Rest Assured, Citizen: Privacy Gets a RoboCop

by , Jan 25, 2010, 10:00 AM
  • Comment (2)
  • Recommend (21)
Subscribe to Data and Targeting Insider
Six months ago, five of the major marketing, business and ad organizations issued their "Self-Regulatory Principles of Online Behavioral Advertising." That was only the beginning of a multi-step process that should move onto the next stage in coming weeks.

 

The basic principles are designed to provide consumers with greater transparency and control around behavioral tracking and to do so in a standardized, user-friendly way. The next stage will involve some form of ad and Web site labeling that alerts users to the presence of behavioral tracking, their sources, and options for opting out. But self-regulation is not really a convincing answer for consumer and even advertiser worries about online privacy, unless there is some assurance of enforcement. Enforcement really can't happen across such a fragmented and complex infrastructure without an equally sophisticated means to monitor, verify and report on compliance.

If everyone wants self-regulation with teeth -- self-regulation that convinces skeptical privacy advocates and the FTC that the industry can be trusted not to cut corners, exploit loopholes or cast a blind eye on violators -- then it needs a really smart RoboCop.

Former About.com CEO and head of Better Advertising Scott Meyer says he has a plan, but it really is as hard as it looks. "This stuff is super-complex," he quipped after walking me through some of the technical gymnastics necessary to track and report on ad network and publisher compliance.

After all, a system like this will have to do things like track whether proper notice is given to a consumer at the first point of data collection in a campaign, inside or outside the ad itself; if it notifies you accurately who is giving you the ad, whether there were working opt-outs provided, whether the opt-outs really worked, etc. It needs to distinguish ads using BT data from those that aren't. Who applied the data used to target that user? It needs to know what is happening around the ad at the host site and whether these sites are following regulations.

But wait, there's more. For advertisers, who want assurance that all the sites and technologies they are flying with are in compliance, the system has to track where the ads appeared, who delivered the ad -- and who, among multiple servers of the ad, was delivering the right notification information to that particular end user?

The pipes on this thing are intricate, involving automated systems, Web scanning techniques and human systems. The Better Advertising tag will be applied with the creative so that it can follow the life-cycle of the delivery. "The delivery network is very easy to detect by anyone," says Meyer, "but it may not be as important. They aren't the ones adding behavioral data. What matters is upstream. Is this using retargeting data from the advertiser's site, from an Audience Science or BlueKai? Is it using a proprietary cookie from Cadreon? When you use our tag, you will have a lot of visibility."

This week Better Advertising acquired Ghostery, a Firefox plug-in technology that exposes the Web bugs present on a Web destinations and allows the user to block them selectively. The real value in Ghostery for Better Advertising, however, is in an opt-in panel of 300,000 who have agreed to have their behaviors tracked. Now Meyer and Co. can see where people are going and what they tend to block. It also helps them follow along and see what's happening in behavioral tracking across millions of domains. "We can see 99% of behavioral targeting," says Meyer.

Building a privacy RoboCop with muscle ultimately helps simplify a verification process that could become dizzying and inefficient very quickly. "Imagine a scenario where an association is getting complaints and they reach out to a company and say they have a problem with missing a big chunk of opt-outs," says Meyer. Logs have to be pulled and every complaint becomes a custom case of verification. "What we provide is an assurance platform," Meyer adds. "Without some commonly accepted third party that verifies they are honoring consumer preferences, it becomes a very messy process." A publisher or network can instead respond to a complaint with a report on their activity from an independent third party that is using a common set of metrics, definitions and procedures.

More to the point, an ad hoc system of policing complaints erodes faith in self-regulation from all sides. Self-regulation has to satisfy a number of masters: consumers, regulators and also advertisers. According to Meyer, research suggests that worries over consumer privacy and blowback are holding advertisers and their budgets back from digital investment. "We know from conversations with agencies and brands that this will increase their confidence in online advertising."

The system will offer different interfaces for advertisers/ad networks and for publishers. The interface for the former will see what behavioral targeting was used with an ad and how it got to users. Publishers, most commonly retail and brand destinations, will have an interface that shows how their retargeting is being used. And ultimately consumers will have an interface where they click through on one of the standard industry icons. They will be able to see how they got the ad and the opportunity to learn more and opt-out. "We're not displaying targeting data but showing all of the people who contributed data that gave you the ad," says Meyer. The opt-out would then be propagated across all of the parties involved.

How Better Advertising ultimately might relate to the multiple associations that formed the self-regulatory principles is not clear yet. Along with other possible solutions, Meyer is pitching it to the association. The company has most of the major ad agency holding companies involved in the design and a few ad nets. Meyer thinks that ultimately having a good RoboCop for privacy will move the privacy issue itself to a different place. "It helps us self-regulate in a way that enables trust," he says." The debate is not about opt-in or opt-out, but transparency. We can build consumer trust and also bring more dollars into the market."

On behalf of the Council of Better Business Bureaus, the coalition of ad associations that issued the self-regulation principles sent out an RFP asking for technology solutions that would help the CBBB extends its monitoring role into online behavioral advertising. According to the IAB's VP of Public Policy Mike Zaneis, the group is helping the CBBB find a good monitoring solution, but the coalition of associations is not itself looking to embrace a single-standard solution. BetterAdvertising is only one of several responding to the RFP, so we are likely to see other solutions emerge shortly from groups like Truste.

Privacy is about to become a business.    

0 comments on "Rest Assured, Citizen: Privacy Gets a RoboCop".

  1. Paula Lynn from Who Else Unlimited
    commented on: January 25, 2010 at 10:59 a.m.

    It may take a few years or even a decade, but with the new Supreme Court decision with corporations pimping politicians for even more influence than they have now, the FTC's bark won't be more than a little rough ruff.

  2. Andre Szykier from maps capital management
    commented on: January 25, 2010 at 12:05 p.m.

    It may introduce another problem, the business that tracks the efficacy and logistics of the data will have at its disposal a powerful tool for advertisers.

    Ghostery is a good example of this potential problem. It would also attract any Web player that generates revenue from advertising (Google, Yahoo, ad metrics and ad network companies).

    You need to have the equivalent of "Consumer Reports" that helps individuals see how their behavioral data is used, as sort of FICO equivalent privacy score. If people would subscribe, let's say $10/year or have it bundled with their virus software license, then it just may work.

    the plumbing issues that Meyer from About.com mentioned are actually trivial because beacon site code already handles that. It just means that you have to put one more beacon on site pages. It may be a bit of an overhead but because you don't need real time tracking, you can batch and send this from the site to the privacy aggregator.

    There is one problem though in this approach, maintaining a longtitudinal data store for subscribers. It would require an "always on" cookie on their computer as their IP address would not always be static.

    Flash cookies can do the job unless you block Flash on your browser.

Leave a Comment

Sign in to leave a comment. Don't have an account? Join Now

Recent Data and Targeting Insider Articles

» Data and Targeting Insider Archives