• by Steve Smith , Staff Writer, November 6, 2009

Who really owns the privacy relationship with users? Increasingly, most players in the ad technology game are recognizing how much of the debate over personal profiling and tracking is going to come down to sheer communication skills.

Is it surprising that a behavioral targeting industry that was so steeped in deft engineering, clever algorithms and more geek-speak than a sane person can muster, has some problems speaking with users about the technology? Speaking to users at the ad network level is impractical because there are simply too many of them and it is too challenging to capture users at the right point to initiate the conversation about their privacy.

Upcoming enhanced notification policies from the IAB and its consortium partners may help in this regard. But generally, it seems obvious that without some other intervention, privacy ultimately falls upon the content publisher. The publisher is the one who has the most contact with a user, and also has the most to lose if a sense of trust is breached. But as Jim Brock of PrivacyChoice.org made clear at this week's OMMA AdNets conference, most publishers themselves have no idea how many tracking bugs and beacons are being deployed on users coming to their own sites. The complex set of ad network and exchange relationships has made the process of tracking the trackers unwieldy.

Another approach to the privacy management issue is to bring it up another level, to the browser itself. The Network Advertising Initiative this week released a beta version of an experiment in browser-based ad network cookie management, Responding to specific concerns voiced earlier this year by the FTC, this Firefox browser add-on lets users ensure that the opt-out elections they make at the NAI site are retained. As critics have argued, opting out of an ad network at the NAI's site drops an opt-out cookie into a browser that can itself be deleted. This tool monitors the opt-out elections from within the browser to ensure that a user stays opted out. The new add-on is downloadable from the NAI site and installs into the browser.

It works in concert with the NAI opt-out page. When a user elects to opt out of a network, the domain appears in a list of opt-outs in the Firefox plugin. A window of "Protected Opt-Outs" appears in the bottom half of the add-on window that gives the user the formal name of the network and the specific domain excluded.

The add-on was developed by BlueKai, an NAI member, and approved by the other member networks as a technology worth trying. According to BlueKai CEO Omar Tawakol, the idea was to maximize user control and choice rather than bake into the browser a blanket opt-out toolbar. "We decoupled that kind of policy or preference decision from the tool,' he says. BlueKai designed the tool to also be network-neutral and open-source. No data from the tool goes to BlueKai. As well, the tool allows for other opt-out registries to be added by the user. So if at a later date the IAB or DMA creates their own opt-out methods, those registries can be added to this tool so it can protect a user's opt-outs that don't include NAI members.

In practice, the tool does seem to work, but it remains a multistep process that preserves both choice and a  complexity that most consumers simply don't want to bear. A full page of instructions outlines the details of going to the NAI site, opting out, finding the right button for getting update information, etc. For instance, the instructions for changing opt-out preferences involves a user digging into the Firefox browser to find the specific cookie. Sorry, but this isn't going to happen. I am a geek, and even I don't want to have to do this. My wife, daughter, father and most of my neighborhood? Their eyes will likely glaze over by the time they get to the phrase "delete the opt-out cookie," which to most earthlings sounds like a double-negative.

As Tawakol acknowledges, the optimal solution is to have these options baked into the major browsers. Once we do that, then the developers have the opportunity to make privacy management more user-friendly. This is a noble test, to be sure, but it also exposes just how daunting it is going to be for this industry to walk back from the very technical complexity it created on the Web and actually talk to consumers. In my view, the only hope such a scheme has of working with most consumers is to have all of the information about the networks, the opt-out options, etc. in one centralized place, most likely on the browser.

The technical issues surrounding opt-out are not that hard to solve relative to the issue of engaging users with the issue of privacy. A fundamental issue at hand here is how much consumers really want to get involved in managing their own profiles and privacy. Without thrusting the matter in front of most users, the conversation is not even going to happen. According to NAI Executive Director and Chief Counsel Chuck Curran, the NAI site has had about 1 million page views over the course of the last year and "several hundred thousand" of opt-out completions.

The NAI browser tool is an interesting and necessary test of one approach to privacy management. But it also reminds us how early we are in a conversation that consumers themselves really have not opted into yet.