Restoring Trust In Anonymity: A New Social Contract

Advertisers don't want to invade any of their customers' sense of privacy. They just want an effective way of serving relevant ads or content to consumers. Consumers, on the other hand, want free content and privacy.  I believe these needs can be balanced. We just need a new social contract -- one where ads can be relevant without the threat of an invasion of privacy.

To get there, we need to abandon our debated notion of anonymity and replace it with two different standards -- one where verified identity data is captured only with opt-in permissions and one where data is captured in an irreversible, "de-identified" (opt-out) manner.

The concept of de-identification has already entered the thinking of lawmakers. On November 9, Hank Johnson (D-Ga) and Steve Chabot (R-Ohio) introduced a mobile privacy bill that differentiates between personal data and de-identified data. Furthermore, the recent negotiations at the W3C put the concept of de-identification into the debate. So why is de-identification needed?



Anonymity is currently a broken concept. The industry once considered anonymity and non-PII (non-personally identifiable information ) to be the same. The thinking was that if you could serve a relevant ad to someone you didn’t personally identify, then they wereanonymous. Many researchers and advocates disagreed because they believed that with a little work, that anonymity could be broken.

Finally, in 2005, AOL gave researchers their smoking gun. When AOL released a set of anonymized search logs, researchers were able to reverse the anonymity by associating search patterns to identify a lady who searched for her own name. Ever since then, the concept of anonymity (at least among the advocates) has been dead. To further that perception, more recent legislation (i.e., the latest set of COPPA rules) has expanded the definition of PII to include IP address or unique identifiers. 

Finally, the rise of CRM retargeting has shown that companies can attach email identifiers to previously anonymous consumers. That means that a behavior performed anonymously on one site, when attached to an email identifier, can link it a known identity. All of these forces together have transpired to weaken our previous notions of anonymity.

The problem with the current state is that anonymity really matters.  If you can't identify a person there is no "you" that is being captured. Most of the discussions of harm and fear are predicated on the notion that "you" are being followed. That notion usually refers to examples where the identity is known because of an email or Facebook identity. It also includes cases where an identity could be known even if it currently is not. In that case, advocates have been calling for a standard of opt-in.  

Most advertising companies would tell you that they don’t need a verified identity in order to deliver a relevant ad. That is why we need to abandon our current notion of anonymity -- where consumers are not protected from someone re-identifying them and advertisers are not exonerated from the suspicion that they know too much. The current state is no longer working for the ad industry or for consumers and forces a tug-of-war on opt-in versus opt-out. Perhaps we need a more nuanced solution where two different standards should exist.

Standard A - Verified Identity: For an advertiser who has a verified identity or will reliably link data to a verified identity, an opt-in standard should be used. This can be an extension of an advertiser's communication contract with their customers and prospects. (Much like opt-in emails)

Standard B - De-identified:  For an advertiser who only stores data in a profile that will not be linked to a verified ID and that profile is irreversibly de-identified, an opt-out standard should apply.

The key word here is "irreversible." There is an important role that de-identification technology can play in re-instilling a new sense of trust in anonymity -- in a way that won't be challenged or reversed in any way.

Advertisers who identify a consumer should be held to a higher standard than ones who are using data about groups of consumers and are attempting to show ads or experiences tailored to the needs of that group. A new social contract where we split our data capture into two standards will begin to unite this polarizing debate.  


Next story loading loading..