Category: medical privacy

Baby Steps for Online Privacy: Why the FTC Self-Regulatory Principles For Online Behavioral Advertising Fails to Protect the Public

Statement of Jeff Chester, Exec. Director, Center for Digital Democracy:

The Federal Trade Commission is supposed to serve as the nation’s leading consumer protection agency.  But for too long it has buried its mandate in the `digital’ sand, as far as ensuring U.S. consumer privacy is protected online.    The commission embraced a narrow intellectual framework as it examined online marketing and data collection for this proceeding.  Since 2001, the Bush FTC has made industry self-regulation for privacy and online marketing the only acceptable approach when considering any policy safeguards (although the Clinton FTC was also inadequate in this regard as well).  Consequently, FTC staff—placed in a sort of intellectual straitjacket—was hampered in their efforts to propose meaningful safeguards.

Advertisers and marketers have developed an array of sophisticated and ever-evolving data collection and profiling applications, honed from the latest developments in such fields as semantics, artificial intelligence, auction theory, social network analysis, data-mining, and statistical modeling.  Unknown to many members of the public, a vast commercial surveillance system is at the core of most search engines, online video channels, videogames, mobile services and social networks.  We are being digitally shadowed across the online medium, our actions monitored and analyzed.

Behavioral targeting (BT), the online marketing technique that analyzes how an individual user acts online so they can be sent more precise marketing messages, is just one tool in the interactive advertisers’ arsenal.  Today, we are witnessing a dramatic growth in the capabilities of marketers to track and assess our activities and communication habits on the Internet.  Social media monitoring, so-called “rich-media” immersive marketing, new forms of viral and virtual advertising and product placement, and a renewed interest (and growing investment in) neuromarketing, all contribute to the panoply of approaches that also includes BT.  Behavioral targeting itself has also grown more complex.  That modest little “cookie” data file on our browsers, which created the potential for behavioral ads, now permits a more diverse set of approaches for delivering targeted advertising.

We don’t believe that the FTC has sufficiently analyzed the current state of interactive marketing and data collection.  Otherwise, it would have been able to articulate a better definition of behavioral targeting that would illustrate why legislative safeguards are now required.  It should have not exempted “First Party” sites from the Principles; users need to know and approve what kinds of data collection for targeting are being done at that specific online location.

The commission should have created specific policies for so-called sensitive data, especially in the financial, health, and children/adolescent area.  By urging a conversation between industry and consumer groups to “develop more specific standards,” the commission has effectively and needlessly delayed the enactment of meaningful safeguards.

On the positive side, the FTC has finally recognized that given today’s contemporary marketing practices, the distinction between so-called personally identifiable information (PII) and non-PII is no longer relevant.  The commission is finally catching up with the work of the Article 29 Working Party in the EU (the organization of privacy commissioners from member states), which has made significant advances in this area.

We acknowledge that many on the FTC staff worked diligently to develop these principles.  We personally thank them for their commitment to the public interest.  Both Commissioners Leibowitz and Harbour played especially critical roles by supporting a serious examination of these issues.  We urge everyone to review their separate statements issued today.  Today’s release of the privacy principles continues the conversation.  But meaningful action is required.  We cannot leave the American public—now pressed by all manner of financial and other pressures—to remain vulnerable to the data collection and targeting lures of interactive marketing.

FTC’s Behavioral Ad Principles–the last act of the Bush Administration? Why is the Obama White House Allowing the FTC To Remain Under the Leadership Appointed by Pres. Bush?

In a few hours, approximately between 10-11 am eastern, the FTC is expected to release its final “Online Behavioral Advertising Principles.” Originally released for comment in December 2007, the principles are a sort of Valentine’s Day present to the online ad industry from the (supposedly departed) Bush Administration.  From what we know, the FTC principles support self-regulation.  Online marketers will be told they should behave better–and here are suggestions.  It’s like a teacher telling a misbehaving student–‘behave better, dear,’ or else we will have to tell your parent (in this case, the guardian being potential congressional action).

My CDD urged Commissioners Harbour and Leibowitz to issue separate statements on the principles, and call for tougher requirements—especially in the area of so-called sensitive information.  This would include data connected to our financial and health related online activities (think mortgage and loan applications or queries for prescription drugs).  CDD and a coalition of groups also formally asked the commission to impose serious privacy safeguards for both children and adolescents.

But these principles were crafted within the narrow confines of the Bush Administration philosophy prevailing at the FTC.  Only self-regulation is permitted.  Consequently, such an approach likely means these rules leave the online data collection, profiling and targeted marketing system which comprise behavioral marketing off the privacy protection hook.

But one question looms at the moment.  Why has the new Obama administration allowed the FTC to remain under the leadership of Bush-appointee William E. Kovacic? The principles being issued today, in fact, reflect the “old” FTC, not one run under the philosophy of President Obama.  Why is the Obama White House failing to ensure a change of leadership at the FTC?  The agency is responsible for overseeing a huge portion of the economy, including critical financial issues.  It’s also supposed to be the leading agency on consumer protection issues.   The Obama White House should have–by now-found someone who would led the FTC, so it can better protect the public.

The principles being released today were only made possible because of the Bush FTC give-away to Google, when it approved its takeover of online ad giant DoubleClick.  CDD, the Electronic Privacy Information Center (EPIC), and USPIRG fought the merger, including on privacy grounds.  FTC Commissioner Pamela Harbour played a key role forcing the agency (then run by Chairwoman Majoris, whose husband’s law firm represented DoubleClick) to address the privacy concerns. As a consequence of the political pressure from its failure to seriously examine the consumer privacy issues of the Google deal, the FTC staff were told to develop these principles.

The next chair of the FTC needs to take privacy and online consumer protection issues seriously.  The agency does need more resources, but also a new spirit.  If the FTC had been on the job, and was examining how lending institutions were recklessly promoting loans and mortgages, maybe today’s mess wouldn’t be as tragic as it is.  More to come after the commission releases the principles.

The “Revised” Network Advertising Initiative Principles: Ghost-written by Bernard Madoff?

That was really what we felt reading the “NAI Response to Public Comments” released yesterday.  It accompanied the 2008 principles announcement by the self-regulatory trade online marketing trade group.  The “response” is worth reading, because it really reveals the inability of the group to meaningfully address how to protect consumers online.  You would think that an organization which has Microsoft, Google, Yahoo, Time Warner and many others as paying members could at least clearly state what happens to our data in the online marketing process.  But the real goal of the NAI is to prevent the enactment of serious state and federal privacy policies that would protect consumers. My group put out a statement yesterday discussing the new principles.

The credibility of Google, Microsoft, Yahoo and Time Warner are at stake.  They should be able to ensure that their own organization can honestly address the implications of online advertising.  But it’s time to abandon any call for self-regulation.  That has been a failure.  It’s clear that a growing number of consumer and privacy groups are calling for a legislative solution, as well as a more effective FTC.  Responsible online ad companies will support such regulation.

Google’s “Policy Fellowships”–Self-Serving Efforts to Help Ward Off Privacy and Online Marketing Protections?

Google has selected 15 organizations for its 2009 “Google Policy Fellowship.” Fellows are funded by Google and will work on “Internet and technology policy” issues over the summer. Take a look at some of the groups it selected and what they say the projects will be (and their positions on Internet issues). And then ask–is Google working to help undermine the public interest in communications policy? Think online privacy and interactive marketing as you read these following excerpts from a number of these groups:

“The Competitive Enterprise Institute is a 501(c)(3) non-profit public interest organization dedicated to advancing the principles of free enterprise and limited government. We believe that individuals are best helped not by government intervention, but by making their own choices in a free marketplace…Electronic privacy: CEI seeks to reframe the online privacy debate in terms of the potential benefits to consumers of greater information sharing, transparency, and marketing. Fellows will explore competing privacy policies and how they are evolving as the public grows more aware of privacy risks. This research will also encompass privacy-enhancing technologies that empower consumers to safeguard personal data on an individualized basis.”

“The Progress & Freedom Foundation (PFF) is a market-oriented think tank that studies the digital revolution and its implications for public policy… Online Advertising & Privacy Policy Issues: PFF defends online advertising as the lifeblood of online content and services, particularly for the “long tail,” and emphasizes a layered approach to privacy protection, including technological self-help, user education, industry self-regulation, and enforcement of existing laws, as a less restrictive—and generally more effective—alternative to increased regulation.”

“The Technology Policy Institute is a think tank that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world… Privacy and data security: benefits and costs to consumers of online information flows, and the effects of alternative privacy policies on consumers and the development of the Internet.”

“The Cato Institute’s research on telecommunications and information policy advances the Institute’s vision of free minds and free markets within the information policy, information technology, and telecommunications sectors of the American economy…Information Policy: Examining how increased data sensing, storage, transfer, processing, and use affect human values like privacy, fairness and Due Process, personal security, and seclusion. Articulating complex technological, social, and legal issues in ordinary language. Promoting the policies that protect these human values consistent with a free society and maximal human liberty.”

Google is also funding fellowships at other groups, including the partially Google funded Center for Democracy and Technology. The CDT connected Internet Education Foundation (which helps run the Congressional Internet Caucus, where Google is a corporate Advisory member) also will house a Google Fellow. There are a few public interest groups hosting Fellows that have an independent track record, including Media Access Project, EFF, and Public Knowledge. But awarding Fellowships to groups which will help it fight off responsible privacy and online marketing safeguards provides another insight into Google’s own political agenda.

Why Google Can’t Say a Word that Starts With “P”—Privacy

The senior execs and DC lobbying team at Google really have a major problem addressing one of the company’s gravest problems–its lack of leadership protecting consumer/citizen privacy. While Google claims to reporters and others it’s been proactively strengthening its privacy policies, most of the changes have come as a result of pressure from policymakers and privacy advocates.

This week, Google released a booklet which “spelled out…2009 policy priorities” for the new Administration and Congress, including several Internet related issues. The booklet’s release coincided with a speech Google CEO Eric Schmidt gave at the New America Foundation in Washington, D.C. Missing from the booklet’s agenda was any discussion of privacy or the role and structure of online advertising (You would never know, for example, that Google was just forced by the Department of Justice’s antitrust division to drop its proposed deal with leading rival Yahoo!).

Google should be playing a leadership role supporting the enactment of serious privacy rights for the public–including “opt-in,” real transparency, user control, limits on retention, etc. If Google believes its golden digital goose will be baked once consumers better understand and control how they are being profiled and targeted, they should examine how it defines corporate social responsibility. But Google’s current approach—we can’t admit we are collecting your data for interactive marketing and cannot even say the word privacy in public-– will ultimately have consequences for Google’s future–including its share price.

New AT&T-funded “Future of Privacy” Group: Will it Support Real Privacy Protection or Serve as a Surrogate for Self-regulation and Data Collection?

A new group co-directed by former DoubleClick and AOL chief privacy officer Jules Polonetsky, called the “Future of Privacy Forum,” has been announced. It is connected to the law firm representing AT&T–Proskauer Rose–which has a considerable practice in the online marketing and data collection area. Other backers include Intel, General Electric, IBM and Wal-Mart.

We are concerned, however, that the role of the Forum is to help discourage Congress from enacting an opt-in regime for data collection. Both ISPs–such as AT&T, Verizon, Comcast and Time Warner–as well as online advertising companies such as Google/DoubleClick, Yahoo, and Microsoft must be governed by privacy laws which empower and protect consumers. The role of ISPs in any data collection for targeted online marketing, in particular, requires serious analysis and stringent safeguards. AT&T, Google, Microsoft, Comcast, the online ad networks, and social media marketers (to name a few) must be required to provide meaningful disclosure, transparency, accountability and user control (with special rules governing health, financial and data involving children and youth). Self-regulation has failed. If the Future of Privacy group is to have any legitimacy, it will work to support serious federal rules. But if it trots out some sort of voluntary code of conduct as a way to undermine the growing call for real privacy safeguards, this new group may soon be viewed as beholden to its funders and backers.

Interactive Ad Bureau to Congress and Public: If Your Privacy is Protected, The Internet Will Fail Like Wall Street!

It’s too disquieting a time in the U.S. to dismiss what a lobbyist for the Interactive Advertising Bureau said as merely silly. The IAB lobbyist is quoted in today’s Washington Post saying: “If Congress required ‘opt in’ today, Congress would be back in tomorrow writing an Internet bailout bill. Every advertising platform and business model would be put at risk.” [reg. required]

Why is the IAB afraid of honest consumer disclosure and consumer control? If online ad leaders can’t imagine a world where the industry still makes lots of money–while simultaneously respecting consumer privacy–perhaps they should choose another profession (say investment banking!).

Seriously, online ad leaders need to acknowledge that reasonable federal rules are required that safeguard consumers (with meaningful policies especially protecting children and adolescents, as well as adult financial, health, and political data). The industry doesn’t need a bail-out. But its leaders should `opt-in’ to a responsible position for online consumer privacy protection.

Behavioral Targeters Use Our Online Data to Track Our Actions and, They Say, to “Automate Serendipity.” Attention: FTC, Congress, EU, State AG’s, and Everyone Else Who Cares About Consumer Welfare (let alone issues related to public health and ethics!)

NPR’s On the Media co-host and Ad Age columnist Bob Garfield provides policymakers and advocates with an arsenal of new material that support the passage of digital age consumer protection laws. In his Ad Age essay [“Your Data With Destiny.” sub required], Garfield has this incredibly revealing–and disturbing–quote from behavioral targeting industry leader Dave Morgan (Tacoda) [our emphasis]:

“Now we have the ability to automate serendipity,” says Dave Morgan, founder of Tacoda, the behavioral-marketing firm sold to AOL in 2007 for a reported $275 million. “Consumers may know things they think they want, but they don’t know for sure what they might want.”

Garfield writes that “In 2006 Tacoda did a project for Panasonic in which it scrutinized the online behavior of millions of internet users — not a sample of 1,200 subjects to project a result against the whole population within a statistical margin of error; this was actual millions. Then it broke down that population’s surfing behavior according to 400-some criteria: media choices, last site visited, search terms, etc. It then ranked all of those behaviors according to correlation with flat-screen-TV purchase…“We no longer have to rely on old cultural prophecies as to who is the right consumer for the right message,” Morgan says. “It no longer has to be microsample-based [à la Nielsen or Simmons]. We now have [total-population] data, and that changes everything. With [those] data, you can know essentially everything. You can find out all the things that are nonintuitive or counterintuitive that are excellent predictors. … There’s a lot of power in that.”

There’s more in the piece, including what eBay is doing. As the annual Advertising Week fest begins in New York, we hope the leaders of the ad industry will take time to reflect on what they are creating. You cannot have a largely invisible system which tracks and analyzes our online and interactive behaviors and relationships, and then engages in all manner of stealth efforts to get individuals (including adolescents and kids) to act, think or feel in some desired way. Such a system requires rules which make the transaction entirely transparent and controlled by the individual. The ad industry must show some responsibility here.

Behavioral Targeting Lawsuit Illuminates How Data is Collected From You

Look for a moment at an excerpt from a legal tangle between behavioral targeting companies Valueclick and Tacoda (the latter now owned by Time Warner). Valueclick filed suit on July 15 claiming patent infringements, including for one entitled “Method and Apparatus for Determining Behavioral Profile of a User.” Read the “Abstract” and part of the “Summary of the Invention” for this patent and think about your privacy (and that this is based on 1998 technology!):“Abstract: Computer network method and apparatus provides targeting of appropriate audience based on psychographic or behavioral profiles of end users. The psychographic profile is formed by recording computer activity and viewing habits of the end user. Content of categories of interest and display format in each category are revealed by the psychographic profile, based on user viewing of agate information. Using the profile (with or without additional user demographics), advertisements are displayed to appropriately selected users. Based on regression analysis of recorded responses of a first set of users viewing the advertisements, the target user profile is refined. Viewing by and regression analysis of recorded responses of subsequent sets of users continually auto-target and customizes ads for the optimal end user audience.”

Summary Of The Invention: …Over time, the tracking and profiling member holds a history and/or pattern of user activity which in turn is interpreted as a users habits and/or preferences. To that end, a psychographic profile is inferred from the recorded activities in the tracking and profiling member. Further, the tracking and profiling member records presentation (formal) preferences of the users based on user viewing activity. Preferences with respect to color schemes, text size, shapes, and the like are recorded as part of the psychographic profile of a user…The tracking and profiling member also records demographics of each user. As a result, the data assembly is able to transmit advertisements for display to users based on psychographic and demographic profiles of the user to provide targeted marketing.”
source: Complaint for Patent Infringement: Jury Trial Demanded. Valueclick, Inc. v, Tacoda, Inc. Case No. CV08-04619 DSF. U.S. District Court, Central District of California, Western Division.

The IAB (US) “mobilizes” to Fight Against Consumer Protections for Online Media

Watch this online video of Randall Rothenberg speaking before a June Federated Media Publishing event. In Mr. Rothenberg’s worldview, demon critics of advertising (such as myself) are deliberately trying to undermine democratic digital media. This would be absurd, if it wasn’t so sad. Mr. Rothenberg is using scare tactics to whip up his members into a frenzy-all so they can fight off laws and regulations designed to provide consumers real control over their data and information. Luckily, Mr. Rothenberg will be on the losing side of this battle to protect consumers in the digital era. Regulators on both sides of the Atlantic understand how the digital marketing ecosystem raises serious concerns about privacy and consumer welfare. We have to say we are disappointed in John Battelle, the CEO of Federated (who wrote a very good book entitled The Search: How Google and Its Rivals Rewrote the Rules of Business and Transformed Our Culture). Mr. Battelle should know that the online marketing system requires a series of safeguards which protects citizens and consumers. There is a balance to be struck here. Online advertisers have unleashed some of the most powerful tools designed to track, analyze, and target individuals–whether on social networks, or watching broadband video, or using mobile devices. We have never said there shouldn’t be advertising. We understand the important role it must play, including for the underwriting of online content. But the online ad system should not be designed and controlled solely by ad networks, online publishers, trade groups and online ad lobbying groups. It must be structured in a way which promotes as much freedom for individuals.