• by Meir Zohar , April 8, 2009

Ever tried straining spaghetti in a colander with holes the size of quarters?

I imagine it would be quite difficult, because spaghetti, which is much thinner than quarters, would keep on sliding through the holes.

With Behavioral Targeting (BT) in online advertising, limiting opt-out to the ad network level, is not unlike straining pasta in a colander with holes too wide. A lot of privacy violations can and will seep through the holes.

The way to "strain out" these privacy violations is by driving the opt-out policy to the publisher level. As publishers become the key players in the data game, their involvement in controlling how that data is treated from an ad network and consumer perspective is critical.

Online advertising operations are similar to multi-tiered retailing, with a series of wholesalers and distributors delivering merchandise to the retailer. In online advertising, ad networks routinely work with other ad networks and partners in order to serve ads for their advertisers. Publishers also work with many ad networks in order to increase ad revenue.

Therefore, an opt-out with an ad network is only effective for the ads served directly from that ad network and not for the ads that come through partner ad networks or other sources. The only way to truly achieve comprehensive, data usage/privacy policy is by integrating a central BT Opt-Out at the publisher level.

With ad networks, the frequent target of privacy debates, they have been among the most vocal advocates of stronger privacy policies and have been proactive in creating self-regulation groups such as the National Advertising Initiative. But the structure of the online advertising market, as I described above, requires a unified privacy policy at the publisher level in order to ensure successful implementation for all users.

What would work?

On the user side, what if every publisher included a "privacy module" on the bottom of its homepage with a description in laymen's terms of its data usage/privacy policy. These terms should be standardized by a group like the Online Publishers Association OR the National Advertising Initiative. To make it easy, the policy could be automatically generated based on a check-box based form completed by the publisher. Standard icons could even represent the policy positions.

On the advertising side, the publication could add legal language to all contracts with ad agencies, advertisers, ad networks and exchanges which would force them to comply with their data usage/ privacy policy. Each ad network, exchange, etc., should then add corresponding language to their agreements with their partners, too. This legal language can be generated based on that same check-box based form.

I know what you're thinking. It's easy/convenient for me as the CEO of a targeting data exchange to pass the privacy buck on to the publishers. But as an exchange, we're already enabling users to see the behavioral data we track and to centrally opt-out from all of the networks using our exchange. This functionality is easily extensible to publishers. Only at the publisher-level is there complete access to all those who leverage user data. Therefore, to comprehensively solve the data usage / privacy issue affecting the Behavioral Targeting industry, efforts must begin at the publisher level.

I call on us as an industry, through trade associations like the Online Publishers Association and the National Advertising Initiative, to work together to solve the privacy dilemma once and for all.

If we wait, the government will decide to help us build a better colander. And we have all seen how well those cooking projects have gone!