Posts Tagged ‘Behavioral Advertising’
The Federal Trade Commission has proposed revisions that will bring the Children’s Online Privacy Protection Act in line with 21st century technology, largely targeting social networks and online advertisers.
By Alice Cheng
Based on comments solicited last year, the Federal Trade Commission (FTC) has posted proposed revisions to the Children’s Online Privacy Protection Act (COPPA). The Act, which has not been updated since its inception in 1998, may be extended to include social networks and online advertisers.
According to the current regulations, COPPA applies only to website operators who know or have reason to know that users are under the age of 13, requiring the sites to obtain parental consent before any collection of data. In the past decade, an increased ability to harvest consumer information has necessitated revisions. In a FTC staff report conducted earlier this year, the Commission addressed a growing need for app stores and app developers to provide more information regarding their data collection practices to parents. With the proposed changes posted today, the FTC plans to update COPPA to respond to modern concerns surrounding social networking sites, advertising networks, and applications. Under the proposed changes, such third parties may be held responsible for unlawful data collection practices when they know or have reason to know that they are connecting to children’s websites. Mixed audience websites may have to screen all visitors in order for COPPA regulations to apply to users under 13 years of age. Additionally, restrictions on advertising based on children’s online activity may be tightened.
The FTC will be accepting public comment to the proposed rules via the FTC website. Comments will be accepted until September 10, 2012.
National Telecommunications and Information Administration (NTIA) Holds Public Meeting on Mobile PrivacyFriday, July 13th, 2012
The NTIA’s first multistakeholder meeting on mobile privacy focused on ways to improve the transparency of the privacy practices of mobile apps.
By Alice Cheng
On Thursday, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) held a public meeting in Washington, D.C., to discuss mobile privacy. After taking public comment in March on consumer data privacy, the NTIA decided to address mobile app transparency in its first privacy multistakeholder process. The discussion is part of the Obama administration’s push for companies to abide by a consumer privacy “bill of rights,” and is an issue that has been recently tackled by the Federal Communications Commission as well.
As smartphone use continues to grow rapidly, concerns about mobile app access to consumer data have also grown. Through the devices, mobile apps may be able to access sensitive personal information regarding users, such as geographic location. Additionally, privacy advocates have pushed fervently for regulation on digital advertising. The prevalence of digital advertising on apps is not only a nuisance, but can at times be downright aggressive (i.e., ads pushed onto notification bars and phone desktops).
During the meeting, audience members were asked how greater mobile app transparency could be achieved. Suggestions ranged from software that notified users of what information was shared, to the use of icons indicating privacy concepts in lieu of lengthy privacy policies. Others proposed that broader fair information practices should be addressed, as transparency itself would not be helpful without regulations.
While the NTIA’s next steps are unclear, keep in mind that privacy policies should still be as clear as possible. Effective privacy policies let users know how and for what purpose information is collected and used. Privacy lawyers and advocates generally recommend an opt-in approach is where possible, as it allows users to choose what information they would like to share.
Today, the Federal Trade Commission (FTC) issued a final report setting forth best practices for businesses to protect the privacy of American consumers and give them greater control over the collection and use of their personal data, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers.” The FTC also issued a brief new video explaining the FTC’s positions. Here are the key take-aways from the final report:
- Privacy by Design. Companies should incorporate privacy protections in developing their products, and in their everyday business practices. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to ensure that such data is accurate;
- Simplified Choice. Companies should give consumers the option to decide what information is shared about them, and with whom. Companies should also give consumers that choice at a time and in a context that matters to people, although choice need not be provided for certain “commonly accepted practices” that the consumer would expect.
- Do Not Track. Companies should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Increased Transparency. Companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
- Small Businesses Exempt. The above restrictions do not apply to companies who collect only non-sensitive data from fewer than 5,000 consumers a year, provided they don’t share the data with third parties.
Interestingly, the FTC’s focus on consumer unfairness, rather than consumer deception, was something that FTC Commissioner Julie Brill hinted to me when we discussed overreaching privacy policies and terms of service at Fordham University’s Big Data, Big Issues symposium earlier this month.
If businesses want to minimize the chances of finding themselves the subject of an FTC investigation, they should be prepared to follow these best practices. If you have any questions about what the FTC’s guidelines mean for your business, please feel free to contact us.
By Aaron Messing
I will be speaking at SES New York 2012 conference about emerging legal issues in search engine optimization and online behavioral advertising. The panel will discuss Legal Considerations for Search & Social in Regulated Industries:
Search in Regulated Industries
Legal Considerations for Search & Social in Regulated Industries
Programmed by: Chris Boggs
Since FDA letters to pharmaceutical companies began arriving in 2009, and with constantly increasing scrutiny towards online marketing, many regulated industries have been forced to look for ways to modify their legal terms for marketing and partnering with agencies and other 3rd party vendors. This session will address the following:
- Legal rules for regulated industries such as Healthcare/Pharmaceutical, Financial Services, and B2B, B2G
- Interpretations and discussion around how Internet Marketing laws are incorporated into campaign planning and execution
- Can a pharmaceutical company comfortably solicit inbound links in support of SEO?
- Should Financial Services companies be limited from using terms such as “best rates?
Looks like it will be a great panel. I will post my slideshow after the presentation.
(Updated on 3.22.12 to add presentation below)
To understand the genesis of “Do Not Track” it is important to understand what online tracking is and how it works. If you visit any website supported by advertising (as well as many that are not), a number of tracking objects may be placed on your device. These online tracking technologies take many forms, including HTTP cookies, web beacons (clear GIFs), local shared objects or flash cookies, HTML5 cookies, browser history sniffers and browser fingerprinting. What they all have in common is that they use tracking technology to observe web users’ interests, including content consumed, ads clicked, and other search keywords and conversions to track online movements, and build an online behavior profiles that are used to determine which ads are selected when a particular webpage is accessed. Collectively, these are known as behavioral targeting or advertising. Tracking technologies are also used for other purposes in addition to behavioral targeting, including site analytics, advertising metrics and reporting, and capping the frequency with which individual ads are displayed to users.
The focus on behavioral advertising by advertisers and ecommerce merchants stems from its effectiveness. Studies have found that behavioral advertising increases the click through rate by as much as 670% when compared with non-targeted advertising. Accordingly, behavioral advertising can bring in an average of 2.68 more revenue than of non-targeted advertising.
If behavioral advertising provides benefits such as increased relevance and usefulness to both advertisers and consumers, how has it become so controversial? Traditionally, advertisers have avoided collecting personally identifiable information (PII), preferring anonymous tracking data. However, new analytic tools and algorithms make it possible to combine “anonymous” information to create detailed profiles that can be associated with a particular computer or person. Formerly anonymous information can be re-identified, and companies are taking advantage in order to deliver increasingly targeted ads. Some of those practices have led to renewed privacy concerns. For example, recently Target was able to identify that a teenager was pregnant – before her father had any idea. It seems that Target has identified certain patterns in expecting mothers, and assigns shoppers a “pregnancy prediction score.” Apparently, the father was livid when his high-school age daughter was repeatedly targeted with various maternity items, only to later find out that, well, Target knew more about his daughter than he did (at least in that regard). Needless to say, some PII is more sensitive than others, but it is almost always alarming when you don’t know what others know about you.
Ultimately, most users find it a little creepy when they find out that Facebook tracks your web browsing activity through their “Like” button, or that detailed profiles of their browsing history exist that could be associated with them. According to a recent Gallup poll, 61% of individuals polled felt the privacy intrusion presented by tracking was not worth the free access to content. 67% said that advertisers should not be able to match ads to specific interests based upon websites visited.
The wild west of internet tracking may soon be coming to a close. The FTC has issued its recommendations for Do Not Track, which they recommend be instituted as a browser based mechanism through which consumers could make persistent choices to signal whether or not they want to be tracked or receive targeted advertising. However, you shouldn’t wait for an FTC compliance notice to start rethinking your privacy practices.
It goes without saying that companies are required to follow the existing privacy laws. However, it is important to not only speak with a privacy lawyer to ensure compliance with existing privacy laws and regulations (the FTC compliance division also monitors whether companies comply with posted privacy policies and terms of service) but also to ensure that your tracking and analytics are done in an non-creepy, non-intrusive manner that is clearly communicated to your customers and enables them to opt-in, and gives them an opportunity to opt out at their discretion. Your respect for your consumers’ privacy concerns will reap long-term benefits beyond anything that surreptitious tracking could ever accomplish.
Do-Not-Track and Online Behavioral Advertising
If you’ve been listening, you are aware of the Federal Trade Commission’s December 2010 Preliminary Staff Report: Protecting Consumer Privacy in an Era of Rapid Change. (Update: The final FTC Privacy Report has been released.) You also know the Commission has challenged providers to create “Do-Not-Track” technology allowing users to opt-out from on-line behavioral advertising. Reportedly, those things are already in the works. This sounds great, especially to a hermit curmudgeon like me (I can’t delete Flash cookies fast enough). But what are some of the implications of this?
There’s a funny and intriguing article by Jack Shafer on Slate.com in which he ponders who is in the best position to create a web browser that provides robust security for the user. While Mr. Shafer points out that he is not against advertising, he notes it’s not in the best interest of developers to provide iron-clad browsers preventing web-tracking technology because of financial connections to advertising revenue. He also perhaps aptly notes, while he is in favor of the legitimate uses for cookies, “too many Web entrepreneurs observe no limits when they decide to snoop.”
Mr. Shafer postulates there may be a market for such a browser, but includes a quote (sure to become a classic in my book) from his colleague Farhad Manjoo: “I doubt there’s a market for such a browser. People don’t care about privacy. They just say they do. If they did, they wouldn’t use Facebook.”
So, which is it? Are users really ready to give up free content in exchange for privacy? According to a recent Gallup poll 61% of individuals polled felt the privacy intrusion presented by tracking was not worth the free access to content. 67% said that advertisers should not be able to match ads to specific interests based upon websites visited.
What about the other 33-39%? Do they really not care, or are they not willing to give-up the Web they know and love?
How about exploring another option? What if I go to Harry’s Widget Shoppe and I decide to tell Harry that I am extremely interested in buying maroon widgets (we all know they’re the best)? Suppose I also tell Harry to contact me immediately if he comes across any maroon widgets (not blue, yellow or green – just maroon). Why should I have to receive 264 e-mails and see 400 ads in the course of 48 hours from Mildred telling me about how great her blue widgets are? I don’t want blue widgets! I had plenty of them, and they’re nothing but trouble. By the same token, I’m not so hip on seeing 918 ads about teeth whitening either (Note to self: make an appointment with the dentist).
Assuming Mildred paid to obtain my “widget” profile from Harry or one of his network servers, what did she really get for her money? Not much. She probably guaranteed that I won’t buy any widgets from her ever. Well, maybe, if it’s an especially rare maroon widget…you know…like the ones with feathers…and she buys me dinner). I also might not be talking to Harry anytime soon, either. But, I digress…
Harry has valuable information about me. Information that may well be worth much more to an advertiser than the fact that I visited Harry’s Widget Shoppe.com. What if Harry asked me if it was okay if he provided my information to others who had maroon widgets? What if Harry also told me that these others with whom he shared my information were contractually obligated not to send my information on to anyone else without my permission? Ye Olde Only Maroon Widget Shoppe.com might be willing to pay Harry dearly for that information, I might get my pick of lovely maroon widgets, I won’t see constant ads from other widget sellers in which I have no interest, and my in-box would be much more manageable. Oh, and by the way, I would not feel as if I had totally lost control over information about me.
At its heart, control is a form of choice. While realistically, we have very little real choice left in this world, there are some things we still would like to control. I figure a good proportion of that 33-39% might say the same. I might be willing to share some information, and let you pass it on, if I knew you were not surreptitiously taking it from me, and abiding by my wishes.
So, I suppose the upshot is, it looks like it’s time for business to start asking me for my information and what controls can be placed on it. Through that process alone, the real value in the information is revealed, and I don’t feel swindled.
Just some thoughts, but I could be wrong. Let’s take another poll.