The Week That Was: Privacy Potpourri
The Federal Trade Commission succeeded in rattling everyone's cage this week. Not only did the lengthy new report on "Protecting Consumer Privacy" move beyond offering guidance to industry for self-regulation, but it laid a roadmap that legislators (or the FTC's own regulators) could take up to start government-level enforcement. And of course, the mere mention of establishing a "Do Not Track" mechanism is sending shivers down industry spines. Just about everyone started scurrying for postures and positions.
The Interactive Advertising Bureau was quick to respond with, on the one hand, assurances it would cooperate with the Commission's request for comments - and, on the other, derided the notion of a Do Not Track List. "To create a Do Not Track program would require reengineering the Internet's architecture," the IAB said. Moreover it likened the FTC suggestion of offering a universal choice mechanism of controlling what ads a consumer receives to a "government-sponsored, and poorly managed, ad-blocking program - something inimical to the First Amendment."
One of the most helpful posts I have read of late about the Do Not Track mechanism comes from Jim Brock at PrivacyChoice.org. Writing the day before the FTC report and announcements dropped, Jim walked through the technical challenges of a Do Not Track implementation.
Jim discusses whether a browser-based solution would be sufficient. The FTC and others are starting to recognize that as privacy watchdogs, there is a difference between opting out of targeted advertising and actually stopping the transmission of behavioral data to a vendor. Jim also raises the very good question that the FTC actually punts: What to do about mobile? Jim's full post is a good starting point in the real discussion over how a Do Not Track list actually would function and how consumers would interact with it. The FTC is calling for simplicity and streamlining in these processes. But given the native complexity of online data collection and the technologies involved, it seems hard to imagine that at some point consumers will need to get into the weeds of managing their own privacy.
Also helpful in getting a grip on what the FTC is aiming for, Alex Howard's blog post at O'Reilly Radar recounts some Q&A with FTC officials on a conference call the other day.
This, and a recount of the first FTC Privacy Twitter Chat, are instructive.
I get the impression from these exchanges that the FTC is earlier along in this process than some may be supposing. In response to the Twitter questions, the FTC says it is looking for more research from the industry on the costs involved in implementation and the potential of lost revenue. Curiously, the Commission is pressing for quick implementation of solutions -- but some of its responses indicate it has no idea yet what the economic impact will be.
Meanwhile, yesterday we saw some signs of the ad network ecosystem finding its way into the issue from another direction. Trying to get ahead of the prospect of a Do Not Track tool, BetterAdvertising announced the new Open Data Partnership, which promises to let consumers see more precisely how they are being profiled by data collectors -- and in some cases, allows them to manage their preferences.
Outlined at the BetterAdvertising site, the ODP looks as if it takes the NAI's opt-out mechanism to another level of granularity. Consumers can get a quick take on the companies tracking their browser and collecting information. They can then click through to their own profile with a particular data vendor and check themselves in or out of specific segments, or just opt out altogether. BetterAdvertising is going to make the portal available from the icons they will be embedding on ads and publishers will put on their own pages. In the first iteration of the "Power I" icon, the consumer would see information about the advertiser specific to an ad. I gather from this outline that now any ad in the system can lead the user back to a more general profile that encompasses other data providers. For now the ODP has only eight inaugural members, including bluekai, exelate and Turn. Missing from the roster are the most important players, Google and Yahoo!
Attendees at the November Ad Nets conference may recall a good deal of discussion about what granularity of control consumers want in managing their online profiles. This ODP system (at least in the screenshots) shows how thorny it could get for a consumer. Every data vendor has its own segmentation. Even if the effort is centralized, it still means that a consumer would have to manage profiles from vendors they never heard of, across countless networks that affect ad delivery to no-one-knows-where.
The cacophony of voices on all sides of this issue -- and the relentless posturing -- has only begun. It seems clear that the FTC is calling for a more unified and simplified approach to an online ad system that has been defined in recent years by its obtuseness, complexity and fragmentation. What should be the industry's next steps?