Microsoft’s Research into Behavioral Targeting & Profiling via its Beijing Research Lab

There’s a “Great Digital Game” going on, where companies such as Google, Facebook, Microsoft and leading ad agencies compete to expand the clout of online marketing around the globe.  As I told EU and other privacy regulators last Friday, the Obama Administration is being pressed by US online marketers to forge trade deals that will allow the leading companies to conduct business in the  Asia-Pacific and EU region without worrying about serious privacy and consumer protection rules.  I do think it’s ironic–and really misleading–to point to online marketing as a U.S. economic success story that requires special treatment.  The revenues generated by Google, Facebook and the others are principally from advertising.  Whether they are truly models of innovation that will bring the kind of sustainable long-term job and economic growth we need is questionable.

At the core of the “Great Digital Game”–where U.S. companies strive to dominate the global interactive ad marketplace–is data collection for user targeting.  Microsoft, which has a principal online ad research facility in Beijing, was recently seeking a Senior Data Mining Analyst.  Read this excerpt from the job description and think about privacy, civil liberties in China and other autocratic regimes, consumer protection and the ethical role of U.S. online ad companies:  “Microsoft Ad Platform China is building world-class engineering teams in Beijing, focusing on online Ads related systems and services such as behavior targeting and advertiser analytics. The team partner closely with the Redmond Ad Platform team, enabling the discovery and inference of user profiles, intent and interaction while respecting privacy and trust, with the ultimate goal of maximizing benefits for users, advertisers and publishers…Core Job Responsibilities: Conduct and manage applied research and modeling work in the areas of user segmentation, profiling, and targeting. Research and experiment on data mining algorithms for user segmentation and dynamic segment expansion. Utilize data mining technologies and use various data sources, some of which may include MSN/Windows Live web usage, search query, demographic, subscription, and 3rd party data, to gain insight into Internet user behavior and intent that will set the foundation for Microsoft targeting offerings and data services. Provide complete solutions to business problems using data mining techniques, statistics and data analysis. Serve as subject matter expert and drive thought leadership in the areas of user profiling, ad targeting, and personalization for Microsoft online services.”

Pepsi Exec Tells What Keeps Facebook’s Zuckerberg “Up at Night”–Guess What it Is [Annals of Social Media Marketing & Privacy]

Shiv Singh is the head of digital marketing for Pepsi’s beverage line-up.  At a recent “Social Media Week” event, he discussed how brands should increase efforts to “listen” to social media conversations.  Mr. Singh said that:
“Twenty-five percent of all time spent online is spent on Facebook.  We only get to see and listen to a small slice of that. That [larger slice] is the missing link. We sometimes overstate the benefits of listening and we don’t acknowledge the fact that we’re not listening to everything as a whole. Mark Zuckerberg and his team at Facebook are brilliant, but if there’s one thing that keeps him awake at night it’s that the default state for profiles is not public.”

No doubt, if privacy advocates and responsible policymakers–and concerned Facebook users–hadn’t objected, the profiles would be public by default.  Given that Facebook’s ad revenues are connected to having such a goldmine of data free to its partners, having profiles be public by default would give us privacy nightmares.

Leading Health, Privacy, and Consumer Groups Call on FTC to Protect Adolescent Privacy online

For Immediate Release:  Feb. 18, 2011
Child, Health and Consumer Advocates Ask FTC for Teen Privacy Protections, including Do-Not-Track and No Behavioral Targeting

Today a Coalition of Child, Health and Consumer Advocates filed comments on the Federal Trade Commission’s proposed privacy framework asking for increased privacy protections for adolescents.   The coalition includes leading advocates such as the Center for Digital Democracy, the American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Children Now, and the Consumer Federation of America.

Privacy protections are needed as teens are increasingly subjected to privacy invasions online. Teens are using new media technologies for key social interactions and to explore their identities. This increased use of digital media subjects them to wholesale data collection and profiling of even their most intimate interactions with friends, family, and schools. Meanwhile, recent research in psychology and neuroscience reveals that teens are more prone to risky behavior when their anxieties and peer relations are exploited. Privacy protections are needed to keep the online world social and safe.

Companies should not use data to behaviorally profile teens. The framework should also provide enhanced choice for adolescents, including a Do Not Track feature. In implementing “privacy by design,” companies should consider the needs and vulnerabilities of teens.  They should address those vulnerabilities by, for example, minimizing the amount of data collected from teens.  Data that is collected should be retained for only short periods and should be afforded greater security.

“Teens live online today,” said Guilherme Roschke, attorney for CDD. “This time of development and maturation requires privacy protections. Teens cannot go it alone against the vast data collection and profiling infrastructure of new media technologies that not even adults can understand.”

“Because of their avid use of new media, adolescents are primary targets for digital marketing,” explained co-signer Kathryn C. Montgomery, Ph.D. “The unprecedented ability of digital technologies to track and profile individuals across the media landscape, and to engage in sophisticated forms of targeting, puts these young people at special risk of compromising their privacy.”

The full coalition includes:

Center for Digital Democracy, American Academy of Child and Adolescent Psychiatry, American Academy of Pediatrics, Berkeley Media Studies Group, a project of the Public Health Institute, Children Now, Consumer Federation of America, Consumer Watchdog, David VB Britt, Retired CEO, Sesame Workshop, Ellen Wartella, Kathryn Montgomery, National Policy & Legal Analysis Network to Prevent Childhood Obesity, a project of Public Health Law & Policy, The Praxis Project, Privacy Rights Clearinghouse, Public Good, Public Health Institute, Tamara R. Piety, and World Privacy Forum

Guilherme Roschke
Staff Attorney / Fellow
Institute for Public Representation
First Amendment and Media Center
Georgetown University Law Center
T:(202) 662-9543
F:(202) 662-9634
gcr22@law.georgetown.edu
http://www.law.georgetown.edu/clinics/ipr/
**********

Neuromarketing Research–Sponsors include Miller Coors, American Express, Hershey’s

excerpt on the Advertising Research Foundation’s “Inaugural NeuroStandards Retreat”–

On January 12-14, 2011 at Campbell Soup Headquarters in Camden, New Jersey, 40 senior review panel members, research vendors, gold brand sponsors, gold media sponsors, silver sponsors and ARF personnel gathered to discuss significant insights and key findings from the unprecedented Engagement 3: NeuroStandards Collaboration. This groundbreaking ARF research project,… will provide much-needed transparency about biometric and neurological research methods.
In advance of the retreat, each of the research vendors involved (Gallup & Robinson, Innerscope, MSW Research/LAB, Mindlab International, NeuroCompass, Neuro-Insight, Sands Research, and Sensory Logic) were asked to analyze eight commercials—one from each gold brand sponsor (American Express, Campbell Soup, Clorox, Colgate-Palmolive, General Motors, Hershey’s, Miller Coors and JP Morgan Chase).

The research vendors presented their reports to each sponsor prior to the retreat. The reports were also reviewed by a number of subject matter experts (for example, Electroencephalography (EEG) experts looked at EEG reports, Functional Magnetic Resonance Imaging (fMRI) experts looked at fMRI reports). Subject matter expert reports were then distributed to a panel of expert reviewers who provided their assessment at the retreat…

The expert reviews, discussions and key findings from the ARF NeuroStandards Retreat will be presented in March at Re:think 2011 – The ARF 75th Anniversary Annual Convention. Some of the major topics that will be explored include:

How neuromarketing research can produce new insights for advertising, branding, and other marketing research projects;
Which biometric and neurological methods are best suited for specific research objectives and what are the advantages and disadvantages of these methods compared to traditional research methodologies…

As Google Expands Digital Food Marketing Clout, How Will it Protect Children and Adolescents from Online Junk Food Ads?

Google just announced plans to “to build its advertising and marketing business in the food and beverage industries,” including “establishing a food-and-beverage team in Chicago to link with advertisers and marketers.”   The online ad market leader hired a former Frito Lay and beer marketing executive who explained that the company intended to harness the “untapped potential in the digital world for food and beverage advertisers, and Google’s ability to work with them, based on proprietary analytics that map out consumer behavior.”   The exec–Karen Sauder–said that Google intended to use its clout with online media to generate a deep connection to users, including taking advantage of “some of the new location-based services and mobile technology that’s really untapped at this point.”

As our companion site digitalads.org documents, food and beverage companies, along with online ad companies such as Google, Yahoo and Microsoft, are targeting young people with digital ads for products linked to the youth obesity crisis (they are doing this in the U.S. and globally).  Google should play a leadership role and adopt new safeguards to ensure that no one under 18 is targeted by digital junk food ads–and that it undertakes a thoughtful analysis to address problems raised when targeting vulnerable groups.  We hope Microsoft, Yahoo and others will also do so.  We call on Google to embrace a “healthy” digital diet for its food and beverage marketing. This is an issue that will be on the policy radar in 2011.

Statement of Jeff Chester on the Department of Commerce’s Internet Policy Task Force Privacy and E-Commerce: a Bill of Behavioral Targeting “Rights” for Online Marketers?

The Obama Administration asks some important questions about protecting the privacy of U.S. consumers.  But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.   The time for questions has long passed.

Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder” process to help develop “enforceable codes of conduct.”  If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.    They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.   The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data.  The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace.  While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.

This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online.  The Commerce Department is focused on promoting the interests of industry and business—not consumers.  It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.   Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse.  We call on the Administration and Congress to address this issue.  A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.

The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free” zones.  Under the cover of promoting “innovation” and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy).  The Obama Administration appears to be promoting a kind of “separate, but equal” framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach.  The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.

We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.

Five Ways to Protect Privacy

[a version we wrote of this ran in Multichannel News]
Five Ways for Digital Marketers to Protect Consumer Privacy

If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes.  That’s not what consumers and citizens need in the interactive marketing era.   All Americans should have their privacy respected and protected when they go online—including when they use mobile phones.

1.     Tell your users what you actually say to your advertisers—about how the profiling and targeting process really works.  There is a disconnect that is unfair and deceptive between what companies say in their privacy policies and pitch to their clients and potential partners.   Be honest about the “360 degree” ways you engage in online marketing.

2.     Don’t collect information and target consumers based on their interests in finance and health.  These two most “sensitive” categories should be opt-in only.   When consumers go online for loans, credit, mortgages, and health concerns they require the upmost privacy.  Although online financial, health and so-called lead-generation advertising is big business, consumers should not be forced to have their online financial and health behavior stealthfully-tracked and compiled.  The risks to consumers are great if we don’t develop special rules for this data.

3.     Racial and ethnic profiling data should also be opt-in. Hispanics, African-Americas, Asian-Americans and other minorities are increasingly the focus of a growing behavioral targeting and online marketing apparatus.  In the “offline” world, we have witnessed a disturbing use of racial profiling practices to discriminate against individuals.  In today’s online environment, users are being identified as being a member of a racial or ethnic group without either their awareness or consent.  While we all want to see the growth of diversely owned online publishing, it should not be done at the expense of civil liberties in the digital era.  We must prevent the growth of online racial profiling, that when tied to income, geography and other data can be used to create 21st Century forms of discrimination.

4.     Don’t use neuromarketing and other subliminal and subconscious-based advertising.   Fortune 1000 advertisers and online marketers such as Microsoft, Yahoo and Google are using new forms of ad testing and development involving the latest tools of neuroscience, such as fMRI’s and EEGs.  Neuromarketing’s goal is to directly influence a consumer’s subconscious, and when combined with the power of online data targeting,  offers powerful—and frightening—new forms of manipulation.

5.     Users need to consent to having their profiles be bought and sold on so-called online ad exchanges.  Selling off the right to target a consumer online, via real-time auctions that happen in milliseconds, is dehumanizing.  Nor should we permit the growing combination of offline and online databases to be used for targeting, including via these new digital auction houses.

Interactive marketing is now a fundamental operating principle for the cross-platform media economy throughout the world.   But right now, it’s a digital “wild west” that doesn’t serve the interests of consumers, citizens and most marketers.

Online Ad Biz to Reps. Markey/Barton: We Really Don’t Have to Tell You the Facts! The case of Yahoo!




If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak” specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry.  None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates:  that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.”   All the companies hide behind `it’s a business as we created it and good for everyone’ facade.  Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!).  Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!).  The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding. 

The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates.  Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,” “relevant,” or “interest” targeting.  Online profiling and targeting is now called “customization.”  The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions.  Finally, several of the companies submitted their privacy policies.   In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.

Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII).  Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII” and hence fail to raise privacy concerns.  Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works.  The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data.  Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…

Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers.  Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1.  For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process.  Most of which are not spelled out or really explained in the privacy policy;  See also, Yahoo’s “smart ad” technology that changes the copy in real time based on the data it collects.  Its privacy policy really doesn’t explain it in the same way it pitches itself to clients.  Yahoo says in its Hill letter that it “may” acquire data from external sources and gives the link to that section of its privacy policy.  Not even a multi-tasking genius could opt-out all of that.  Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story:  “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.”  In question 4-5, Yahoo claims its users have all the information they require via the privacy policy.  But Yahoo’s information for perspective clients tells a more complete and different story:  “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more.  If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…”Question 9, again, they call it “customized experience” to Congress—and “smart ads” that track and learn about you when they explain it to advertisers.   Question 10.  Health and finance.  Yahoo failed to tell Congress they track and target consumers health and financial info.  And they target teens.  For health; finance.


Danah Boyd, COPPA, Online Marketing Targeting Youth, the role of Microsoft

Danah Boyd, like many other digital media researchers, fails to examine the business practices which shape and construct most of contemporary online media.  Ms. Boyd is quoted in last week’s Boston Globe about the Children’s Online Privacy Protection Act saying “[I]t’s well-intentioned, but this legislation has failed on every level.”  Ms. Boyd is incorrect.   A whole range of interactive ad practices and techniques commonly found on most digital sites has not been embraced by the under-13 online advertising market.  The goal of COPPA was to help structure the commercial online data collection and targeting practices aimed at young people–and it’s done so (just see what kind of data collection and targeting practices occur the minute anyone reaches 13.  From that age onwards, everyone is fair game for a wide range of very disturbing practices, most of which collect and use our information). Ms. Boyd and the Globe article are also incorrect claiming that “Congress is considering renewing” COPPA.   The FTC is currently conducting a periodic review of COPPA’s rules and the Congress has held hearings on the law.  But Congress doesn’t have to “renew” COPPA.

Finally, a challenge to Ms. Boyd.  She is working for Microsoft–which is targeting youth across the globe via its advertising division.  Microsoft Advertising is collecting data and targeting teens for junk food and other products.  See Microsoft’s “How to Target Young People Online” and other materials, for example.  Ms. Boyd needs to analyze what her employer–and other financial backers from the online ad industry supporting Berkman–are doing regarding youth–and hold them and herself accountable.

The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.