AOL also describes to Reps. Barton and Markey the way they use cookies that doesn’t reflect what they say to clients--such as “Target users based on attributes from user registration or third-party data (e.g. age, gender, income, kids)… Retarget users who visit your website… Target users within households using Experian’s statistical modeling based on hundreds of offline data elements that are most predictive for defining the specific audience of consumers.†For question 1, they refer to their privacy policy—something few consumers would read or understand. Nor does the privacy policy spell out how AOL collects and targets users, as they do for potential clients. See and compare to privacy policy. See how they offer targeting based on political information.
Question 2: They didn’t answer completely. They should have included information from here. And what their partners collect.
Question 3. They should have said they urge advertisers to use pixels, beacons and other tracking tools:   “Place pixels on all high-traffic pages… Target broadly… Most networks, including Advertising.com, look at IP or cookie data to determine if a user is part of a specific demographic or has demonstrated a particular online behavior, such as shopping for a car, browsing cooking sites, and so on. With user targeting, you reach those consumers directly, regardless of the sites they happen to be visiting.â€
And they say that the third party cookies don’t identify the “specific user.â€Â But that’s what AOL says it can target: “Target users within households… Retarget users who visit your website… Target users within households that demonstrate the highest propensity to buy certain products…â€
Question 7. They don’t say what they do. It’s monetizing all the data: “We monetize nearly 1.5 billion impressions per day on average.â€
Yahoo isn’t alone in not being candid to Congress. Here’s what News Corp should have also said to the Congress about its data collection, profiling and targeting system.Â
It should have informed Congress how its Fox Interactive Media (FIM) data-mines its users daily. From its data-mining company: “FIM operates some of the highest-traffic websites in the world, including MySpace, and serves over 5 billion online ads across its sites per day. Each of these ads is optimized and targeted to specific audiences based on analysis of web traffic, user behavior and click patterns. As part of our targeted ad serving platform, we analyze nearly 2,000 identifying variables for each of the millions of visitors to our sites every day (tracking and analyzing, for example, whether a visitor likes jazz, but also whether they respond more to car ads than to pizza ads). While our targeting process was already one of the most advanced in the industry, we were eager to improve ad click-through rates further by fine- tuning targeting. To get to this next level of targeting precision, we needed to analyze massive volumes of data to discover patterns and identify relevant targeting criteria across segments and demographics. FIM implemented Greenplum for its parallel, multi-core architecture that could scale to support our massive data volumes, but also because the Greenplum data warehouse allows data analysis to be performed directly within the warehouseÂ
– instead of having to extract it first…our team can execute lightning-fast queries against a matrix that is 4 billion rows tall and 1 million rows wide, running tests against thousands of variables for each for the 5 billion ads FIM serves to visitors each day. What’s more, we can now complete 10,000 experiments against 20 million site visitors in just three hours. Previously, it took an entire day just to extract the data – and then another whole day to run the tests. The result has been faster and more efficient data analysis, which has in turn enabled more precise ad targeting, delivering up to 200% higher click- through rates for the 5 billion ads served daily across the FIM network…our research analytics team uses Greenplum Database to conduct tens of thousands of real-time tests against millions of users every day, analyzing each visitor’s reaction to ads against over with an absolute deluge of data.â€
If George Orwell were writing today, 1984’s Winston Smith would be working as a “Doublespeak†specialist crafting privacy policies and creating self-regulatory regimes for the online ad industry. None of the replies provided to Reps. Markey and Barton answered the basic charge posed by the WSJ in its series and previously raised by privacy advocates: that “[O]ne of the fastest-growing businesses on the Internet is the business of spying on Internet users.â€Â  All the companies hide behind `it’s a business as we created it and good for everyone’ facade. Many use a scare tactic claiming that the data collection model they developed is responsible for funding online content/publishing and without it much/if not all of the Internet would vanish (as if you can’t have both robust e-commerce and privacy!). Many of the answers to Congress also say that their privacy policies and membership in self-regulatory groups (such as the NAI) reflect best practices (as if they automatically vanish the problems!). The companies don’t take responsibility for the problem or acknowledge that there are privacy concerns outstanding.Â
The responses reflect the Orwellian recasting of industry terms on the data collection practices it created and operates. Behavioral targeting (with $1.13 billion this year in spending for this type of ad) has been transformed into “preference,†“relevant,†or “interest†targeting. Online profiling and targeting is now called “customization.â€Â The industry is running away from the precise definitions they created and use because they are honest terms showing consumers are being tracked, profiled and targeted based on our behaviors and actions. Finally, several of the companies submitted their privacy policies.  In order to full understand them, a consumer (in between taking their children to school or a soccer game, working, shopping, cooking) would simultaneously also have to be a technologist, lawyer, and investigator, to understand and control all the cookies, etc.
Also, the companies resort to a now out-of-date definition of what’s considered so-called personally identifiable information (PII). Cookies, IP addresses, pixels and web bugs, they claim, are “non-PII†and hence fail to raise privacy concerns. Yet both the EU and FTC have said that in today’s online data collection world, the old definition of what’s identifiable no longer really works. The FTC explained last year that “[S]taff believes that, in the context of online behavioral advertising, the traditional notion of what constitutes PII versus non-PII is becoming less and less meaningful and should not, by itself, determine the protections provided for consumer data. Indeed, in this context, the Commission and other stakeholders have long recognized that both PII and non-PII raise privacy issues…
Companies such as Yahoo, AOL, About.com (NYTimes Co), News Corp/MySpace and others are disingenuous in their responses—failing to inform the Congress what they tell their clients and prospective advertisers. Among the most cynically self-serving is Yahoo. First, Yahoo did not describe all the ways it collects data on users when it answered question 1. For example, examine Yahoo’s Advertising Blog, where you can find a discussion of far-ranging techniques used in the data collection process. Most of which are not spelled out or really explained in the privacy policy; See also, Yahoo’s “smart ad†technology that changes the copy in real time based on the data it collects. Its privacy policy really doesn’t explain it in the same way it pitches itself to clients. Yahoo says in its Hill letter that it “may†acquire data from external sources and gives the link to that section of its privacy policy. Not even a multi-tasking genius could opt-out all of that. Nor does Yahoo tell you about the tons of data on consumers their partners collect.  Also, they say in question 3 how they collect data, but tell potential clients a more informed story: “Yahoo! gets to know its visitors to give them what they’re looking for, even when they’re not actively looking. In part, Yahoo! does this by using an industry practice called behavioral targeting (BT)… Yahoo! BT goes beyond common rules-based segmentation or grouping of consumers by the sites they’ve visited. The tool is powered by sophisticated modeling technology based on extensive online interactions that include searches, page views, and ad interactions. With these models, Yahoo! identifies what consumers are interested in and predicts where they are in the buying process, thereby determining which consumers may respond best to your ad placements.† In question 4-5, Yahoo claims its users have all the information they require via the privacy policy. But Yahoo’s information for perspective clients tells a more complete and different story: “With rich media, you benefit from deep reporting that goes way beyond the click. Track time spent watching video, mouse-over interactions, poll results, average number of panels interacted with and much more. If you design it, we can track it… Partner with Yahoo! to produce unique, immersive consumer experiences that integrate your brand…â€Question 9, again, they call it “customized experience†to Congress—and “smart ads†that track and learn about you when they explain it to advertisers.  Question 10. Health and finance. Yahoo failed to tell Congress they track and target consumers health and financial info. And they target teens. For health; finance.
Danah Boyd, like many other digital media researchers, fails to examine the business practices which shape and construct most of contemporary online media. Ms. Boyd is quoted in last week’s Boston Globe about the Children’s Online Privacy Protection Act saying “[I]t’s well-intentioned, but this legislation has failed on every level.” Ms. Boyd is incorrect.  A whole range of interactive ad practices and techniques commonly found on most digital sites has not been embraced by the under-13 online advertising market. The goal of COPPA was to help structure the commercial online data collection and targeting practices aimed at young people–and it’s done so (just see what kind of data collection and targeting practices occur the minute anyone reaches 13. From that age onwards, everyone is fair game for a wide range of very disturbing practices, most of which collect and use our information). Ms. Boyd and the Globe article are also incorrect claiming that “Congress is considering renewing” COPPA.  The FTC is currently conducting a periodic review of COPPA’s rules and the Congress has held hearings on the law. But Congress doesn’t have to “renew” COPPA.
Finally, a challenge to Ms. Boyd. She is working for Microsoft–which is targeting youth across the globe via its advertising division. Microsoft Advertising is collecting data and targeting teens for junk food and other products. See Microsoft’s “How to Target Young People Online” and other materials, for example. Ms. Boyd needs to analyze what her employer–and other financial backers from the online ad industry supporting Berkman–are doing regarding youth–and hold them and herself accountable.
On Monday, the new self-regulation magical “icon” that is designed to make the online ad industry’s privacy problems disappear will be unveiled. A new group called the “Digital Advertising Alliance” will unveil the icon-based plan–all timed to help head-off the kinds of protections and safeguards consumers require. The current financial crisis affecting tens of millions of Americans require that government and big business groups do more than pay digital lip service to consumer protection.
As a kind of litmus test for the new self-regulation effort, see if the icon and the information connected to it really informs you about how data on you is collected and used for profiling, tracking and targeting. For example, last week, the Interactive Advertising Association (IAB), one of the key backers of the new Alliance, released a guide to targeting consumers at the local level. Here’s excerpts of what they say. See if that little icon is being honest when you click it. Of course, we really require rules that eliminate the kind and amount of data that can be collected on you and you family and friends in the first place–as well as honest disclosure on the process. Note as well that all that data on you is expensive–and others are cashing in on information that belongs to you! From the new “Targeting Local Markets” guide:
Explicit profile data Targeting. definition–
Explicit data is “registration quality data†collected either online or offline. For online registration data, the user has certain attributes in his or her registration profile at a particular site or service, and that data is associated with the user’s Web cookie or some sort of audience database when the user next logs in. Offline registration data includes the sorts of data held in the massive offline direct response industry databases built up over the last several decades. These are then matched to a user online when that user logs in somewhere that is a partner of the data company. The site at which the user logs in, usually an online mail or similar site, sends the name/email combination to the data company, which then makes the match and sends back data…pricing–In general, first party data commands a far more variable premium than third party data…Third party data is usually available in much larger quantities, and yet there is often a fee of anywhere between $0.50 to $2.00 or more paid to the data provider by the ad seller – thus increasing the cost of goods sold (COGS) on the ad, and therefore increasing the price…
Behavioral Targeting (Implicit profile data Targeting)-definition-
Behavioral Targeting is the ability to serve online advertising based on profiles that are inferred from an individual user’s technical footprint and viewing behavior…As the medium has grown from a “browsing†experience to interactional so have the levels of information gathered. Newer forms of information include the data collected about influences, social preferences through social networks and an individual user’s content created online…The data is often gathered in real-time and can be used for real-time decision-making so that relevant advertising can be delivered dynamically to an individual user during their online session…Behaviorally targeted advertising commands a higher price because of targeted placement versus general run-of-site (ROS) advertising…Behavioral Targeting can be highly accurate when the user is leaving a digital footprint of their activities as they move through the Web.
To help undermine the impact of the forthcoming FTC proposal to protect consumer privacy, a coalition of online ad lobby groups will unveil yet another self-regulation plan. According to Mediapost, online consumers will soon see “[I]cons to signify behavioral advertising — or serving ads based on people’s Web activity.” Since 1999, online ad groups have rolled out self-regulatory regimes promising to protect consumers online. Each has failed to do so.  This new effort involves the very same groups and companies that offered self-regulatory promises in the past.  For example, see the World Privacy Forum’s report on the failure of the Network Advertising Initiative’s self-reg schemes; that group is part of the new effort, btw.
This new effort is seriously flawed–and before marketers and advertisers adopt it, it must be independently evaluated by consumer groups, independent academics, and the FTC. We believe that the system will fail to protect consumers–because it will not candidly inform them about how the data is collected and used. Meanwhile, in a revealing flip-flip, the IAB’s UK counterpart deep-sixed its just released safeguard on retargeting. According to a new report, “[O]nline advertising trade body the Interactive Advertising Bureau (IAB) has withdrawn a code of practice which recommended that behavioural advertising retargeting cookies should expire after 48 hours. The IAB’s Affiliate Marketing Council (AMC) published the code last week. It applied to the practice of ‘retargeting’ web users who had visited a site with ads for that site on other people’s websites, using cookies to track their movements and activities…That code has been withdrawn and will be reworked after further industry consultation, though, the IAB said. The code has disappeared from the IAB’s website.”
Consumers and citizens require real safeguards governed by law and regulation–not flimsy digital promises designed to sanction ever-expanding data collection practices.
Google tells users, policymakers and reporters that its “ad preference manager” is an effective consumer tool that addresses behavioral marketing. But on its Doubleclick Ad Exchange, advertisers can use Google provided tools to target online consumers based on a wide range of product and issue “vertical” categories, including health and finance. Here’s what Google says advertisers can target in the health and financial area. Ask yourself. Did you know this and shouldn’t all this be truly transparent, under full user control, with real safeguards about how such information can be obtained and used? We do. Google isn’t the only one doing this, of course: Doubleclick Category Targeting Codes: category::Finance
category::Finance>Accounting & Auditing
category::Finance>Accounting & Auditing>Tax Preparation & Planning
category::Finance>Banking
category::Finance>Credit & Lending
category::Finance>Credit & Lending>Auto Financing
category::Finance>Credit & Lending>College Financing
category::Finance>Credit & Lending>Credit Cards
category::Finance>Credit & Lending>Debt Management
category::Finance>Credit & Lending>Home Financing
category::Finance>Currencies & Foreign Exchange
category::Finance>Financial Planning
category::Finance>Grants & Financial Assistance
category::Finance>Insurance
category::Finance>Insurance>Auto Insurance
category::Finance>Insurance>Health Insurance
category::Finance>Insurance>Home Insurance
category::Finance>Investing
category::Finance>Investing>Commodities & Futures Trading
category::Finance>Retirement & Pension
My CDD and USPIRG asked the FTC in January 2009 to investigate mobile marketing and its threat to both privacy and consumer protection issues (Ringleader Digital, now the subject of lawsuits and stories in the WSJ and NYT, was included in the complaint, btw). Online mobile marketers, including Microsoft and Google, illustrate how regulators in the U.S. and abroad should require safeguards to protect the public from unfair and deceptive practices–including those that involve their privacy. In Ad Age, both Google and Microsoft loudly proclaim what their mobile marketing services can do for brands, ads and marketers. Here are some choice excerpts:
Microsoft: “Microsoft Advertising’s industry-leading mobile display and search advertising solutions engage more than 43 million on-the-go U.S. consumers each month—regardless of a user’s mobile phone or wireless carrier. Its innovative ad placements and ad formats include display, rich media, search, video and custom in-app ad units…
Advanced Targeting Options
Profile targeting: age, gender, household income, location, time of day
Behavioral targeting: more than 120 custom segments (e.g., “movie watchers” and “business travelers”)
Device: make and model
Wireless carriers: on-deck inventory
Keyword targeting: exact or broad match…Complete mobile ad solutions for automotive, CPG, entertainment, financial services, retail, technology, telecommunications, travel and other sectors…
More than 43 million, or 55 percent of active mobile web users in U.S.
More than 80 million active mobile users globally in 32 countries.”
Google: “Today’s consumers are on the move. More than ever before, audiences are searching and browsing the web on their mobile devices. How do advertisers connect with the on-the-go consumer…As customers go mobile, advertisers need smart mobile advertising strategies. With Google, they can easily target and tailor messages according to location and automatically show their customers relevant local business information or phone numbers to enable them to take immediate action. Once a campaign is up and running, marketers can measure their results via detailed reports. Additionally, integrated mobile reporting in Google Analytics allows them to track and optimize conversion, e-commerce and engagement metrics on mobile devices. They can take advantage of Google’s mobile-specific ad formats. Click-to-call text ads, animated mobile banner ads, click-to-download ads and other display ad formats are examples of how Google is innovating for the small screen. Google closed its acquisition of AdMob, one of the world’s leading mobile advertising networks, in May. AdMob’s innovative rich media ad units—including full-screen expandable, animated banner and interactive video—create opportunities for advertisers to engage with a relevant audience on their mobile devices. Now the Google and AdMob teams are working to create new ways to deliver engaging and innovative advertising experiences that will help marketers drive their businesses forward…
CASE STUDY
CHALLENGE: Esurance, a direct-to-consumer personal car insurance company, wanted to ensure that customers could do business with it on their own terms and at their own convenience… To make the connection between mobile users and Esurance agents, Esurance used Google mobile ads with integrated click-to-call functionality. The CTC ads gave mobile users the option of clicking through to Esurance’s mobile-optimized landing page or initiating a phone call with a licensed insurance agent…Results…
Boosted conversion rates: Click-to-call mobile ads drove a 30 percent to 35 percent higher response.”
PS: Attention Music Lovers. In the same Ad Age piece, the online music service Pandora exclaims that it can provide:“Through powerful hypertargeting, reach the right person, at the right time, without waste. Target based on age, day, gender, location, mobile platform, time and type of music…Pandora offers a broad array of formats and rich media functions to create an immersive mobile experience, including:
As news reports emerge that Facebook is preventing a group boycotting Target Stores for its political positions able to use the social network’s functionality, it’s important to connect its business relationship with the chain store.  Facebook recently made a deal with Target as part of its marketing push for its virtual “Credits” currency. The growing relationship of the biggest brands and Facebook, and what happens to our information and how these companies get preferred treatment, must be on the policy and advocates agenda. Politico reported that: “As the number of Facebook members signed up for the “Boycott Target Until They Cease Funding Anti-Gay Politics†page neared 78,000 in recent days, Facebook personnel locked down portions of the page — banning new discussion threads, preventing members from posting videos and standard Web links to other sites and barring the page’s administrator from sending updates to those who signed up for the boycott.”
Facebook and Target stores are new partners, something which may explain its censorious efforts. Inside Facebook also recently reported:“Following recent efforts by Zynga, Playdom and other social gaming companies to launch pre-paid cards for virtual goods in stores, Facebook is going direct — starting this Sunday, it will allow users to buy pre-paid cards for its virtual currency, Credits, within 1,743 Target retail locations across the US and on Target.com.
Cards can be purchased in $15, $25 and $50 increments, similar pricing to what you’ll see for a wide variety of other pre-paid game cards already available in Targets and other stores around the country.
Facebook itself is also helping to push the new integration, by including a Target store finder on its official Credits splash page. When users click on the “Redeem Gift Card†in the Facebook Credits gift cards section of the Credits page, they’ll see a popup window asking them to enter the scratch-off number on the back of the Credits card. Clicking “Redeem Now†will add the amount of Credits purchased to their Facebook account.”

That’s the formula Yahoo is using to please its largest advertisers, explains an article in The Register. The report explains that Yahoo’s economist Preston McAfee has created a “magical formula” for its ad targeting service: “a formula designed to keep Yahoo!’s largest advertisers as happy as possible. It lets each of those guaranteed-contract advertisers pick and choose — in remarkably precise fashion — how their ads are targeted, even though there are more than three trillion possible targets…Yes, Yahoo! has advertisers who only want to reach women between the ages of twenty and thirty. But it also has advertisers who only want to advertise in cities where the sun is shining. There are brokerage houses who only want to advertise when the stock market is up…What is really ‘magic’ about this is that it gave us a backdoor way to price three trillion different pieces of advertiser demand,” McAfee says…The setup also gives Yahoo! fine-grain control over each advertiser’s campaign. “It gives us a dial to favor an advertiser,” he continues. “If one of our advertisers is not getting enough impressions, we turn the dial and increase their bids, to make sure we fulfill the contract.”
But what’s needed is a policy formula–that creates privacy and other consumer protection safeguards. Online marketing’s use of advanced computing systems and real-time ad auctions of data on individual users underscores the problem–the industry is running amok.  Consumers shouldn’t be subject to powerful invisible technologies that track, profile, target and sell them to the highest bidder.