers, the role of behavioral targeting and retargeting have grown more central…The typical approach to behavioral targeting starts by using web analytics to group visitors into discrete channels. Each channel is analyzed and a virtual profile is created to for each channel…
Most platforms identify visitors by assigning a unique id cookie to each and every visitor to the site, allowing them to be tracked throughout their web journey.  An example is a user who visits content about auto insurance, clicks on an insurance advertiser button or banner, and then searches for “auto insurance.” This user would be assigned to the insurance prospect channel and the next time that user goes to Yahoo they will see ad for insurance…

What AOL Should Have Told Reps. Barton & Markey


AOL also describes to Reps. Barton and Markey the way they use cookies that doesn’t reflect what they say to clients--such as “Target users based on attributes from user registration or third-party data (e.g. age, gender, income, kids)… Retarget users who visit your website… Target users within households using Experian’s statistical modeling based on hundreds of offline data elements that are most predictive for defining the specific audience of consumers.” For question 1, they refer to their privacy policy—something few consumers would read or understand.  Nor does the privacy policy spell out how AOL collects and targets users, as they do for potential clients.  See and compare to privacy policy. See how they offer targeting based on political information.

Question 2:  They didn’t answer completely.  They should have included information from here. And what their partners collect.

Question 3.  They should have said they urge advertisers to use pixels, beacons and other tracking tools:   “Place pixels on all high-traffic pages… Target broadly… Most networks, including Advertising.com, look at IP or cookie data to determine if a user is part of a specific demographic or has demonstrated a particular online behavior, such as shopping for a car, browsing cooking sites, and so on. With user targeting, you reach those consumers directly, regardless of the sites they happen to be visiting.”

And they say that the third party cookies don’t identify the “specific user.”  But that’s what AOL says it can target:  “Target users within households… Retarget users who visit your website… Target users within households that demonstrate the highest propensity to buy certain products…”

Question 7.  They don’t say what they do.  It’s monetizing all the data:  “We monetize nearly 1.5 billion impressions per day on average.”

10.  They should have said how they target based on financial and health info.  They didn’t.  See its targeting for health, finance, teens, Hispanics, African-Americans.


14.   Users don’t have enough information on the process to really determine whether they should opt-out.  Nor is AOL’s opt-out really visible.

Online Ad Biz to Reps. Markey/Barton: We Really Don’t Have to Tell You the Facts! The case of Yahoo!




If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry.  None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates:  that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.”   All the companies hide behind `it’s a business as we created it and good for everyone’ facade.  Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!).  Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!).  The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding. 

The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates.  Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,” “relevant,” or “interest” targeting.  Online profiling and targeting is now called “customization.”  The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions.  Finally, several of the companies submitted their privacy policies.   In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.

Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII).  Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII” and hence fail to raise privacy concerns.  Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works.  The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data.  Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…

Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers.  Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1.  For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process.  Most of which are not spelled out or really explained in the privacy policy;  See also, Yahoo’s “smart ad” technology that changes the copy in real time based on the data it collects.  Its privacy policy really doesn’t explain it in the same way it pitches itself to clients.  Yahoo says in its Hill letter that it “may” acquire data from external sources and gives the link to that section of its privacy policy.  Not even a multi-tasking genius could opt-out all of that.  Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story:  “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.”  In question 4-5, Yahoo claims its users have all the information they require via the privacy policy.  But Yahoo’s information for perspective clients tells a more complete and different story:  “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more.  If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…”Question 9, again, they call it “customized experience” to Congress—and “smart ads” that track and learn about you when they explain it to advertisers.   Question 10.  Health and finance.  Yahoo failed to tell Congress they track and target consumers health and financial info.  And they target teens.  For health; finance.


Facebook to TV Business: We can boost your audience: “it’s all about making that data available”

Yesterday, Facebook pitched itself to the global commercial TV industry at MIPCOM.  Facebooks’ EMEA rep Joanna Shields touted how Facebook could help generate more viewers and greater involvement with TV programs, such as “X-Factor.”  Ms. Shields said that Facebook Places location targeting system might let its users “check in” to a program:  “…you could check into a television show and tell everyone what’s happening.  You could say I am watching this and you got to see it… It could become a very powerful marketing tool at some stage…It’s all about data, it’s all about making that data available.”  Other quotes from Ms. Shields: The voice of your fan can be amplified to a chorus, and a focus group can be the size of a country…30% of all TV viewers have admitted to being logged onto to Facebook while watching a TV show…[TV program] stories are the beginning of the conversation, and not the last word…I can see someday the ability to sign in using your Facebook ID to a show.”

Danah Boyd, COPPA, Online Marketing Targeting Youth, the role of Microsoft

Danah Boyd, like many other digital media researchers, fails to examine the business practices which shape and construct most of contemporary online media.  Ms. Boyd is quoted in last week’s Boston Globe about the Children’s Online Privacy Protection Act saying “[I]t’s well-intentioned, but this legislation has failed on every level.”  Ms. Boyd is incorrect.   A whole range of interactive ad practices and techniques commonly found on most digital sites has not been embraced by the under-13 online advertising market.  The goal of COPPA was to help structure the commercial online data collection and targeting practices aimed at young people–and it’s done so (just see what kind of data collection and targeting practices occur the minute anyone reaches 13.  From that age onwards, everyone is fair game for a wide range of very disturbing practices, most of which collect and use our information). Ms. Boyd and the Globe article are also incorrect claiming that “Congress is considering renewing” COPPA.   The FTC is currently conducting a periodic review of COPPA’s rules and the Congress has held hearings on the law.  But Congress doesn’t have to “renew” COPPA.

Finally, a challenge to Ms. Boyd.  She is working for Microsoft–which is targeting youth across the globe via its advertising division.  Microsoft Advertising is collecting data and targeting teens for junk food and other products.  See Microsoft’s “How to Target Young People Online” and other materials, for example.  Ms. Boyd needs to analyze what her employer–and other financial backers from the online ad industry supporting Berkman–are doing regarding youth–and hold them and herself accountable.