Did the Commerce Dep’t Give a Special Deal to the Online Data Collection Lobby?

It sure sounds that way, given what the Interactive Ad Bureau wrote on the new privacy proposal (our emphasis):

“The green paper is another important step in what has been an inclusive, productive process to develop the Administration’s strategy for increasing consumer online privacy, while balancing the realities of our national economy. It provides vital support for industry self regulation. The Department of Commerce’s recognition that these efforts can be an effective means for increasing transparency around data practices and empowering consumers with a comprehensive, easy-to-use opt-out mechanism is key, given other recent reports. Increasing consumer confidence in the Internet is a common goal. We agree that supporting these industry codes in a timely fashion is critical, and our cross-industry coalition looks forward to working with the Administration to ensure our program is both robust and enforceable.”

The Commerce Department met with our coalition of consumer and privacy groups only once–after we had written to the White House asking for a meeting with officials there.  There was no formal briefing for the country’s leading consumer and privacy groups prior to the report’s release. Yet we understand Commerce did one for industry. As the Obama White House proceeds with its plans for the forthcoming “multi-stakeholder” deliberations, they must be structured in a manner that ensures significant consumer and privacy participation (which means that groups funded by the online ad industry have to be dealt with in different fashion).

Digital Ad Lobby Plan for Commerce Privacy Approach: Sideline FTC and Stronger Consumer Protection Rules

The Department of Commerce’s report on privacy has received praise from the Interactive Advertising Bureau lobbying group.  As reported by Politico,  “IAB’s Mike Zaneis [said] the Commerce Department’s new privacy report represents “a really important step in what has been a really inclusive and productive process by commerce and the administration.” Zaneis said he felt Commerce recognized (more than the FTC did) the importance of “economic growth” in recommendations about what to do next with online privacy. On the proposed Privacy Policy Office, the IAB-er further told us he felt it strikes the right balance – it is a “great idea to coordinate various stakeholders,” he said – and it creates a relationship where Commerce coordinates the rulemaking while the FTC handles enforcement. “What this has done is identify the FTC as an enforcement, not as a rulemaking or legislative, body,” he told us.


The IAB and other data collection groups are fearful of the FTC, because that agency has finally caught up to speed on the digital marketing, consumer protection and privacy issue.  Its Chairman Jon Leibowitz supports do not track (something the Commerce paper didn’t really discuss);  the Bureau of Consumer Protection head appointed by Mr. Leibowitz is a serious and skilled attorney who is concerned about consumers.  The IAB would rather have the business-interest friendly Department of Commerce be the broker of a deal that they hope will affirm the data profiling and tracking status quo.

The Obama Administration is going to have to ensure that any new multi-stake holder process provides the consumer and privacy advocates not only parity with industry, but access to resources and information so the process will be fair to consumers.  Discussions will require transparency and accountability.  The FTC should not be sidelined–although we want to see both that agency and the Commerce Department do a better job standing up to protect consumers and their privacy.

Finally, the Obama Administration must put the interests of European and Asian/Pacific consumers and citizens before the commercial concerns of U.S. online marketing companies.  The U.S. shouldn’t be a digital enabler that allows online ad companies to track and target users abroad for financial, drug, junk food and other products without serious safeguards.  A higher global standard of privacy and ethical conduct of the U.S. government is required.

Statement of Jeff Chester on the Department of Commerce’s Internet Policy Task Force Privacy and E-Commerce: a Bill of Behavioral Targeting “Rights” for Online Marketers?

The Obama Administration asks some important questions about protecting the privacy of U.S. consumers.  But given the growth of online data collection that threatens our privacy, including when consumers are engaged in financial, health, and other personal transactions (including involving their families), this new report offers us a digital déjà vu.   The time for questions has long passed.

Instead of real laws protecting consumers, we are offered a vague “multi-stakeholder” process to help develop “enforceable codes of conduct.”  If the Commerce Department really placed the interests of consumers first, it would have been able to better articulate in the report how the current system threatens privacy.    They should have been able to clearly say what practices are right and wrong—such as the extensive system of online behavioral tracking that stealthily shadows consumers—whether on their personal computer or a mobile phone.   The paper should have firmly articulated what the safeguards should be for financial, health and other sensitive data.  The report should have rejected outright any role for self-regulation, given its failures in the online data collection marketplace.  While the report supports a FIPPS framework, these principles can be written in a way that ultimately endorses existing business practices for online data collection and targeting.

This illustrates one of the basic problems with the Administration’s approach to protecting consumer privacy online.  The Commerce Department is focused on promoting the interests of industry and business—not consumers.  It cannot play the role of an independent, honest broker; consequently it should not be empowered to create a new Privacy Policy Office.   Having the Commerce Department play a role in protecting privacy will enable the data collection foxes to run the consumer privacy henhouse.  We call on the Administration and Congress to address this issue.  A new Privacy Policy Office should be independent and operate under the Administrative Procedures Act—ensuring there are safeguards for meaningful public participation and transparency.

The Commerce paper’s real goal is to help U.S. Internet data collection companies operate in the EU, Asia/Pacific and other markets as “privacy-free” zones.  Under the cover of promoting “innovation” and trade, I fear the U.S. will craft a crazy-quilt code of conduct regimes that they will claim should pass muster in the EU (which has a more comprehensive framework to protect privacy).  The Obama Administration appears to be promoting a kind of “separate, but equal” framework, where it will argue that no matter how weak U.S. privacy rules are, other countries should accept them as the equivalent of a stronger approach.  The new paper should have acknowledged the U.S. has to play catch-up with the EU when it comes to protecting consumer privacy.

We have been promised meetings with the new White House subcommittee on privacy, where consumer and privacy groups will raise these and other concerns.

Behavioral Targeting Cancer Drugs: Digital Pharma watch

Online marketing of prescription drugs, including behavioral targeting, tracking, profiling and retargeting, require federal safeguards–asap.  Here’s one online marketer admitting his client actually engaged in pharma behavioral retargeting.  They write [excerpt]:  “One of our clients is a manufacturer of cancer related drugs.  They were using retargeting aggressively…

The column goes on to say that consumer complaints led the drug company to stop using behavioral targeting, but we should not permit a digital data collection “wild west” for the medical marketing business online.  Marketers of such drugs, especially for life-threatening illnesses–should not be using behavioral marketing at all (unless the consumer/patient affirmatively consents).

Microsoft’s “Advertising Exchange” for mobile and online: How will it be addressed by its own Do Not Track approach?

Microsoft has received praise for offering in Internet Explorer 9 a “tracking protection” capability that will enable users to import lists of third party sites that would be blocked.  That’s useful, but not enough.  Microsoft engages in extensive behavioral targeting (inc. for mobile) and other interactive ad strategies designed to capture data throughout its global digital advertising service (as does almost everyone else in the online ad business; that’s one reason why so-called “first-party” websites and services require consumer privacy rules). To beome a true leader in the privacy arena, Microsoft should do more.  Take its Microsoft Advertising Exchange, which sells instant access to users in real-time (such as what Google and also many others do).  We want to learn from Microsoft what privacy and consumer protection safeguards it’s developing for the Exchange, which “now supports approximately 8 billion impressions, or transactions, per month.”   Microsoft has been using and has just invested additional funding in AppNexus, which describes itself as “the industry’s most advanced real-time ad platform.”

ClickZ noted that: “In addition to using AppNexus to support real-time bidding on its sites, its ad network, and its exchange, Microsoft has begun supplementing regular ad buys on the Microsoft Media Network with exchange-traded inventory. That extra inventory carries a lot of potential reach, since AppNexus claims to support 4 billion transactions or impressions a day…Additionally, Microsoft has put the pieces in place to create a mobile ad exchange, called Microsoft Advertising Exchange for Mobile.. It will work by allowing Windows Phone 7 app developers to plug into demand from mobile ad networks like Millenial Media, InMobi and MobClix.”

Microsoft should tell the FTC, the EU, Congress and others how it plans to address the privacy issues raised by its Exchange expansion plans.  Last July, Microsoft noted that: “Microsoft is moving aggressively to provide our customers with access to our owned and operated inventory, as well as partner inventory, via our exchange. This move is in addition to our expansion of the Microsoft Media Network, which combined with the exchange, provides a holistic solution for our customers.  In recent weeks we have on-boarded US Windows Live inventory – including Hotmail and Messenger – into our exchange, providing a highly liquid pool of high quality inventory to demand partners on an RTB basis. We have integrated with each of the major DSP’s to ensure that our customers can work with the partner of their choice in accessing inventory.  Moving forward we will make available the rest of our US owned and operated inventory and partner supply. We’re excited about the efficiencies offered by an exchange-enabled ecosystem, and are committed to providing a foundation that enables innovation by allowing third parties to add value in a transparent, trustworthy ecosystem…over the next six months we will be integrating DSP’s into the Atlas Technology Partner Alliance. This will enable Atlas advertisers to seamlessly partner with the DSP of their choice to extend their buys onto RTB exchanges while enjoying all the benefits of campaign tracking and optimization…”  

We will be turning to the online ad exchange system and privacy issues, in the weeks ahead.

IAB Gets a new Chance to Play Constructive Role as Randall Rothenberg Goes to Time Inc.

The departure of Randall Rothenberg, the head of the Interactive Advertising Bureau, provides a critical opportunity for the IAB to revisit its position on protecting consumer online privacy (including Do Not Track).  Under Mr. Rothenberg, the IAB lobbied Congress to restrict the FTC’s ability to protect consumers, including on privacy.  With new leadership, the IAB could begin playing a more constructive role by working with consumer groups to build a consensus on federal privacy rules.  Instead of confrontation and denial, we hope the online ad lobby pursues serious engagement with privacy advocates.   The IAB has become just another inside the Beltway lobbying group–and has lost credibility among many policymakers.  A new IAB leader should be someone who can really help the mission of the industry by engaging in the kind of diplomacy and debate that supports the higher purposes of online advertising, digital publishing, and the public interest.
At Time, Mr. Rothenberg will now be in charge of its online ad network, which uses behavioral targeting and other interactive data techniques.  How Time responds to the growing call for better consumer privacy will be one of Mr. Rothenberg’s new challenges.

The new “OpenRTB” online ad exchange platform–consumer protection and privacy concerns

Both Advertising Age and Adexchanger.com report on the new “real-time bidding” consortium.  Real-time bidding stands for a process where each of us are tracked and sold to the highest bidder, in real-time, so we can be targeted with ads (from financial products to pharmaceuticals to travel and more).  The OpenRTB effort provides “industry standards for communication between buyers of advertising and sellers of publisher inventory.”  Initial members include leading data targeting companies Data Xu, MediaMath, Turn, Ad Meld, Pubmatic and the Rubicon Project.

The further integration of data tracking and selling platforms raises consumer protection, privacy and competition issues.  Consumers need to be able to decide for themselves about whether they wish to be targeted through such exchanges.  The consortium offers its online ad partners tools to streamline the digital marketing process.  Where are the tools for a consumer–so they can determine how they are treated online through these anonymous and impersonal systems?  In its haste to advance online behavioral targeting, the new OpenRTB consortium appears to have left privacy and consumer choice and control aside. Regulators, privacy and consumer advocates and others will need to maintain a close watch on the new online targeting alliance.  Meanwhile, we hope that this new group will adopt new consumer protection safeguards–and not rely on the flimsy argument that groups such as the NAI and triangled icons somehow protect the public.

Do-Not-Track will Boost Journalism/Publishing Says Nieman Fdn. Expert

Online ad lobbyists disingenuously claim that privacy safeguards will doom the commercial Internet, choking off content and publishers.  They are fearful that consumers will have the power to actually decide who can collect and make money off their data–instead of their “Big Brother Can Steal Your Data Anytime, Anywhere” model.  In a new column written for the journalism think-tank and resource Nieman Foundation,  Ken Doctor (who covers the business of news for them) writes [excerpt, our emphasis]:  “Enter a new age of Do Not Track. Maybe, in that world, news media’s role — and its engagement with audiences — becomes much more valuable. Maybe, it’s a reintermediation of a kind, as news media’s role in the shopping/buying lives of its readers re-emerges, digitally.  How might this happen? If we look at the potential newsonomics of Do Not Track, we can see at least two ways that real revenue can be driven out of the reordering of the tracking world…If Do Not Track puts more power back into the hands of the publisher, then publishers may be help to re-sell the information — and that could help build toward the new business model news publishers’ need…The big opportunity, perhaps, is the ability of news publishers to transparently offer reader/consumers the opportunity to “opt in” to a wider world of reading and shopping targeting. Then, they could re-emerge, in the tablet era no less, as community and national centers of news — and commerce. Forget Foursquare; readers could check into their favorite news companies.

Online Pharma Watch: BeWell.com/More disclosure required from Dr. Nancy Synderman

BeWell.com is a “new social network founded by America’s top doctors,” including NBC News Chief Medical Editor Dr. Nancy Synderman and others.  The site is organized around “communities” that address issues involving important health concerns, including breast cancer, reproductive health, aging, etc.  BeWell is owned by “by LLuminari, Inc, an innovative health media company…”  LLuminari says on its website that “Our programs are made possible by leading companies who support providing consumers and employees access to the knowledge of the best and brightest experts. Our sponsors have included:

Johnson & Johnson GlaxoSmithKline General Mills PepsiCo Stonyfield Farm Newman’s Own Smith Barney Eileen Fisher PacifiCare Health System United Healthcare Genomic Health PriceWaterhouseCoopers

BeWell’s privacy policy doesn’t really explain how the data it collects might be used for its advertising. The site provides important information for its users.  But we need to see more disclosure on the site about exactly the role its “sponsors” play, such as with its “Pfizer Support Center,” “Health Tools” featuring “Oncotype Dx” (Genomic Health) and the “Healthy Sight Resource Center” sponsored by Transitions.  As an NBC journalist, Dr. Synderman should also disclose when doing her reporting the connections with the advertisers and sponsors of BeWell and LLuminari.  Online health sites, especially given their public interest purpose, should be transparent about their relationships with drug companies and other health marketing sponsors.

Neuromarketing & Privacy: German Data Protection Authority Enacts Safeguards

We have long been sounding the alarm over the role of neuromarketing in advertising, especially for online marketing.  We are gratified that the Data Protection Authority in Hamburg Germany, according to this law firm post, just imposed safeguards on the role of neuromarketing.  It explains that [excerpt]: “[O]n November 23, the data protection authority (DPA) of the German Federal State of Hamburg imposed a €200,000 fine [link in German] against the Hamburg-based savings & loan Hamburger Sparkasse due to violations of the German Federal Data Protection Act (the BDSG) for, among other reasons, using neuromarketing techniques without customer consentIndeed, according to the head of the Hamburg DPA, Prof. Johannes Caspar, the intent was to send a clear signal to the market against the use of modern neuromarketing and comparable methods in violation of data protection law.  The case also clearly illustrates that German regulators are willing to enforce the new data protection regime and are well prepared to impose significant fines upon companies rather than giving them merely a warning notice…The decision of the Hamburg DPA may also attract attention beyond Germany and influence the interpretation of data protection laws in other countries, in particular with respect to the compliance of neuromarketing and brain sciences techniques with data protection laws.  Due to the sensitivity of such activities, it is likely that regulators in the EU will follow the approach taken by the Hamburg DPA.”