Now, in hopes of heading off privacy-related criticisms at the pass, behavioral targeting company AlmondNet recently tapped a privacy consultancy--Chapell & Associates--to develop a privacy strategy.
With the move, AlmondNet joins the growing roster of behavioral targeting companies that have recently hired privacy officers. Tacoda, for instance, hired former Real Media co-founder Mark Pinney as CFO and chief privacy officer last November. Claria, which recently launched a behavioral targeting network, also last year brought in a chief privacy officer--D. Reed Freeman Jr., a former Federal Trade Commission lawyer.
Roy Shkedi, the CEO of AlmondNet, said the company hasn't yet received any complaints about its privacy practices. "We want to have a privacy-friendly behavioral-targeted ad service, so we retained Chapell & Associates to help us make sure that our strategy is in the forefront," he said.
But it's clear that others in the industry are concerned about how consumers will respond to such techniques, especially as they become more common and better-known. Speaking at a behavioral targeting conference last month, Tribal DDB CEO Matt Freeman said: "How we do it will make all the difference ... We have a bad history of misusing the things we can do."
Alan Chapell, of Chapell & Associates, said that the behavioral targeting space has come under a good deal of scrutiny because of consumer ire over adware and spyware.
But, he said, best practices for behavioral targeting remain a bit murky. The dilemma facing the companies is that to effectively target ads, they need to have a lot of data collected about consumers, but consumers aren't always so interested in providing it. "You need to have a score of information on consumers, but consumers have indicated that they might not be comfortable with that level of data sharing," he said. "But on the other hand, they're also not comfortable with ads that are not relevant to them."
Privacy expert Ari Schwartz, an associate director at the Center for Democracy and Technology, said that devising best practices shouldn't be that difficult. Rules laid out in the late 1980s by the Paris-based Organisation for Economic Cooperation and Development are a good starting point, he said.
Those standards, initially created to guide governments in using data collected about citizens, state that information should be collected fairly and lawfully, with the consent of the subject. The guidelines also state that data should be collected with a specific purpose in mind at the time of collection, used only by the authority of law or with the consent of the subject, and kept secure. Companies collecting data should be open about their practices of collecting data, allow individuals to find out if there's any data about them, and be accountable for compliance with all standards.
In practice, companies that do not tie any identifiable personal data and delete the information after a short time would largely follow the OECD's guidelines. "If you're talking about the best practices, we would look towards something that deletes historical information, and does not [use] personally identifiable information," Schwartz said.