An Open Letter To The Online Publishers Association

Recently, Jason Kint of the Online Publishers Association wrote an op-ed on Do Not Track. In an attempt to paint the OPA as a leader in privacy and Do Not Track initiatives, Mr. Kint accused members of the third-party advertising technology community of “stonewalling the development of a ‘Do Not Track' standard which would, in theory, give users greater control over online tracking.”

It would otherwise be commendable that Mr. Kint is taking a stand on privacy, except for the fact that Do Not Track doesn’t stop OPA members from tracking. There’s not a single thing that members won’t be able to do when they see a DNT signal. And that’s by design, as a result of a clandestine agreement between large first parties within the World Wide Web Consortium -- the standards body that is attempting to create the Do Not Track standard.  So a typical OPA member, one that owns dozens of different and sometimes unrelated websites, will be able to track across those websites as a result of the OPA’s lobbying efforts. I’m sure that’s good for their businesses, but from my perspective, it’s not great for privacy. Moreover, it is a bit disingenuous for the OPA to be lobbying for a standard that they’ve taken great pains to ensure doesn’t apply to its membership.

In fact, the Online Publisher’s Association’s sole role in the Do Not Track discussions has been to exempt themselves from the standard. Check the record. The OPA has provided very little to the W3C except to ensure that its members don’t get affected by Do Not Track. This is sort of like when Congress exempted itself from the rules of the Do Not Call list. For most of us who aren’t from D.C., such behavior smacks of chutzpah. Except in this case, it's not Congress, but large companies with competing business interests having deputized themselves as the privacy police in an attempt to thwart competition.

I’m a privacy professional, not a lobbyist. I’ve been a member of the International Association of Privacy Professionals for almost a decade, and sat on the board of the Network Advertising Initiative  for over five years. The NAI is dedicated to the advancement of strong self-regulation for third-party ad technology. We put our money where our mouth is -- and continue to develop strong privacy standards for our members. If you haven’t already, please watch a recent discussion between NAI CEO Marc Groman and FTC Commissioner Julie Brill. Commissioner Brill commends the NAI as a “leader” in self-regulation. Part of our leadership role is insisting that our members adopt higher privacy standards. The NAI is not simply telling others to honor standards of transparency and choice. We’re taking proactive steps in order to move forward on issues of privacy.

So my advice to Mr. Kint and the Online Publisher’s Association is to tell the world what your members are doing to support privacy. Tell us exactly how you push for transparency across your members. Explain in great detail how your team personally reviews the privacy practices of all your large publisher members to ensure privacy-by-design and guard against their collection and use of data that might be contrary to consumer expectations. I’d enjoy having a constructive conversation about how all companies within the digital advertising marketplace could make themselves more transparent and privacy-friendly. And once you’ve started down the path of improving the privacy practices of your members, you might have a legitimate pulpit from which to preach.

Recommend (27) Print RSS
3 comments about "An Open Letter To The Online Publishers Association".
  1. Paula Lynn from Who Else Unlimited , July 17, 2014 at 2:53 p.m.
    Good Luck.
  2. Mike O'Neill from Baycoud Systems , July 17, 2014 at 3:15 p.m.
    The DNT signal is still the only W3C agreed way to transparently signal a person's disagreement (or consent) to tracking across domains. It is true that the TPWG has been led astray by the silly first-party/third-party role distinction and this has hindered getting to consensus on compliance, but the distinction will be meaningless in Europe anyway. EU DP law is about controllers, processors and subjects, so any tracking consent signal must apply to controller's web domains whatever the technical role they assume when accessed. The e-privacy Directive neatly covers the possibility of implied consent to web-sites with the "strictly necessary" formulation in Article 5(3), and in addition any first-party login would not need a DNT exception as long as it incorporated informed consent (an authentication cookie could be taken as out-of-band consent).
  3. John Montgomery from GroupM Interaction , July 18, 2014 at 11:25 a.m.
    The OPA should also consider that their openly biased approach risks alienating their client base (marketers and their agencies) who rely on third party measurement for targeting insights - so that they can effectively place advertising on OPA member sites.