Commentary

Take Your Privacy And Shove It

Will the Web break if we stop invading the privacy of our users?

This is the lame argument that has been made repeatedly by executives at industry associations. We keep getting this idea jammed down our throats without any credible data to support it.

Nothing is more annoying than the use of repetition to attempt to get a dumb argument to stick.

Going permission-based will not bring the Web screeching to a halt, and it doesn't have to negatively impact our industry. That's just Fear Uncertainty and Doubt (F.U.D.) selling by idiots. Instead of arguing on facts, they make sweeping half-truths in an attempt to frighten us into compliance.

advertisement

advertisement

I for one, refuse to comply. I firmly believe that you can build a great Web-based business without invading user privacy.

A Game Where Everybody Loses
Why invade user privacy at all? The presumption has always been that taking advantage of user privacy is  good for the industry if you can brush off those pesky privacy advocates in their Priuses and New Beetles.

In order to have a thoughtful debate, we must first understand who, if anyone, is actually the beneficiary of the privacy invasion.

For starters, publishers are not beneficiaries of the current model. Most publishers are being set up to fail by an industry that added tracking and ROI measurement without fixing the problems with creative quality and optimization. Most publishers hate direct response (DR) advertising, because they don't look good when measured on DR. Ironically, they should be using user privacy as an opportunity to hit the reset switch on advertiser expectations and approach.

Users certainly do not win. Nothing is more offensive than the argument that we are using tracking cookies for the user's own good. It is time stop treating our users like the Unwashed Masses. They are more than smart enough to decide if they want us tracking them.

Ultimately, advertisers also lose. We are training them to believe that good targeting makes up for sloppy creative execution. It does not, and never has.

You Can't Make It Up in Volume
After nearly a decade of tossing user privacy out the window, we collectively have petabytes (a million gigabytes for the less geeky among us) of audience data. We know what they search for, what demographics they fall into, what products they buy, and what websites they visit.

Despite all this data, most online advertising still sucks.

Let's stop kidding ourselves and each other. We have not demonstrated we know how to use that data to make advertising better. Just creepier.

Europe Leads the Way
Interestingly enough, the European Union is leading the charge in user privacy. In November 2009, the EU passed a law that within 18 months, companies will have to explicitly get user permission in order to place tracking cookies on a user's site.

While there are some practical issues of the law that have yet to be worked out, the spirit of the law is right on.

The Great Debate (that never happened)
Some of you may remember my challenge to Randall Rothenberg, CEO of the IAB. I have been overwhelmed with emails from people asking when the debate is finally going to happen.

People wanted to hear a healthy discourse, and reach their own conclusions.

Unfortunately, despite his public bluster, Rothenberg refused to debate the issue live among a jury of his peers. I even offered to do the debate athis own conference.

If the people that are supposed to be advocating for our industry are going to pretend to lead us, they should at least pretend to listen to both sides of the argument.

The Road Ahead
We can build the future of online advertising without scorching the earth of user privacy as we go.

First we must stop hiding behind the veil of technology.

14 comments about "Take Your Privacy And Shove It".
Check to receive email when comments are posted.
  1. Patrick Dineen from Nielsen, April 22, 2010 at 11:56 a.m.

    Very good piece.

    One bit struck me in particular... "We are training them to believe that good targeting makes up for sloppy creative execution. It does not, and never has." Totally agree.

    But, most marketers would want and need both to be successful. A great selling message delivered to the right audience.

    Are you advocating for great creative execution and minimal targeting (thus reducing the need for consumer information)?

  2. Tim Leffel from Perceptive Travel, April 22, 2010 at 12:26 p.m.

    If the advertisers got smarter about their media buys instead of just buying eyeballs with cheap CPM ads, they could accomplish the same thing without stomping all over readers' privacy. Even the behavioral ads on my sites are completely irrelevant compared to the ones bought direct by an advertiser taking the time to match their campaign to the readership. The web allows hyper-specialization already, even more so than magazines, yet advertisers keep purchasing through networks that place them anywhere and everywhere for cheap. Of course the click-through is terrible, even when they're tracking their users' every move.

    Your typical web surfer is doing research, doing work, helping a kid with homework, checking bank balances, watching videos, clicking on links their friends sent---all on the same browser. The profile you get from all that is complete garbage. Advertise on the sites that reflect their hobbies and passions, however, and they'll care.

  3. David Koretz from Adventive, Inc., April 22, 2010 at 1:35 p.m.

    @Patrick, Thanks! I am not advocating for minimal targeting. I think we can do as much targeting as our users *agree* to.

    Targeting is important and has its' place. The key is that we need to be straightforward and honest with our users about what we do and how we do it.

    David.

  4. Edward Hunter from Loop Analytics, April 22, 2010 at 2:20 p.m.

    It's always interesting to me when people use the word 'privacy', but then don't bother to speak to what they think privacy is or is not.

    With all due respect, I think this particular argument, and the 'challenge' to Rothenburg are both pretty myopic and really just bounce up and down shouting 'invading my privacy!' with no real dialog about what that means.

    A great example, 'going permission based'...

    Permission to do what? To drop a cookie? To store a social security number? To perform retinal scans on children?

    Going 'permission based' as described, or rather , not described here and then having it Federally regulated?

    The Fed hasn't proven particularly adept at proactively protecting the public from anything, thats just a fact. Our financial policies have all changed to protect consumers already sacked and pillaged by the rogues in the finance industry. Reactive policy that *may* prevent the same things from happening again - but will probably still fail to protect the public from 'whatever else' they didn't think of.

    And, to have a thoughtful debate, as you put it, 'we must first understand who...is actually the beneficiary of the privacy invasion.'

    That's nonsense. The first thing we must understand is, what is an invasion of privacy and what isn't. You seem to be talking about tracking cookies, but what about web server logs? What about cached images or data? What about data stored in XML to preserve state?

    Many of these things maintain an 'understanding' of what a visitor has or has not done before - without them however, there are limited ways to understand the currency of digital content, heck, without some of them no one has any idea at all what is happening online.

    But, aren't all of these things inherently similar to tracking cookies? Web servers grab IP addresses and understand every click and page view that occurs on a site - isn't that, by your definition, invading privacy?

    If anyone is using 'FUD' here, it's you. But you're also selectively painting only parts of the picture. You say that 'some practical issues of the (EU) law that have yet to be worked on'.

    Interestingly you leave out that some of those 'practical issues' nuke a lot of online advertising capabilities, but also ad effectiveness and oh also, Webtrends, Omniture, Google Analytics. Slant the facts in your favor much?

    The facts are simple. Don't want cookies? Block them. Delete them. All browsers still allow the ability to completely stop cookies.

    Perhaps you recommend to the people that buy into your fear mongering works on to try using roughly 5 to 10 clicks of their mouse to protect themselves.

    Because it's just stupid to think our legislative bodies will do anything beyond making things incontrovertibly worse and even though you don't reveal it here, the EU legislation proves it.

    Privacy is relative to the action taken - maybe some don't feel we need our governments to think for us, maybe some might even feel like they can protect themselves.

    Maybe we understand as publishers and researchers and advertisers that we can fall burning in flames if don't protect consumer privacy because we've seen it happen before and, we also happen to be consumers.

    Parts of digital ads have gotten creepier - theirs always a darker side to the evolution of any medium. But to claim that it hasn't made it better proves only you don't really understand the pretty sordid history of web advertising.

    Had you a broader knowledge of that history, you'd know that the early to mid days of web advertising were like sitting at your computer with a page covered in carnie style hawkers, flashing banners at you, strobing your text on and off - none of them with any relevance to you at all, regardless of the context of the page content.

    Sloppy creative execution, amazing creative execution, whatever. If you have no sense of who is seeing what, how often, and you eliminate all ability to get at ROI outside of the click you've just succeeded in making advertising online dramatically more expensive, less effective, more overbearing on the consumer substantially less relevant.

    What are you gonna do, target people on Facebook with ads targeted at 'people who use Facebook'? Cool, well, thats everyone so, nicely done. Yes, you can do a lot to target using an understanding of who is attracted to what content, etc.

    Unfortunately, a lot of the understanding of who is attracted to what content in the hundreds of millions of sites out there - IS TRACKING.

    You don't seem to grasp how properly collected data has improved the planning, execution and ROI measurement of digital campaigns doesn't mean anything other than you simply not understanding something many of us do understand and quite well.

    You say this notion the web will break is being crammed down our throats by industry execs with no credible data.

    First of all that isn't being said - it's being said that it will break internet advertising - and it will.

    Representative Rick Boucher said, “If someone does not want a website he visits to use information it collects to deliver ads to him, he should be able to opt out of that use.”

    We already can. It's called blocking cookies and it's about the easiest thing in the world - maybe we don't need a federal budget of a billion or so a year to deliver a capability we've had since the invention of the cookie.

    He continues on to say: “if a website wants to provide information to an unrelated third party, it should procure that Internet user’s affirmative opt-in consent.”

    Really? So, in that respect, shouldn't this apply to everything? What about circulation auditing? Market share and rating systems I mean gosh, those are run by third parties too aren't they?

    Theres little doubt as to why your call for a debate has gone unanswered. Most prefer to debate in situations where the opponent truly understands the subject at hand.

  5. Ari Rosenberg from Performance Pricing Holdings, LLC, April 22, 2010 at 3:13 p.m.

    Edward, your insight is greatly appreciated -- I really mean that --"we" don't have all the answers regarding privacy and all of it's technical intricacies that you are intimately aware of but that doesn't make us idiots either and I am personally willing to forgive the condescending nature of your comment -- I am sure you are just frustrated and human -- which is what we on the other side of this debate are as well -- so I ask you to consider this; whatever umbrella covers "privacy" -- giving the user the choice to OPT IN for these subsequent "improvements" versus forcing them to understand and undertake the responsibility for opting out is NOT a technical issue it's an issue of courtesy -- and as an industry who invented pop ups, pre-rolls, rollovers, floating ads and auto-plays that we sell to advertisers while frustrating consumers -- we should consider backtracking on this issue and getting it right which means "opt in" versus "opt out" -- that's all David is suggesting and what many of us agree with.

    Ari

  6. Edward Hunter from Loop Analytics, April 22, 2010 at 4:20 p.m.

    @Ari

    The 'lame argument' mentioned in the article here isn't in reference to opt in vs. opt out, at least not strictly speaking.

    It's speaking directly to Rothenberg's blog (and others) in response to proposed legislative controls, and calling out people requesting that all tracking, even audience measurement, be opt in, as heavy in misinformation and even disinformation - and he's right.

    It was speaking to the fact that this article calls out people like Rothenberg and asks them to bring credible data when both quoted articles contain 100 times the credible data than this one.

    I'm not sure why many others were equally disturbed by this .

    Meanwhile, it's a lot less complicated and dangerous to educate consumers on how simply 'turn off' the ability to track them than it is to place government controls on our industry.

    Off the top of your head I bet you can come up with at least 3 or 4 completely disastrous bills that have been passed by our legislative branch regardless of who sits in the White House.

    Legislatively mandating that people be given opt out control is extremely dangerous for several key reasons if the frightening implications in the EU legislation aren't enough.

    1) Consumers don't understand much of the nature behind tracking - they won't differentiate between tracking for advertising, web analytics tracking, or tracking personally identifying data. Combine this with the fact that the loudest noisemakers in this debate are also the ones calling everything an 'invasion of privacy', and consumers will hear that voice the most. Will even the barest percentage of tracking remain? Even for very well established, non-invasive and useful data? Not a chance.

    2) By legislating this, we move it out of the control of consumers & industry. We will see lobbying for special consideration for 'some' but not all, we will see incredibly complex and difficult to understand policy and it will cater to special interests regardless. The only thing placing this in the hands of big government accomplishes is a huge mess.

    3) People aren't stupid. It took forever for the use of credit cards online to gain real traction - was it because it wasn't safe? No. It was safe for years before it gained traction but the consumer was terrified - not because of fact, but fiction . Today, as our economies health depends on Ecommerce, most consumers have managed to navigate the perils of online purchasing just fine and we're not spending billions in taxpayer money to accomplish it. Education, not legislation, is the key to solving any privacy issues that exist. Publishers who care about consumer privacy inform their audience - this is what we collect, this is why, and this is how you opt out - plain and simple.

    Give consumers a giant off switch and it's lights out web economy from online advertising, ad effectiveness, web measurement perspectives to name a few and it's a path that once we go down, we'll be ill equipped to return from.

    And my friend, this entire article is condescending and it isn't the first. I didn't refer to supporters of opt in vs. opt out as idiots, in fact I don't recall using that word - the article does - in paragraph three-ish I think.

    I found, after only a few moments of reading the article that I was reading something asking for people to step up with credible or complete data - that itself failed to provide.

    And when someone is willing to link to developments in this industry, (the EU policy) but yet not tell the whole story? That needs to be called out.

    Was not trying to be condescending in the least, if anything, I felt I was responding to what I felt was a pretty condescending tone that was informatively lacking and shortsighted.

    This is a tremendously important topic that could crush our digital economies if not properly handled by everyone.

  7. David Koretz from Adventive, Inc., April 22, 2010 at 5:12 p.m.

    @Edward,

    I am asked to write 650 words of my opinion each month, not a 20 page academic whitepaper .

    Your comment is nearly twice as long as my whole column...

    Yet your 1,000+ word response ignores the basic premise of my argument: that we can indeed ask user's for permission.

    I have spent 15 years building Web-based applications. I created one of the first Software as a Service companies, and the "break the Web" argument is utter crap.

    As for Mr. Rothenberg, a coward by any other name is still a coward.

    David.

  8. Jeff Einstein from The Brothers Einstein, April 22, 2010 at 5:23 p.m.

    Good piece, David. But Edward, methinks you doth protest too much. Beyond the obvious need to define privacy, identify how and where targeting technologies challenge it, and what if anything we might be able to do about it, I would argue that the effectiveness of the targeting technologies you seek to protect is purely mythological in the first place, and little more than high-tech snake oil.

    Tell me, where are the net gains that we've gleaned from our ill-advised obsession with targeting? Seems to me that what we've created is a scenario wherein we now have the wherewithal to target everyone, offend millions of consumers and expose advertisers to risky technologies in the process, and -- at the end of the day -- reach no one. Unfortunately, however, branding is a function of reach.

    We can tinker all we want with the metrics, but no big advertiser will ever commit big ad spends in the absence of big reach -- because that's all they ever truly want, despite any lip service to the contrary. (Besides, metrics never describe what works as much as they describe what can be sold.)

    Many of the online privacy problems we now debate are directly related to our ongoing and escalating obsession with targeting (despite any evidence or proof that it actually does anything except promote the ire and scrutiny of consumers, legislators and -- most important -- advertisers alike).

    In a classic example of how we become our attention, we asked precisely the wrong question back in the mid-1990s when we asked, "How can we target the audience?" The better, more liberating and far more productive question was, "How can we reach the audience?" Digital marketing will forever be consigned to niggardly "special" marketing budgets and remain in perpetual test mode unless and until we can deliver the one thing big brands really want: big brand reach. We have indeed become our attention.

    David, let me know if you want someone to sit with you when it comes time to debate Randall about privacy or the "efficacy" of digital marketing. Happy to oblige. In the meantime, let's talk reach...

  9. Michael Perham from CrossTech Ventures, LLC, April 22, 2010 at 5:39 p.m.


    With articles like this, I think we're a long way from changing our mentality
    http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=126565

  10. Edward Hunter from Loop Analytics, April 22, 2010 at 6:30 p.m.


    It doesn't matter how long you've been in the business, if you read EU legislation or proposals by members of our own Congress, then how can you deny the implications it has on way more than targeting ads.

    While you might claim I ignore the basic premise of your point, I'd claim you simply fail to respond to the points offered up as debatable, for instance - how broad the impact of going strictly enforced permission based opt in will be?

    Maybe you're missing the point. I wasn't calling you out because you think people should have the ability to opt into ad targeting.

    I don't disagree, I'd merely point out that they have the ability already. Reversing our industries approach the way you advocate puts a dangerous button in their hands.

    We'd spend way more time educating them on when to push 'yes', than we would educating them on how to simply say 'no'. Tack on legislation? Great; now it's also complex, costly and potentially way over intended scope = destructive.

    You claim that no credible data supports the idea that the web won't be wrecked by enforced consumer opt in when it clearly does exist.

    The motives behind opt in are noble, the points about ad targeting - well placed.

    But where is credible data that this reversal of approach to targeting and tracking can be achieved without tremendous collateral damage to other vital forms of tracking & measurement that also become opt in as a result?

    You seem to support the EU legislation though its potential threat to the web clearly and expressly extends beyond targeting ads - web analytics, third party validation of publisher reach, like ad effectiveness research.

    Multiple core currencies on the internet could suffer massive disruption with no easy way to reverse course.

    For many of us, this argument is only about opt in for ad targeting because every pundit out there in favor of it refuses to see the reality that you don't just lose ad targeting in this scenario.

    Here's a direct question: Would the EU legislation that becomes enforced across the board by 26th April 2011, help or hinder the web economy if a similar approach is taken here?

  11. Ari Rosenberg from Performance Pricing Holdings, LLC, April 22, 2010 at 11:35 p.m.

    Edward, you are making me smarter on this subject -- thank you for doing so and I am not at all offended by your insight and opinion even though it differs from my own -- to answer the question you posed -- will the EU legislation hinder the online economy if mimicked here in the U.S. -- yes -- from what I can gather it certainly will -- but the economy has been built upon the premise that users want all of this tracking and all I am saying is that we need to ask their permission first and then build the economy based upon those who say yes and deal and adjust to the economy for those who say no -- your position, and the position of the IAB and others is to avoid empowering consumers with that opportunity to choose to participate, but rather show them ways to choose their way out -- we got this wrong out of the gate and despite the economic ramifications we should correct it.

  12. Edward Hunter from Loop Analytics, April 23, 2010 at 8:53 a.m.

    @Ari I think we agree that targeting hasn't been properly executed and need to be fixed in favor of the consumer. The disconnect is in how this should be approached.

    Let's face it, even a train speeding towards a head on collision doesn't avoid calamity by throwing the emergency brake - the destruction caused would compare to or rival the averted disaster.

    When you consider this theory applied to the 'let's just completely revert over to permission' model for making things right with the consumer, you stand a far larger chance of including them in the resulting aftermath than you do saving them from the 'horrors of targeting' without permission.

    I was a vocal participant in debates on cookies back in 1994 when Netscape began to support them. There was no notification of the presence of a cookie back then, something most of us felt was a complete trashing of privacy. By 1997, after the FTC held it's hearings on the matter, the IETF began exploring the issue as well as alternate methods of managing state on the web.

    Kristol and Montulli from Netscape proposed RFC2109, which would have banned third party cookies altogether but was largely ignored.

    A couple years later, RFC 2965 was introduced and was very clear that informed consent should be in place and that both the browser and the server should participate and assist in this process.

    Abuse of cookies has been present since they were invented, but so has an abuse of disseminating consumer misconceptions about them.

    As many are aware, Jupiter's research showed that consumers consistently believe that cookies are virus like, only used for ads, pop-ups, etc.

    Long story short(er), is it right to track people for the purposes of delivering ads without consent? No, it isn't.

    But transparency and education are the solution, not a shut down of the system without consideration of the impacts.

    I'm probably much more of a radical when it comes to privacy than anyone here; I believe that capturing or storing personally identifying data without consent should be a jailable offense comparable to identity theft. I think that interacting digitally with children without parents expressed consent should be regulated.

    I was extremely vocal (I know, you're thinking..wait..you? No...) about even the size of the data allowed to be stored in cookies when the debates were occurring.

    But most of us reading this earn our living online, we put our children through school with the careers we have that revolve around our digital economy and yes, that means advertising. Let's be very careful about what we do here and for gods sake DON'T allow legislation to handle it.

    $1200 hammers anyone?

  13. Stuart Long from HotFussDesign, April 26, 2010 at 4:41 p.m.

    The problem with the subject of privacy is that it always brings up cookies. The result is a growing public fear of cookies based on a combination of ignorance and paranoia. The final result is a loss of income for publishers.

    The solution is to rebrand cookies by giving them a new name and a new identity that won't frighten consumers. Everyone knows the difference between good software and malicious badware. Rebranding ad cookies to differentiate them from bad cookies would be a step in the right direction.

  14. Edward Hunter from Loop Analytics, May 10, 2010 at 9:43 a.m.

    I completely agree. Another very useful change would be to identify the specific use of cookies, e.g. targeting vs. maintaining or preserving state.

Next story loading loading..