Innovating Around Privacy

What a difference a summer makes in the arena of digital privacy. After years of hand-wringing, heel digging, and denials that a problem existed at all, the online advertising industry is now starting to work through tangible proposals for handling consumer and regulators' concerns about data.

In July, a coalition of associations, from the AAAs to the IAB, issued "Self-Regulatory Principles for Online Behavioral Advertising" and promised implementation of standardized site labeling and user notification in 2010.

The Future of Privacy Forum started researching and testing more effective messaging about privacy and online tracking. . And just this week a coalition of privacy and consumer protection groups petitioned the House of Representatives Committee on Energy and Commerce with a long list of specific recommendations for future regulation and legislation, including the creation of a "Behavioral Tracker Registry" of companies that track consumer use online.



As we addressed in our own panel on privacy at the OMMA Behavioral show in July, the industry now has some realistic policy prospects to ponder.

But there are also a number of ways into this issue and an opportunity for a variety of services and product to emerge from concerns about privacy. For instance, how do publishers themselves audit the tracking that is occurring on their own sites? PrivacyChoice has set up two sites, one at for consumers, one at for ad networks and publishers.

 The latter site runs an audit of any Web site to see what tracking cookies and beacons are being attached to it by third parties like Web analytics firms, ad networks, exchanges and optimizers. But more than that, the site has normalized the often obtuse privacy policies of these third parties into four basic categories: user anonymity, data sharing, uses of sensitive data, and policies for deleting user data over time. "We got students from universities to go through the policies and boil them down to the essentials," says Jim Brock, who founded the site.

What comes out the other end is a snapshot of a site's "Network Privacy Profile." For, for instance, the profile discovered 31 known entities tracking the user, from Google Analytics to AdMeld, Akamai to Yahoo. The snapshot creates a grid that give the publisher pop-up description of how each of these entities treats the four categories of privacy. Brock says that many publishers are themselves unaware of the labyrinth of companies they are letting touch their users. He says many newspaper sites in particular are partnering up aggressively to monetize their sites as much as possible. "Another trend is that sites are using optimizers, and that exposes them to a lot of networks. In many cases publishers wouldn't even know who is collecting information."

On the consumer side, is an opt-out service that gives the user two levels of options. You can do a complete opt-out of 91 companies or a selective opt -out of 70 companies that do not follow a threshold of policies and do things like collect sensitive information or share data with others. Brock makes the point that in both sites he is trying to empower consumers and publishers to think about privacy as a set of policy tiers and circumstances where users' tolerance and even willingness for sharing information change. "There is some tracking I am comfortable with," he says. "If I am traveling to New York next week I want to be tracked to find the good deals there. But if I am looking up a medical condition I don't want that to be part of my profile. There are no black and white answers."

From a consumer perspective, the names of individual ad networks and exchanges like BlueKai or Rubicon are meaningless -- and it is ridiculous to think users want to learn about them and then make distinctions about which to let in or not. Instead, consumers know what level of disclosure they are comfortable making. It is all well and good to be more transparent and let consumers see what really is going on at the sites they visit, but that doesn't organize that information in ways that are practical and usable to the visitor.

Brock believes we should allow the industry to innovate around that problem. An industry registry of advertisers would be one starting point. All of the players in the game would have to register all of the domains that track users, register their privacy policies, and alert the system to any changes. Third parties then can use that database to create products and services that inform publishers and consumers more effectively. Browser makers could incorporate this information into their clients so users can make privacy policy decisions that are more granular than "Are you [opt]in or are you [opt] out?"

Complex as the privacy debates are and will become, we are finally at the stage where there are models on the table to consider, test and reinvent. Brock is correct, I think, in suggesting that the privacy challenge is not just a public policy debate where people come down on one side or the other. It is an opportunity to innovate. 

Next story loading loading..