The new “Digital Advertising Alliance” self-reg plan. See if it tells consumers what its sponsor ad groups really say to each other. That they track and target your “digital footprint”

On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled.  A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require.  The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.

As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level.  Here’s excerpts of what they say.  See if that little icon is being honest when you click it.  Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process.  Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you!  From the new “Targeting Local Markets” guide:

Explicit profile data Targeting. definition–
Explicit data is “registration quality data” collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…

Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing” experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.

Consumer and Privacy Groups at FTC Roundtable to Call for Decisive Agency Action

Washington, DC, December 6, 2009 – On Monday December 7, 2009, consumer representatives and privacy experts speaking at the first of three Federal Trade Commission (FTC) Exploring Privacy Roundtable Series will call on the agency to adopt new policies to protect consumer privacy in today’s digitized world. Consumer and privacy groups, as well as academics and policymakers, have increasingly looked to the FTC to ensure that Americans have control over how their information is collected and used.

The groups have asked the Commission to issue a comprehensive set of Fair Information Principles for the digital era, and to abandon its previous notice and choice model, which is not effective for consumer privacy protection.

Specifically, at the Roundtable on Monday, consumer panelists and privacy experts will call on the FTC to stop relying on industry privacy self-regulation because of its long history of failure. Last September, a number of consumer groups provided Congressional leaders and the FTC a detailed blueprint of pro-active measures designed to protect privacy, available at: http://www.democraticmedia.org/release/privacy-release-20090901.

These measures include giving individuals the right to see, have a copy of, and delete any information about them; ensuring that the use of consumer data for any credit, employment, insurance, or governmental purpose or for redlining is prohibited; and ensuring that websites should only initially collect and use data from consumers for a 24-hour period, with the exception of information categorized as sensitive, which should not be collected at all. The groups have also requested that the FTC establish a Do Not Track registry.

Quotes from Monday’s panelists:

Marc Rotenberg, EPIC: “There is an urgent need for the Federal Trade Commission to address the growing threat to consumer privacy.  The Commission must hold accountable those companies that collect and use personal information. Self-regulation has clearly failed.”

Jeff Chester, Center for Digital Democracy: “Consumers increasingly confront a sophisticated and pervasive data collection apparatus that can profile, track and target them online. The Obama FTC must quickly act to protect the privacy of Americans,including information related to their finances, health, and ethnicity.”

Susan Grant, Consumer Federation of America: “It’s time to recognize privacy as a fundamental human right and create a public policy framework that requires that right to be respected,” said Susan Grant, Director of Consumer Protection at Consumer Federation of America. “Rather than stifling innovation, this will spur innovative ways to make the marketplace work better for consumers and businesses.”

Pam Dixon, World Privacy Forum: “Self-regulation of commercial data brokers has been utterly ineffective to protect consumers. It’s not just bad actors who sell personal information ranging from mental health information, medical status, income, religious and ethnic status, and the like. The sale of personal information is a routine business model for many in corporate America, and neither consumers nor policymakers are aware of the amount of trafficking in personal information. It’s time to tame the wild west with laws that incorporate the principles of the Fair Credit Reporting Act to ensure transparency, accountability, and consumer control.”

Written statements and other materials for the roundtable panelists are available at the following links:

CDD/USPIRG: http://www.democraticmedia.org/node/419

WPF: http://www.worldprivacyforum.org/pdf/WPF_Comments_FTC_110609fs.pdf

CFA: http://www.consumerfed.org/elements/www.consumerfed.org/File/5%20Myths%20about%20Online%20Behavioral%20Advertising%2011_12_09.pdf

EPIC: www.epic.org

Technology Policy Institute Spins the Privacy Debate in D.C.–Group funded by Some of the Biggest Data Collection Companies

Today, the Technology Policy Institute (TPI) is holding a Hill forum on privacy and the Internet.  The group’s announcement for the event states that More privacy, however, would mean less information, less valuable advertising, and thus fewer resources available for producing new low-priced services.  It is this tradeoff that Congress needs to take into account as it considers new privacy legislation.”

What an absurd, reductionistic, and intellectually-dishonest claim.  First, this group is funded by some of the largest companies engaged in behavioral data collection and also fighting meaningful privacy policies.   That includes Google and Time Warner.  TPI’s other funders involved in some form of data collection and targeted interactive marketing include AT&T, Cisco, the National Cable and Telecommunications Association and Verizon.  Rep. Cliff Stearns, the ranking member of the House Subcommittee on the Communications, Technology, and the Internet is speaking at the event: that committee is currently drafting privacy legislation to protect consumers.  Panel speakers include TPI supporters Google and Comcast.  The lone privacy group on the panel, CDT, is funded by Google and others.  One academic on the panel also works for a high-tech consulting company.  The other panel academic has done fine work on social networks and privacy.

What makes TPI’s posturing absurd, beyond its funding conflicts, is the current economic crisis.  Consumer privacy laws are required to ensure that our financial, health and other personal transactions online are conducted in a responsible manner.  Anyone–or group–who believes that we can’t have both privacy and a robust online marketplace is out of touch.

Online Consumers Require Real Privacy Safeguards, Not the Digital Fox [AAAA, ANA, BBB, DMA & IAB] in Charge of the Data Hen House

The self-regulatory proposals released today [2 July 2009]  by five marketing industry trade and lobby groups are way too little and far too late. This move by the online ad industry is an attempt, of course, to quell the growing bi-partisan calls in Congress to enact meaningful digital privacy and consumer protection laws. It’s also designed to assuage a reawakened Federal Trade Commission–whose new chair, Jon Leibowitz, recently appointed one the country’s most distinguished consumer advocates and legal scholars to direct its Bureau of Consumer Protection (David Vladeck). The principles are inadequate, even beyond their self-regulatory approach that condones, in effect, the “corporate fox guarding the digital data henhouse.” Effective government regulation is required to protect consumers. We should have learned a painful lesson by now with the failure of the financial industry to oversee itself. The reckless activities of the financial sector—made possible by a deregulatory, hands-off government policy–directly led to the current financial catastrophe. As more of our transactions and daily activities are conducted online, including those involving financial and health issues–through PCs, mobile phones, social networks, and the like–it is critical that the first principle be to ensure the basic protection of consumer privacy. Self-dealing “principles” concocted by online marketers simply won’t provide the level of protection consumers really require.

The industry appears to have embraced a definition of behavioral targeting and profiling that is at odds with how the practice actually works. Before any data is collected from consumers, they need to be candidly informed about the process–such as the creation and evolution of their profile; how tracking and data gathering occurs site to site; what data can be added to their profile from outside databases; the role that data targeting plays on so-called first-party websites, etc. In addition, the highest possible consumer safeguards are necessary when financial and health data are involved. Under the loosey-goosey trade industry principles, however, only “certain health and financial data” are to be treated as a “sensitive” category. This would permit widespread data collection involving personal information regarding our health and financial concerns. The new principles, moreover, fail to protect the privacy of teenagers; nor do they seriously address children’s privacy. (I was one of the two people that led the campaign to enact the Children’s Online Privacy Protection Act).

The failure to develop adequate safeguards for sensitive consumer information illustrates, I believe, the inability of the ad marketing groups to seriously address online privacy. The so-called “notice and choice” approach embraced by the industry has failed. More links to better-written privacy statements don’t address the central problem: the collection of more and more user data for profiling and targeting purposes. There needs to be quick Congressional action placing limits on the collection, use and retention of consumer data; opt-in control over profile information; and the creation of a meaningful sensitive data category. Consumer and privacy groups intend to work with Congress to ensure that individuals don’t face additional losses due to unfair online marketing practices.

[press statement by the Center for Digital Democracy]

Congressional Internet Caucus and the State of the Mobile Net: Corporate Donors Influence Group’s Agenda, Leaving Public Vulnerable to Loss of Privacy

When will members of the Congressional Internet Caucus wake up and address the role its special interest dominated “Advisory” Committee is playing?  The Caucus is holding a “State of the Mobile Net” conference on April 23.  It’s doubtful Congress will be receiving the unbiased information they need, given that the sponsors of the event are the leading companies engaged in mobile marketing and data collection.  As typical of the “business model” crafted by the Center for Democracy and Technology connected group known as the Internet Education Foundation, the event prominently acknowledges its  Platinum” sponsors: the CTIA lobby group, Google, Microsoft and Verizon.  Gold” sponsors are AT&T, Nokia, T-Mobile.  There is also a category called “promotional” sponsors which lists Yahoo and several others.

It’s highly unlikely that the meeting will discuss the real issues challenging consumer privacy and welfare on the mobile Internet (including, we expect, the recent CDD/USPIRG complaint filed at the FTC– which has helped launch an investigation into that market).   The Advisory Caucus is run by the Internet Education Foundation, whose board members include representatives from Google, Verizon, Comcast, Microsoft, Recording Industry of America, and the Consumer Electronics Association. So the line-up of speakers is crafted to make sure that corporate donor feathers–and their willingness to continue to financially contribute–aren’t ruffled.  On the privacy panel for the event we have, of course, a representative from CDT.   There are also mobile marketers–including Yahoo and loopt.  There is the DLA Piper law firm that advocates for industry and a lone academic. Consumers and citizens deserve better from Congress.

PS:  As an example of how incredibly biased the Advisory Committee to the Congressional Net Caucus is, look at the description and speaker line-up of its recent briefing on online advertising.  A supposed “unbiased” event,  it featured industry lobbyists and several groups funded by online marketers!  Incredibly shameful!

Advisory Committee to the Congressional Internet Caucus

Anatomy of Online Advertising: Understanding the Privacy Debate
March 30, 2009…The purpose of the briefing is to provide an unbiased foundation for understanding the various privacy issues that Congress will debate in the context of online advertising.

Panelists:

* Paula Bruening, Hunton & Williams
* Maureen Cooney, TRUSTe
* Michael Engelhardt, Adobe Systems
* Tim Lordan, Congressional Internet Caucus Advisory Committee
* Jules Polonetsky, Future of Privacy
* Heather West, Center for Democracy & Technology
* Mike Zaneis, Interactive Advertising Bureau

Center for Democracy & Technology Goes for the “Gold” as it Raises $ for its “Gala” from AT&T, eBay, Microsoft, Google (and many other corporations)

CDT is having a “Gala Celebration” next month, supported by “Gold, Silver, and Bronze” sponsors.  AT&T, eBay, Microsoft and Google are listed at the $15,000 “Gold” level [“Two tables in Premium Location-Two tickets to the VIP Reception”]; Among the “Silver” sponsors [“One table-One ticket to the VIP Reception”] at the $7,500 tab include Time Warner (AOL), Dow Lohnes, Qorvis Communications (repping Sun, Cisco, etc), American Express, Verizon, Intel, US Chamber of Commerce, ID Analytics, Yahoo!, Arnold & Porter, IAC/Interactive Corp, Thompson LexisNexis, Hogan & Hartson (reps News Corp’s MySpace, among others), Comcast, and Sonnenschein Nath  & Rosenthal, LLP.   There are also a number of “Bronze” sponsor at the $1000 level [“One seat at a table”]. (CDT has a Facebook page on the event.)

CDT’s 2007 Gala, which honored Bill Gates, had “more than 900″ supporters” in attendance.

Progress & Freedom Foundation & Online Privacy: Looking at PFF’s Online Ad Industry [& Data Collecting] Funders

Two staffers from the Progress and Freedom Foundation (Adam Thierer and Berin Szoka) issued a quick response to the new FTC online marketing privacy principles.  In a press release announcing the short paper, PFF explains that:

Tighter regulation of the online advertising market in the form of privacy mandates, the authors warn, “would severely curtail the overall quantity of content and services offered—and greatly limit the ability of new providers to enter the market with innovative offerings.”

It’s interesting to consider what such “tighter regulation” of the online marketing might mean for the companies that fund the Progress and Freedom Foundation.  The list includes heavyweights of online data collection, such as Google, Microsoft, News Corp (MySpace and other Fox Interactive properties) and Time Warner.  PFF funders include monopoly ISPs which want to get into interactive data collection and online ad targeting big-time, such as Comcast, AT&T, and Verizon (other PFF supporters include a number of companies engaged in online ad targeting, such as Cox, CBS, NBC, etc).

Perhaps a good research project for PFF would be to examine the online data collection, analysis, and ad targeting work being done by its funders (including all the technologies being used).  We’d like to see the press release on that one!

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

New AT&T-funded “Future of Privacy” Group: Will it Support Real Privacy Protection or Serve as a Surrogate for Self-regulation and Data Collection?

A new group co-directed by former DoubleClick and AOL chief privacy officer Jules Polonetsky, called the “Future of Privacy Forum,” has been announced. It is connected to the law firm representing AT&T–Proskauer Rose–which has a considerable practice in the online marketing and data collection area. Other backers include Intel, General Electric, IBM and Wal-Mart.

We are concerned, however, that the role of the Forum is to help discourage Congress from enacting an opt-in regime for data collection. Both ISPs–such as AT&T, Verizon, Comcast and Time Warner–as well as online advertising companies such as Google/DoubleClick, Yahoo, and Microsoft must be governed by privacy laws which empower and protect consumers. The role of ISPs in any data collection for targeted online marketing, in particular, requires serious analysis and stringent safeguards. AT&T, Google, Microsoft, Comcast, the online ad networks, and social media marketers (to name a few) must be required to provide meaningful disclosure, transparency, accountability and user control (with special rules governing health, financial and data involving children and youth). Self-regulation has failed. If the Future of Privacy group is to have any legitimacy, it will work to support serious federal rules. But if it trots out some sort of voluntary code of conduct as a way to undermine the growing call for real privacy safeguards, this new group may soon be viewed as beholden to its funders and backers.

Network Advertising Initiative Continues to Protect Online Marketers Interests Instead of Consumer Privacy

The Network Advertising Initiative’s (NAI) real role is to protect the ability of its members (Google, Yahoo!, AOL, etc.) to collect huge amounts of profiling and targeting data from each of us. NAI claims it’s promoting self-regulation on data privacy through its principles and guidelines. But NAI has long been a toothless group, and is basically a public relations vehicle helping to cover the data crime and more-than-misdemeanors of the industry.

So it’s not surprising that last week, the NAI announced that while it supported an “opt-in” for the kind of behavioral targeting planned by the phone and cable companies, it didn’t believe such a safeguard was required for its data-collected membership. In a statement, NAI Executive Director Trevor Hughes said that his group “believes that opt-out continues to be an appropriate choice mechanism for traditional web-based behavioral advertising and this is part of our sliding scale framework.” That’s the political position taken, of course, by his members. They are the biggest behavioral targeters on the planet.

The NAI is a weak group which reflects the cynical view of the online ad industry.  NAI members hope that they can fool policymakers into believing consumer privacy can be safeguarded by the data wolves running the privacy hen house. The battle lines for the next Congress, the FTC and FCC are being drawn. Opt-out is a feckless approach to digital ad privacy. Responsible companies should be in the lead calling for meaningful opt-in. Note to NAI members:  Deregulation and industry self-governance–how shall I put it–doesn’t seem to have worked that well so far!