Category: annals of behavioral targeting

CDD Urges Regulators to Protect Consumer Privacy in Comcast/NBCU deal

The Center for Digital Democracy will ask both the FCC and FTC to ensure that consumer privacy is protected as part of the regulatory review of the Comcast/NBCU partnership.  Comcast is currently deploying interactive TV applications, including for advertising, on its cable systems.   The nation’s largest cable company and broadband ISP  has played a leading role in developing next-generation “advanced advertising” services through the Canoe Ventures interactive TV cable consortium, as well as with CableLabs (Comcast chair Brian Roberts is the chair of the board of CableLabs, the industry’s R&D center).  For advanced advertising, information on household viewing, including from individuals, will be collected from set-top boxes that can be combined with outside databases to form viewer ad targeting profiles.   Highly personal ads will be created, practically instantaneously, for real-time delivery based on these profiles. Cable and other video providers are creating a “real-time decision-making system” for marketing that analyzes user data–including income, ethnicity, and viewing and behavior patterns–to help determine the precise ad to be delivered. Comcast is reportedly planning  “a gigantic database called “TV Warehouse,” able to store a full year of statistics gathered from digital set-tops in more than 16 million households nationwide… having a massive 500 Terabytes of storage, would then feed up to a database even broader in scope operated by Canoe Ventures…”

As the nation’s biggest “video provider” and “largest residential Internet service provider,” Comcast has access to detailed financial information on its TV and broadband subscribers.  It also has a treasure trove of consumer data on viewing behaviors online and with TV.  Comcast can also use its dominate position as the leading high-speed ISP and cable TV provider to extract additional consumer information from its programming partners.   Regulators will need to ensure effective safeguards on network neutrality, programming access and competition, and consumer privacy—especially for “advanced advertising.”

CDD also will ask competition authorities to review Comcast’s relationship with Canoe Ventures, and its implications on content diversity.
Some Background:

http://www.comcastmediacenter.com/media/news-releases-detail.html?content_item_id=161;

http://www.comcastspotlight.com/sites/Default.aspx?pageid=7680&siteid=62&subnav=3

http://www.canoe-ventures.com/;

http://www.cablelabs.com/projects/dpi/;

http://www.experianmarketingservices.com/capabilities_digitaladvertising.php;

http://www.lightreading.com/document.asp?doc_id=183658&site=cdn;

http://www.multichannel.com/article/161894-Comcast_TV_Warehouse_To_Collect_STB_Clicks.php;

http://www.screenplaysmag.com/corporate/sigma/;

http://www.comcast.com/corporate/about/pressroom/corporateoverview/corporateoverview.html

A Google Online Ad Goal: “engage advertising agencies and brand marketers in programs that move the needle for their companies”

That phrase is part of a Google job ad for a “Display Account Manager” focused on the auto industry  (based in Detroit).  Here’s an excerpt:

You will drive the online video marketplace forward and engage advertising agencies and brand marketers in programs that move the needle for their companies. The primary responsibility of the Display Account Manager is to drive new business revenue for YouTube and other Google display services and products with Fortune 1000 advertisers across multiple industries. You’ll manage business relationships to ensure that your clients’ needs and requirements are met. Additionally, you will be involved in the operational execution of your clients’ campaigns. This role is not for the faint of heart…Identify and execute on new business with new clients and upsell opportunities for existing clients and prospect within accounts and agencies to uncover leads, new contacts, and revenue.

Microsoft Advertising offers “Profile Targeting”

As we just told the BEUC conference on consumer protection and online marketing, we couldn’t make this up if we tried.  Here’s what Microsoft Advertising says it can do via its UK site for marketers:

Just say who, when and where

Profile Targeting can help you find the people you’re looking for by who they are, where they are and when you want to be seen by them. Just name the characteristics that matter most to you. It could be anything from the consumer’s age, gender or country, to the day of the week you want to target the audience on.

[and here’s what they say about behavioral retargeting, which they euphemistically now call “re-messaging“]”

With Re-messaging we can narrow our audience by finding the people who have already visited you. It means we can ensure they always stay intouch and help create continual engagement with your brand.  Re-messaging is effective on its own, but works at its best whencombined with other forms of targeting and campaign performance. By placing action tags on your website, we can track visitors throughout the course of their online journey and re-message them on our network. For example the consumer may have previously searched for a hotel but not booked, compared credit cards but not applied, or visited a promotional website. Whatever it may be, if they’ve gone part way to making a purchase or performing an action, we can help you continue the conversation and ensure that the relevant message is seen by the people it matters most to.

CDD/USPIRG to FTC: Self-Reg is a Failure (and should be investigated for “unfair and deceptive” complaint!)

Here’s what we included in our recent filing at the FTC.


The Failure of Industry Self-regulation

It should be evident to all that self-regulation to protect consumer privacy online has been a dismal failure, and the FTC must have the courage to admit this. After all, it wasn’t until CDD/USPIRG and other consumer groups filed well-publicized complaints (and helped create a public outcry over the privacy implications of the Google/DoubleClick deal) that the FTC finally issued its privacy principles in 2007.[183] And it took such pressure to awaken the National Advertising Initiative (NAI) and its members from the deep freeze of inaction, belatedly scrambling to “enhance” their “Self-Regulatory Code of Conduct, a set of binding Principles that has governed members since 2001.”[184] Since its inception, the NAI had been asleep at the digital self-regulatory “switch.” Otherwise we would not have had the ever-growing personalized data collection, profiling, and targeting apparatus that NAI’s members so enthusiastically embraced. The NAI, it should not be forgotten, was only created to head off serious action by the FTC back in 2000 as a result of the growing concern with online profiling.[185]

The revised NAI principles reveal how the group remains incapable of ensuring the protection of consumer privacy. They also demonstrate how the NAI cannot be relied on to offer the FTC—or the public—independent and honest proposals that would protect consumers from contemporary online data collection practices. For example, its revised principles—sadly—define sensitive information is the narrowest of terms: “Social Security Numbers or other Government-issued identifiers; Insurance plan numbers; Financial account numbers; Information that describes the precise real-time geographic location of an individual derived through location-based services such as through GPS-enabled devices; Precise information about past, present, or potential future health or medical conditions or treatments, including genetic, genomic, and family medical history.”[186]

The NAI and its members know full well that copious amounts of data relating to the financial and health status of consumers is currently being collected. Indeed expenditures for online financial marketing alone was $3 billion in 2008. The collection of consumer information resulting from online lead generation—which saw some $1.7 billion in spending last year—is deeply connected to data about a person’s interest in loans or credit.[187] A growing business in online pharmaceutical marketing is also actively harvesting consumer data, for purposes that include behavioral targeting. If the NAI were a serious independent entity capable of protecting consumers, it would have effectively articulated how sensitive information should be protected.

NAI’s narrow definition of personally identifiable information (PII) is out of touch with online marketing reality: “PII includes name, address, telephone number, email address, financial account number, government-issued identifier, and any other data used or intended to be used to identify, contact or precisely locate a person.”[188] We urge the commission to examine NAI members’ sites so it can view for itself the stark discrepancies between what is promised advertisers in terms of personalized consumer targeting and the NAI’s purposefully narrow and inaccurate definition of PII.

Finally, we find it absurd that all the NAI could do in serving the privacy interests of young people is to conform to the legal standards of the Children’s Online Privacy Protection Act. (COPPA is a law CDD’s executive director played a key leadership role in helping pass in 1998.) It is unfortunate that the NAI could not offer new safeguards for children, including policies to protect adolescent privacy.

Unfortunately, the “Self-Regulatory Principles for Online Behavioral Advertising,” released in July 2009 by the American Association of Advertising Agencies, Association of National Advertisers, Council of Better Business Bureaus, Direct Marketing Association, and the Interactive Advertising Bureau, are equally inadequate.[189] While an improvement over the stance embraced by the IAB in 2008, when it claimed there were no privacy concerns related to behavioral advertising, the new principles cannot be relied on to protect consumers.[190] Its “Sensitive Data” principle in particular, much like the NAI’s, is so inadequate that the FTC should consider bringing an Unfair and Deceptive Complaint against its authors. There are only two categories of information listed under the sensitive principle: Children and “Health and Financial Data.” Under the latter, AAAA et al’s principle is simply that “Entities should not collect and use financial account numbers, Social Security numbers, pharmaceutical prescriptions, or medical records about a specific individual for Online Behavioral Advertising without Consent.”[191] Again, this flies in the face of what the members of these groups actually do when collecting health and financial data for online advertising. As for protecting children, the AAAA and its associates—like the NAI—simply endorse the legal framework already required by COPPA. But by failing to address adolescent privacy, the AAAA et al. reveal that they are really concerned only with maintaining the data collection/profiling/targeting status quo.

As the history of self-regulation of the media in the U.S. makes clear, we need strong baseline laws and regulations to ensure serious industry compliance. That’s why this new proceeding must lead to FTC action that will ensure that consumer privacy online is finally safeguarded.

Google+AdMob=Mobile Privacy Issues for the FTC. Questions should be raised about mobile targeting via “ethnicity”

The Federal Trade Commission should examine the privacy issues connected to the Google/AdMob deal.  As we informed the FTC yesterday, AdMob says it can target via “age, gender, HHI, ethnicity, education & context.”

The CDD/USPIRG complaint on mobile advertising provides useful analysis. Here’s an excerpt on its discussion about AdMob:

AdMob: “Mining All the Data We’ve Captured”
AdMob is a “mobile advertising network” seeking to “target mobile users and monetize mobile traffic.” There is inadequate notice and little opportunity to opt-out of this data- gathering. Few mobile users realize that their communications and actions are monitored and recorded in order to create intimate profiles for marketing purposes.
AdMob also targets the youth demographic. It segments “market audiences” into several categories, including a “Digital Natives” category, which include boys and girls as young as 13.  AdMob also focuses on social networking sites, claiming it “enables developers to monetize Facebook mobile applications by integrating AdMob’s industry-leading mobile publishing solutions into any Facebook mobile application. Developers building mobile web applications for the Facebook community using the Facebook Platform for Mobile can easily integrate the AdMob code to start serving ads….”

And AdMob is continually seeking to mine and monetize the data gathered on unsuspecting youths and other mobile users. AdMob’s CEO Omar Hamoui admitted, “We are investing a fair amount of development resources into mining all the data we’ve captured over the last 12 months of ad serving and targeting.”

AdMob gathers this data (and targets youths) without adequate notice to the consumer, making it difficult for a mobile user to weigh the costs and benefits and choose whether to opt out of this profiling. This constitutes unfair and deceptive practices, and the Federal Trade Commission should scrutinize these actions.

Bravo to Public Voice’s “Global Privacy Standards for a Global World” Madrid Declaration

Last week, NGO’s and activists from across the world met in Madrid Spain to discuss threats to privacy and human rights.  It was part of the Public Voice’s excellent work to ensure that civil society is well represented in the debates over privacy and other digital media issues.  Over 100 NGO’s, including my own CDD, were initial endorsers of the “Global Privacy Standards for a Global World” Madrid Declaration. It was well received by policy makers, including the data protection commissioner community.  The all day meeting and related efforts was organized by the remarkable Katitza Rodriquez.  Bravo to her and everyone involved.

The Declaration and related work at the Data Protection conference provided a much needed counter-balance to the failure of leading online companies to seriously address their data collection practices and plans.

“Cookie Wars, Real-Time Targeting, and Proprietary Self Learning Algorithms: Why the FTC Must Act Swiftly to Protect Consumer Privacy”

That’s the title of comments filed at the U.S. Federal Trade Commission by my Center for Digital Democracy and U.S. PIRG.  I also just gave a presentation with the same name at last week’s meeting of data protection commissioners in Madrid, Spain.   It’s available here.

Here’s an excerpt:   Today, consumers online face the rapid growth and ever-increasing sophistication of the various techniques advertisers employ for data collection, profiling, and targeting across all online platforms. The growth of ad and other optimization services for targeting, involving real-time bidding on ad exchanges; the expansion of data collection capabilities from the largest advertising agencies (with the participation of leading digital media content and marketing companies); the increasing capabilities of mobile marketers to target users via enhanced data collection; and a disturbing growth of social media surveillance practices for targeted marketing are just a few of the developments the commission must address. But despite technical innovation and what may appear to be dramatic changes in the online data collection/profiling/targeting market, the commission must recognize that the underlying paradigm threatening consumer privacy online has been constant since the early 1990’s. So-called “one-to-one marketing,” where advertisers collect as much as possible on individual consumers so they can be targeted online, remains the fundamental approach.

Huffington Post CEO Opposes Consumer Privacy Safeguards [HuffPost CEO Eric Hippeau Doesn’t Get Privacy]

File this under “we aren’t concerned about the public interest when it may affect our bottom line.”  At yesterday’s Web 2.0 Summit conference, a panel on the future of news included representatives from HuffPo, Google, the NYT and others.  When a question was asked from the audience about behavioral targeting, here’s what Huffington Post CEO Eric Hippeau said [according to the WSJ]:

“it’s much ado about nothing. “I’d much rather see an ad I’m interested in,” he says. Efforts at regulation are made by people who “don’t get it.”

Shame on Mr. Hippeau.   Perhaps he opposes protecting consumer privacy because it would be inconvenient while his company expands its online ad targeting business.  HuffPost uses a range of online data collection and targeting tools, including Pubmatic for ad optimization, and Admeld. It uses Time Warner’s behavioral targeting subsidiary Tacoda [advertising.com] and also Google’s DoubleClick service.  Here’s an excerpt from HuffPost’s privacy policy:

“The more we know about you, the better we are able to customize our web site to suit your personal preferences and interests… We may also from time to time send you messages about our marketing partners’ products. To maintain a site that is free of charge and does not require registration, we display advertisements on our web site. We also use the information you give us to help our advertisers target the audience they want to reach…the ads appearing on HuffingtonPost.com are delivered to you by DoubleClick, our Web advertising serving partner. Information about your visit to this site, such as number of times you have viewed an ad (but not your name, address, or other personal information), is used to serve ads to you on this site. And, in the course of serving advertisements to this site, third party advertisers may place or recognize a unique cookie on your browser.”
As we have said, we can both protect privacy and also foster the growth of the online ad market.  Mr. Hippeau revealed a starkly uninformed–and crass–dimension to the HuffPo’s corporate leadership.



Customized Online Ads using vast data sets

Steve Lohr of the New York Times reports in Bits that “Murthy Nukala, the chief executive of Adchemy, calls his company’s technology “statistical personalization.” It doesn’t really identify a person, he said. But by probing vast data sets, from click streams to marketing information from firms like Acxiom, Adchemy can identify the sorts of people -– by age, gender and interests -– that advertisers want to pinpoint.“We don’t hold any data. We just connect to 30 or 40 data sources,” Mr. Nukala said.”

Adchemy is a good example of the growing data collection apparatus that fine-tunes the pitch by using “customized marketing content” along with its real-time analysis.  Here’s an excerpt from its website:

Highly customized marketing based on visitor context. All prospects – even anonymous ones – can be described by multiple attributes, including publisher, placement, search query, ad displayed, ad element clicked, geography, demographics, time of day/week/month and other marketer-defined attributes. Adchemy calls the sum total of all these attributes “visitor context.” At every level of the Customer Acquisition Funnel, the Adchemy Digital Marketing Platform dynamically generates the most customized marketing content for the prospect based on the visitor context.

Continuously optimized, real-time content delivery. Based on the user’s visitor context, the best content is served to each visitor in real time without any manual, human involvement. The learning engines proactively synthesize advertising performance and respond automatically to each customer with appropriate content based on powerful patent-pending statistical techniques. Adchemy’s patent-pending statistical techniques speed up the traditionally slow process of gathering statistically significant marketing insights.

“Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents”

That’s from an important new research paper by Professor Catherine Dwyer of the Seidenberg School of Computer Science and Information Systems, Pace University.  “Behavioral Targeting: A Case Study on Consumer Tracking on Levis.com” was presented at the 15th Americas Conference on Information Systems.   We have sent the paper to Congress, the European Commission and the FTC.  In its summary, Prof. Dwyer explains that:

In order to illustrate the nature of consumer tracking, a case study was conducted that examined behavioral targeting within Levis.com, the e-commerce site for the Levis clothing line. The results show the Levis web site loads a total of nine tracking tags that link to eight third party companies, none of which are acknowledged in the Levis privacy policy. Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents.