The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Consumer and Privacy Groups at FTC Roundtable to Call for Decisive Agency Action

Washington, DC, December 6, 2009 – On Monday December 7, 2009, consumer representatives and privacy experts speaking at the first of three Federal Trade Commission (FTC) Exploring Privacy Roundtable Series will call on the agency to adopt new policies to protect consumer privacy in today’s digitized world. Consumer and privacy groups, as well as academics and policymakers, have increasingly looked to the FTC to ensure that Americans have control over how their information is collected and used.

The groups have asked the Commission to issue a comprehensive set of Fair Information Principles for the digital era, and to abandon its previous notice and choice model, which is not effective for consumer privacy protection.

Specifically, at the Roundtable on Monday, consumer panelists and privacy experts will call on the FTC to stop relying on industry privacy self-regulation because of its long history of failure. Last September, a number of consumer groups provided Congressional leaders and the FTC a detailed blueprint of pro-active measures designed to protect privacy, available at: http://www.democraticmedia.org/release/privacy-release-20090901.

These measures include giving individuals the right to see, have a copy of, and delete any information about them; ensuring that the use of consumer data for any credit, employment, insurance, or governmental purpose or for redlining is prohibited; and ensuring that websites should only initially collect and use data from consumers for a 24-hour period, with the exception of information categorized as sensitive, which should not be collected at all. The groups have also requested that the FTC establish a Do Not Track registry.

Quotes from Monday’s panelists:

Marc Rotenberg, EPIC: “There is an urgent need for the Federal Trade Commission to address the growing threat to consumer privacy.  The Commission must hold accountable those companies that collect and use personal information. Self-regulation has clearly failed.”

Jeff Chester, Center for Digital Democracy: “Consumers increasingly confront a sophisticated and pervasive data collection apparatus that can profile, track and target them online. The Obama FTC must quickly act to protect the privacy of Americans,including information related to their finances, health, and ethnicity.”

Susan Grant, Consumer Federation of America: “It’s time to recognize privacy as a fundamental human right and create a public policy framework that requires that right to be respected,” said Susan Grant, Director of Consumer Protection at Consumer Federation of America. “Rather than stifling innovation, this will spur innovative ways to make the marketplace work better for consumers and businesses.”

Pam Dixon, World Privacy Forum: “Self-regulation of commercial data brokers has been utterly ineffective to protect consumers. It’s not just bad actors who sell personal information ranging from mental health information, medical status, income, religious and ethnic status, and the like. The sale of personal information is a routine business model for many in corporate America, and neither consumers nor policymakers are aware of the amount of trafficking in personal information. It’s time to tame the wild west with laws that incorporate the principles of the Fair Credit Reporting Act to ensure transparency, accountability, and consumer control.”

Written statements and other materials for the roundtable panelists are available at the following links:

CDD/USPIRG: http://www.democraticmedia.org/node/419

WPF: http://www.worldprivacyforum.org/pdf/WPF_Comments_FTC_110609fs.pdf

CFA: http://www.consumerfed.org/elements/www.consumerfed.org/File/5%20Myths%20about%20Online%20Behavioral%20Advertising%2011_12_09.pdf

EPIC: www.epic.org

“Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy”

That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG.  I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.   It’s available here.

Here’s an excerpt:   Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.

Technology Policy Institute Spins the Privacy Debate in D.C.–Group funded by Some of the Biggest Data Collection Companies

Today, the Technology Policy Institute (TPI) is holding a Hill forum on privacy and the Internet.  The group’s announcement for the event states that More privacy, however, would mean less information, less valuable advertising, and thus fewer resources available for producing new low-priced services.  It is this tradeoff that Congress needs to take into account as it considers new privacy legislation.”

What an absurd, reductionistic, and intellectually-dishonest claim.  First, this group is funded by some of the largest companies engaged in behavioral data collection and also fighting meaningful privacy policies.   That includes Google and Time Warner.  TPI’s other funders involved in some form of data collection and targeted interactive marketing include AT&T, Cisco, the National Cable and Telecommunications Association and Verizon.  Rep. Cliff Stearns, the ranking member of the House Subcommittee on the Communications, Technology, and the Internet is speaking at the event: that committee is currently drafting privacy legislation to protect consumers.  Panel speakers include TPI supporters Google and Comcast.  The lone privacy group on the panel, CDT, is funded by Google and others.  One academic on the panel also works for a high-tech consulting company.  The other panel academic has done fine work on social networks and privacy.

What makes TPI’s posturing absurd, beyond its funding conflicts, is the current economic crisis.  Consumer privacy laws are required to ensure that our financial, health and other personal transactions online are conducted in a responsible manner.  Anyone–or group–who believes that we can’t have both privacy and a robust online marketplace is out of touch.

IAB Works to Undermine Obama Consumer Protection Plan [On its Exec. Board includes Google, Time Warner, Disney, NYT, CBS, WPP]

The Interactive Advertising Bureau (IAB) signed a July 20, 2009 letter sent to Rep. Barney Frank of the House Committee on Financial Services raising questions–and really attempting to undermine–the Obama Administration’s proposed Consumer Financial Protection Agency.  Others signing the letter included the Business Roundtable, Consumers Bankers Association, Consumer Data Industry Association, Financial Services Roundtable, the Real Estate Roundtable and the U.S. Chamber of Commerce.  The IAB wasn’t the only ad lobby group signing the letter; so did the 4A’s and the DMA.  My colleagues in the consumer community view the letter as an attempt to derail the bill [the letter, which asks for a delay on the bill, says that “there will be significant dangerous, unintended consequences if the legislation is enacted in its current form.”]

Why would the IAB be concerned about the creation of a new powerful consumer financial watchdog?  It’s because their members work with companies engaged in digitally-related financial products–including mortgages, loans, credit cards, and so-called lead generation services.  The IAB benefits from the hundreds of millions spent year year on interactive ads for financially-related services (Among the top 15 digital advertisers in 2008 were Scottrade, Tree.com, TD Ameritrade Holding Co, Bank of America, FMR Corp, Experian, etc.). The IAB is clearly afraid of having an agency that would be empowered to investigate how online marketers sell and promote a wide range of financial products online.

We do wonder whether IAB board members that support the Obama Administration’s proposal (which is widely backed by consumer groups) understand the implications of the position it has taken.  Personally, I believe the creation of the new agency is critically important.  We must ensure that American consumers are never again victims when buying financial products.  Given that most of us will be learning about and purchasing financial services online, the proposed new agency will have to address how a number of IAB’s members engage in digitally-delivered financial services.

Progress & Freedom Foundation Comes to Aid of its Data-Collecting Backers (Using a `save the newspapers’ as a ploy to permit violations of consumer privacy protection!)

This report from Internetnews.com on the Progress and Freedom Foundation’s “Congressional” briefing illustrates how desperate some online marketers are that a growing number of bi-partisan congressional leaders want to protect consumer privacy.  So it’s not surprising that some groups that are actually financially supported by the biggest online marketing data collectors in the world would hold a Hill event to help out the friends who pay their bills.

It should have been noted in Ken Corbin’s that Google, Microsoft, Time Warner (AOL), News Corp. (MySpace) financially back the Progress and Freedom Foundation (PFF).  Other behavioral data targeting `want to be’s’ who monopolize U.S. online and other platforms are also backers:  AT&T, Comcast, NBC, Disney/ABC, Viacom/MTV/Nick, etc. For a list, see here.

PFF and some of its allies deliberately distort the critique of consumer and privacy groups.  We are not opposed to online marketing and also understand and support its revenue role for online publishing.  But many of us do oppose as unfair to consumers a stealth-like data collection, profiling and ubiquitous tracking system that targets people online.  One would suppose that as a sort of quasi-libertarian organization, PFF would support individual rights.  But given all the financial support PFF gets from the major online data collectors, how the group addresses the consumer privacy issue must be viewed under the `special interests pays the bills’ lens.

PFF and its allies are playing the ‘save the newspaper’ card in their desperate attempt to undermine the call for lawmakers to protect consumer privacy.  Newspapers and online publishers should be in the forefront of supporting reader/user privacy; it enhances, not conflicts, with the First Amendment in the digital era.  Finally, PFF’s positions on media issues over the years has actually contributed to the present crisis where journalism is on the endangered species list.  This is a group that has worked to dismantle the FCC, eliminate rules designed to foster diverse media ownership, and undermine network neutrality.

PS:  The article quotes from Prof. Howard Beales of George Washington University (and a fCV,ormer Bush FTC official with oversight on privacy).  Prof. Beales was on the PFF panel.  Prof. Beales, according to his CV has served as a consultant to AOL and others (including  Primerica and the Mortgage Insurance Companies of America).  Time Warner, which owns AOL, is a PFF financial backer.  All this should have been noted in the press coverage.

Online Consumers Require Real Privacy Safeguards, Not the Digital Fox [AAAA, ANA, BBB, DMA & IAB] in Charge of the Data Hen House

The self-regulatory proposals released today [2 July 2009]  by five marketing industry trade and lobby groups are way too little and far too late. This move by the online ad industry is an attempt, of course, to quell the growing bi-partisan calls in Congress to enact meaningful digital privacy and consumer protection laws. It’s also designed to assuage a reawakened Federal Trade Commission–whose new chair, Jon Leibowitz, recently appointed one the country’s most distinguished consumer advocates and legal scholars to direct its Bureau of Consumer Protection (David Vladeck). The principles are inadequate, even beyond their self-regulatory approach that condones, in effect, the “corporate fox guarding the digital data henhouse.” Effective government regulation is required to protect consumers. We should have learned a painful lesson by now with the failure of the financial industry to oversee itself. The reckless activities of the financial sector—made possible by a deregulatory, hands-off government policy–directly led to the current financial catastrophe. As more of our transactions and daily activities are conducted online, including those involving financial and health issues–through PCs, mobile phones, social networks, and the like–it is critical that the first principle be to ensure the basic protection of consumer privacy. Self-dealing “principles” concocted by online marketers simply won’t provide the level of protection consumers really require.

The industry appears to have embraced a definition of behavioral targeting and profiling that is at odds with how the practice actually works. Before any data is collected from consumers, they need to be candidly informed about the process–such as the creation and evolution of their profile; how tracking and data gathering occurs site to site; what data can be added to their profile from outside databases; the role that data targeting plays on so-called first-party websites, etc. In addition, the highest possible consumer safeguards are necessary when financial and health data are involved. Under the loosey-goosey trade industry principles, however, only “certain health and financial data” are to be treated as a “sensitive” category. This would permit widespread data collection involving personal information regarding our health and financial concerns. The new principles, moreover, fail to protect the privacy of teenagers; nor do they seriously address children’s privacy. (I was one of the two people that led the campaign to enact the Children’s Online Privacy Protection Act).

The failure to develop adequate safeguards for sensitive consumer information illustrates, I believe, the inability of the ad marketing groups to seriously address online privacy. The so-called “notice and choice” approach embraced by the industry has failed. More links to better-written privacy statements don’t address the central problem: the collection of more and more user data for profiling and targeting purposes. There needs to be quick Congressional action placing limits on the collection, use and retention of consumer data; opt-in control over profile information; and the creation of a meaningful sensitive data category. Consumer and privacy groups intend to work with Congress to ensure that individuals don’t face additional losses due to unfair online marketing practices.

[press statement by the Center for Digital Democracy]

UK Online Ad Lobby Group: “behavioural targeting is going to be the future of the internet.” [Annals of Behavioral Targeting]

The debate over behavioural targeting, profiling and interactive advertising is heating up in the European Union.  We just spoke at a EU event on the topic.  More later on that meeting (which featured Google, Microsoft, Nokia and others, all wearing their Brussels best).  Google and others pointed to a new code on behavioural targeting created by the UK’s Interactive Ad Bureau, which they suggest is a model (and is designed to foreclose on real privacy safeguards).  I will be writing about this code in the next post.  But here’s what the chairman of the IAB UK, Richard Eyre, said about protecting privacy online and the Internet’s future [via Brand Republic.  March 31, 2009]. Excerpts:

Richard Eyre, chairman of the Internet Advertising Bureau, has said he accepts the European Union’s decision to investigate behavioural targeting as “logical” but hopes that the current self-regulatory process “will satisfy everyone”.

Eyre was responding to the EU’s decision to investigate behavioural targeting by online advertisers, in a move that could result in legislation that overrides the code recently introduced by the IAB with the support of Ofcom and search giants Google and Microsoft…Eyre said that he understood that the EU had to have a point of view on the issue because behavioural targeting is a new tool about which the general public is still forming its opinion. However he hopes the self-regulatory code on behavioural targeting recently introduced by the IAB will satisfy everyone. Eyre said: “It is very easy to dismiss the issues as an invasion of privacy but the fact is that behavioural targeting is going to be the future of the internet.”Eyre told ISBA’s annual conference recently that behavioural targeting would be a “game-changer” for advertisers.
PS:  As for Microsoft’s position on privacy, here’s an excerpt from a March 5, 2009 New Media Age story:  “Zuzanna Gierlinska, head of Microsoft Media Network, said, “It’s better that regulation comes from within the market rather than from government, which might not be fully aware of how behavioural targeting works.”  source:  “Industry unites to defend trust in online advertising.”   Suzanne Bearne.  nma.co.uk

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.