Commentary

Last Chance For Privacy Self-Regulation

by Dave Morgan , Featured Contributor, February 19, 2009

The online advertising industry received some qualified good news on the regulatory front this past week. Friday's headline and subhead in The Wall Street Journal said it best: "FTC Backs Web-Ad Self-Regulation: Agency Lays out Principles for Protecting the Privacy of 'Targeted' Users."

As many of you know, the FTC has spent quite a bit of time over the past two years trying to understand how, with the explosion of new data-driven techniques like behavioral targeting, the online ad industry protects consumer privacy. The FTC was looking to update its principles on profile-based targeting, which were first published a number of years ago and which advocated for strict industry self-regulation. The result of this most recent process was the publication of an almost 50-page document containing the findings and a set of proposed principles for the industry to follow.

I am not going to get into the substance of that document in today's column -- there's too much in it to do it justice in a few short paragraphs. Besides, our trade organizations and trade publications have been doing a great job reviewing, analyzing and communicating the substance of the report already. Rather, I want to highlight several critical messages that were delivered both in the report and the comments of some FTC commissioners.

Simply put, the FTC is throwing down the gauntlet to the online ad industry. While the report still supports the notion of industry self-regulation on privacy rather than asking Congress to pass new laws, it's clear the FTC is not happy with how the industry has performed so far and is openly skeptical that the industry will get its act together.

FTC Commissioner Jon Leibowitz's comments sum it up well: "If the industry doesn't do a better job explaining what they are doing with consumers' information and giving them a choice, then it could easily move to a more regulatory approach." Leibowitz' opinion is very important. Not only has he been very consistent on this point -- it is the same one that he made at the FTC's Town Hall Meeting on the issue more than a year ago -- but many believe that he is a leading candidate to be named new chairman of the FTC.

If you don't believe Leibowitz when he criticizes our industry on data transparency, test it yourself. Go to your own Web site, read your privacy policy, and then visit your site with your browser set to the highest privacy level so that you can see all of the cookies that are being set. Make a list of all of the companies setting cookies and try to explain what consumer information is transferred with every one of those cookies. Then ask yourself what they do with that information. I bet that most of you can't answer these questions, and I also bet that the same holds true if you asked them of your operations and business development folks.

What should we be doing about this? Here are three suggestions:

· Take the protection of consumer privacy seriously. Raise the priority of the privacy issue in your organization. Recognize that privacy is not just an issue for your lawyers. It is a critical part of your basic value proposition with your users and partners.

· Test your own privacy policy. This is the first thing that my good friend and top privacy lawyer Reed Freeman of Kelley Drye recommends to all of his clients. You may be surprised by what you learn.

· Publishers, remove your heads from the sand when it comes to data transfers to partners. The past several years have brought an explosion of new techniques to capture and transfer data about browser activities. Some of today's Web pages contain dozens of pixels, "tags" and third-party delivered objects. Many publishers have no idea what each one does, what information it collects, who is actually collecting or receiving that information, what is ultimately done with that information in the end, and for how long it is stored. Now is the time to find out. Now is the time to demand that each and every partner -- network, advertiser, agency, content syndicator, analytic service, etc. -- explain exactly what is being done, and make their representations part of your contractual relationship.

· Get involved in industry self-regulatory efforts. The IAB, AAAA, ANA and others are now working together to build a new, more comprehensive framework for industry self-regulation. Learn about those efforts and how you can contribute.

Our industry is lucky that the FTC still wants to support industry self-regulation of online privacy protection, in spite of the fact that we haven't been doing a great job of it so far. I think that we're running out of time. The next privacy blow-up could be our last. What do you think?

commentary, legal, privacy

5 comments about "Last Chance For Privacy Self-Regulation".

Check to receive email when comments are posted.

Warren Lee from WHL Consulting, February 19, 2009 at 2:15 p.m.
As usual, Dave, you are spot on. Because of privacy concerns our business model has been adjusted to accommodate and adhere to the strictest standards. Privacy and data protection has become a mantra and it has become our primary concern and is subject number one at all meeting and conference calls.
You bring up great points on the Publisher side especially in light of the spat with FaceBook and their new/old Ts and Cs. Who owns what data, for how long, what are they doing with it, how does this impact individual's privacy and what is the potential for harm/damages to individuals?
One thought: I find it fascinating that there is a debate on about who owns my personal data. Is it advertising agencies, Publishers or, possibly, do I own it?
Reply

Mark Zagorski from eXelate, February 19, 2009 at 2:17 p.m.

Dave --

With all of the wrangling that is starting to occur between agencies, networks and publishers regarding data, it is clear that consumers need to come first in the mix. But before that can realistically happen, not only do better industry guidelines need to be developed, but stronger data control tools for publishers created, so that they have a sense of what exactly is going on on their sites. Targeting data is routinely "lifted" from sites without their knowledge. The BT industry is still in its Wild West phase and unfortunately there are way more Billy the Kids that there are Wyatt Earps out there . . .

Max Kalehoff from MAK, February 19, 2009 at 2:35 p.m.

Dave,
I agree with everything you say above. But I still just can't fathom: with so much collapsing all around us, how does the government have the time to even think about ad-targeting regulation? What am I missing?
Max

Patrick Boegel from Media Logic, February 19, 2009 at 4 p.m.

Is it my personal data that I am channeling thru websites and reading their content or is it the trade off for access to free content?

When a newspaper attemped to create customer profiles of their audience to sell advertisers on the value of their reader did anyone get into an uproar of privacy?

Without question there is risk and transparency on the types of data collected and how it is stored, but I am afraid more of the uproar regarding online targeting methodolgies comes from big old dead media outlets and their lobbying efforts than out of any true impending doom of privacy invasion.

I'd like to listen to radio without hearing an ad for erecticle dysfunction, see a baseball game without an ad for Sham-Wow, log into my hotmail account and not be asked to join netflix. Not because I do not want ads, I just want relevance.

Callie O farrell from The Really Simple Partnership, February 19, 2009 at 4:29 p.m.

Timely as ever Dave. Is the issue about who can use data as opposed as to the fact it is stored?

We all know that any old search engine is fundamentally a massive database. And as such the content is archived ( is it technically archived - I get confused between the retension of outdated versions of data)

So every post we make, every reply we send they'll be watching you.....

Over to the copyright .....

Or data protection?

@calli