While many Web advertising companies individually have done a good done of offering consumers transparency and choice, collectively the Web industry has not done a great job managing privacy protection issues. Every week, there are headlines in the trade or consumer press of some creepy Web tracking or data practices recently uncovered -- whether it's Facebook apps leaking user IDs, or companies scraping personal comments on health forums or releasing "anonymous" search data that ended up not being so anonymous.
Of course, the ability to deliver precision targeted ads is one great promise of the Web -- and is a critical driver for the tens of billions of ad and marketing dollars funding it and its extraordinary and robust array of content and services delivered to billions around the world for free. The Internet is learning lessons the hard way: making mistakes, taking heat from the press, regulators and the public, and then retroactively fixing those mistakes.
Today, both the mobile and TV industries are just starting to embark on targeted advertising. Both could learn some valuable privacy lessons from the Web industry's experiences. Here are my top 10:
Take Privacy Protection Seriously. The protection of personal privacy cannot be ignored when companies use digital media and communication channels to capture user information or deliver tailored ads. It doesn't matter that it's happening behind the scenes. It doesn't matter that the practices are no different from those direct marketers have used for years. Digital is different. People care. What happens in offline data collection doesn't scare them as much as online data collection does.
Bake Privacy Protection in from the Beginning. I've borrowed this idea from Federal Trade Commission chair Jon Leibowitz: Make privacy protection an integral part of all targeted mobile and TV ad offerings. It's much easier than retrofitting privacy protection later.
Embrace Self-Regulation Early. The only way to prevent new legislation or regulation -- which is never a great way to solve a problem -- is to be proactive about self-regulation. The mobile and TV industries should leverage the work of the IAB, AAAA, ANA and DMA and their pioneering self-regulatory frameworks, as mobile and TV companies go down similar paths.
No Creepy. What matters most is not just avoiding what's illegal, but avoiding what's creepy. You can't have a productive and long-term advertising relationship without trust. If it seems creepy, don't do it. If nothing creeps you out, ask your mother or neighbor or child for a reaction; they are probably better thermometers. Deep-packet inspection is creepy. It doesn't matter how many Big 4 auditors say that it's legal. Enough said.
No Personal Data. You don't need data that can be related to particular individuals to deliver dramatically better ads. Also, just because the recipient is anonymous to you, your targeting might not seem anonymous to them. Billions of dollars of TV ad inventory is bought each year on not much more than demographic projects, none of it remotely personal.
Use Broad, Anonymous Segmentation. Rather than trying to thread the needle between personal and anonymous, use broad, anonymous consumer segmentations instead. You don't need one-to-one targeted-to-deliver ads that perform hundreds of percentage points better than the "spray and pray" method used in mass media advertising today. Mass customization against broad segmentations can do that just fine.
Limit Individual Appended Data to First-Party Uses. Lots of folks want to append third-party data to media channel behaviors at the individual level and then sell that for usage on many other third-party media and marketing channels. Once this happens, it's hard for that data to be protected. We just heard from Yahoo that they don't even know what data is being captured on their own sites. Let's not let that happen to mobile or television.
Lots of Notice. Be straight with your users. Do it early and often. I call this The Walt Mossberg Rule, since The Wall Street Journal columnist has been preaching this for years. Listen to Walt. This should be self-evident.
Don't Keep User Data Long. I know. I know. IT departments want to keep data forever. They like data. They don't like destroying it. I bet most of them are hoarders at home as well. Don't treat user data the same. Most of it does not have a long shelf life, and keeping it makes consumers uncomfortable. Similar to giving notice, destroy this data early and often.
Get to Know your Regulators and Legislators. The first time you meet officials from the FTC or Federal Communications Commission or House Consumer Protection Committee should not be when you are under investigation. They have a very good perspective on what is good and what is bad when it comes to protecting privacy. Get to know them. Tell them what you want to do. Listen to them. Follow their advice.
I am very excited about the prospect for new robust emerging marketing services on the mobile and television platforms. I am hopeful that companies building these services won't repeat the mistakes we saw on the Web. What do you think of my Top 10 Lessons? What ones would you add?