No mention of retention (results of our policy review)

In the course of our research for privacychoice 2.0, we’ve been surprised at how hard it is to get a handle on the data retention policies of the ad and tracking networks.  This is despite the fact that data retention practices are a key disclosure point for consumer online privacy. The FTC principles called this out:

To address the concern that data collected for behavioral advertising may find its way into the hands of criminals or other wrongdoers, and concerns about the length of time companies are retaining consumer data, the FTC staff proposes:  Any company that collects or stores consumer data for behavioral advertising should provide reasonable security for that data and should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need.

Here’s what the NAI guidelines (PDF) require of their members:

Each member directly engaging in [Online Behavioral Advertising], a) Multi-Site Advertising and/or Ad Delivery & Reporting shall clearly and conspicuously post notice on its website that describes its data collection, transfer, and use practices. Such notice shall include clear descriptions of the following, as applicable: …  The approximate length of time that data used for OBA, vi. Multi-Site Advertisiisiising and/or Ad Delivery & Reporting will be retained by the member company.

In reviewing the policies of 63 targeting networks, here’s what we learned:

1. Most companies don’t disclose their retention timeframe, or do so obliquely.

Suprisingly, for 41 of the companies (nearly two-thirds), we could not find an express statement of how long consumer data is retained.  In the NAI membership, we could not find such a statement for any of these companies:

24/7 Real Media (WPP) (retention provisions added 12/09)
AlmondNet
Audience Science (added two-year retention period 12/09)
Microsoft (subsidiary Atlas discloses a 2 year timeframe)
SpecificMEDIA
[x+1] (retention provision added 11/09)

Two of the other heavyweights in the NAI — Google and Yahoo! — have published information about their retention practices, in the press or on their blogs. (Here’s a round up of some of these statements.)  But as far as we could tell, they have not included an express timeframe in their privacy policies, where a consumer would expect to find it.

2. Retention periods vary widely, but the trend is toward a year or less.

Of those 22 networks who have put a time frame in their disclosure policies, there’s a wide range, but with accumulation at or below one year (particularly for the larger networks).

One year or less:  13
Over one year but not more than 2 years: 6
Three years: 2
Indefinite: 1

Special mention goes to Fetchback, which is clear in their disclosures that they retain the information indefinitely. Whatever you might think about that policy, at least the disclosure is clear and where a consumer would expect to find it.

For 41 other companies:  Until your policies are more clear, consumers and (yikes) regulators can fairly assume that you are also retaining and using the information indefinitely.

Behavioral targeting and the bottom line

Since behaviorally targeted advertising represents a fast growing share of the overall market, we’re starting to see interesting references here and there to its relative value and pricing. Here are a couple from quarterly earnings calls.

From the ValueClick Q1 2009 call (courtesy of Seeking Alpha), emphasis mine:

Tom Vadnais [CEO]

On the pricing issue, we don’t really disclose details on the pricing, but the way the scale works is that the normal CPM rates for display advertising without targeting and without vertical networks and so on, that tends to be the lowest price that we offer. But what advertisers are finding is using our technology. While is the price is higher, they are using targeting technology, the conversions are much higher, so the ROI for the investor or for the advertiser works out very well. So it’s a scale of without targeting, with targeting there is a higher price and then our vertical networks are higher price yet because you are dealing now with very targeted audience that we know is interested in the vertical that we are serving those ads for. So that’s kind of how the scale works, but we don’t disclose the specific numbers.

Youssef Squali – Jefferies & Co.

But just to get a sense of the magnitude, is it two times X? Or is it –?

Tom Vadnais

Yes, I am sure you can imagine, there isn’t like a rate card here that we use, everything is variable. But the targeting – all I can really say there is, it is higher, it’s certainly multiple higher than without targeting and that’s really isn’t as relevant as what the return on investment is that the advertiser is looking for. So it’s not really what you pay for the serving, it’s what you get at the end, that determines the return purchases. And there is still a demand for non-targeted display, but that demand is shifting over towards targeting.

Over on the Scripps Q1 call (also courtesy of Seeking Alpha), behavioral targeting via Yahoo! is where they see all of the growth:

Mark Contreras [SVP Newspapers]

Probably the biggest place where we’re seeing growth and the biggest contributor to that 30% growth in pure play is behavioral targeting with our Yahoo! partnership. All of the verticals – auto, real estate, help wanted even – are down, but our ability to sell behavioral targeting has really caught on with our advertisers and particularly with our sales forces. We compete in the consortium with other companies – we’re members with other companies, I should say – and we’re very proud of the results that we’ve driven so far. We’re kind of at the top of the consortium in terms of gross dollars sold in that. So that’s really what’s driving the pure play number the most.

Best practices for opt-outs: looking for input

After a number of conversations this week with ad networks, and seeing the wide variety of approaches networks take to the process, I gathered in one place a list of best practices for implementing consumer opt-outs. My hope here is to provide a handy reference to the chief privacy officers and other folks at ad networks who are on the line to make opt-outs work effectively for consumers.

This is a first draft, and will benefit from your comments, suggestions and links to exemplary opt-outs. If anyone knows of other lists like this, please forward those so I can add links.

Check it out!