Cookies! Bad! Beacons! Spying! Tracking! Data! Evil! Seven words summarize the thesis from the Wall Street Journal's sensationalist article from a few weeks ago. You know, the one about how audience tracking tools are spying on and victimizing unsuspecting consumers via targeted advertisements. As a proponent of consumer awareness, I appreciated the Wall Street Journal's prerogative, but the entire story was not told. Leave it to the competition, the New York Times, to publish a more balanced view of how tracking, measurement, and data is used to enable relevant interactive experiences and targeted content via anonymized data collection and behavioral measurement. These articles certainly brought the topic of Internet privacy back into the spotlight (once again). They have caused some healthy introspection in the online advertising and Internet marketing industries.
We in the digital behavior measurement industry poorly represent our work and have not tried hard enough to make what we do transparent and easily understandable to the average Internet user. Let us quickly review some of the Internet data tracked, measured, reported, and analyzed (and check out Josh Chasin's witty exploration of his own personal data):
· Detailed data on visitors. IP addresses, user agents, referrers, cookie values, user id's, durations (time spent), demographic information, and other name value/pairs passed in the query string that can be associated with a visitor. Some of this data is very easy to collect because the Internet makes it so, while other data can only be collected when a visitor provides it at some point.
· Aggregated data on visitors. Counts of visitors, visits, page views, events, derivatives (conversion rates and so on), time-based data, affinities, lifestyle preferences, satisfaction levels, likelihoods, propensities, sources of traffic and sites next visited, and demographic information, including a lot of data self-reported in qualitative measurement tools and via online surveys.
These data have helped to grow the Internet economy and enable new forms of commerce. They are the lifeblood of ad networks and exchanges, behavioral targeting technology, Web analytics technology, qualitative research tools, and audience measurement tools.
These data are the lifeblood for our jobs and are collected with consent but often without awareness from people. In most cases, it freaks people out to realize what we are capable of collecting. To learn that where you go and what you do on the Internet is anonymously measured, tracked, and analyzed, is akin to eating the apple and perceived as Orwellian.
The perception of fear and unrestrained widespread personal data collection across an entire population leads to government scrutiny and regulation. Take a look at the EU, particularly the Germans, who have passed laws that define IP addresses as PII, require multiple opt-ins when customer data are transmitted, and have even gone so far as to ban technologies, like Google Analytics. Meanwhile the Obama administration and the Office Of Management and Budget have advocated loosening restrictions for cookies on Federal Web sites. Back in the USA, we don't know how lucky we are...
Political constructs like the House Bi-Partisan Caucus on Privacy will continue to ask questions. The United States could conceivably regulate technologies used for Internet measurement, advertising, and targeting, thus limiting innovation and growth in the global online media, marketing, and advertising industries.
Self-regulation of our industry is the only way to prevent government regulation. I am talking about steps that vendors, sites, and practitioners can voluntarily take to show we are not Big Brother or work in "Information Retrieval" (see the movie "Brazil"). Listed below are positive ideas for self-regulation by vendors, sites, and practitioners:
-- Be ABSOLUTELY transparent about what data you collect and how you collect it by creating and frequently updating a Privacy and Data Usage policy and prominently displaying it on your site. Write it in English, not legalese, and keep it simple, comprehendible, and summarized. If needed, link to a more formal legal document.
-- Understand and be able to provide, on request, a list of the tracking and measurement technologies currently deployed on your site. Such a simple idea is hard to execute and deliver -- especially at globally distributed enterprises -- but smart companies should create and maintain a list of all tracking and measurement technologies deployed on the site and have that list ready for review when requested.
-- Publish a simple metadata document that describes the data collected and how it will be used. For every technology deployed, the vendor should be providing a document, perhaps in XML (and one that can be used in conjunction with a P3P statement) answering the following questions: 1) What is this technology?, 2) What data are being collected?, 3) How are the data being used? 4) How do I view, modify, and prevent my data from being collected?
-- Create formalized governance around measurement, tracking, and advertising technologies and involve cross-functional representatives from teams across your company. Companies that use these technologies should have a governance council driven by their business, not the technology side. Teams from research, analytics, legal, marketing, sales, and technology should participate to ensure that best practices for protecting consumer privacy are practiced.
-- Enable easy and logical "opt-out" and, in the best case, only allow tracking and targeting to be "opt-in."
-- Eliminate all unnecessary data collection. regularly review the data you have collected and delete unneeded data. So much data can be collected, but few are actually useful, insightful, and actionable (U.I.A.). Figure out what is U.I.A. generating profitable revenue, then delete the rest.
-- Don't exploit new technologies in tricky ways that attempt to circumvent a user's choice. In other words, do not use Flash to reset cookies after the user deletes them. Do not use hacks to store cookies forever. And certainly don't be so stupid as a vendor or site to use a technology like this one.
-- Represent yourself and your companies in industry organizations like the Web Analytics Association (WAA) and Interactive Advertising Bureau (IAB). I applaud my colleagues at the WAA for promoting the Web Analytics Code of Ethics and at the IAB for their "Privacy Matters" campaign and other privacy-related activities.
-- Make your voice heard by writing your Senator or Congressperson. Look them up here. The heart of a democracy is the citizen's voice. Imagine the potential for understanding and alignment that could be achieved if the thousands of readers of this article wrote an email, made a phone call, or advocated in the public domain positively for our industry. If you do not make noise to protect your livelihood, no one is going to do it for you. Speak up!
If we do not actively manage the perception of the digital behavioral measurement and analytics industry, then those who do not accurately perceive our industry for what it is will manage it. Our industry and the technologies that drive it are a way to maximize and inform commerce, to grow the economy and new jobs, and to provide consumers and customers with relevant advertising, personalized media, and optimized site experiences. We are not evil spies.