The sheer ubiquity of analytics code raises an obvious question: Is website analytics data used to target advertising?
The question gains importance given the growing overlap between analytics providers and ad networks, where Google is the biggest in each market. It has the widest footprint in selling and serving ads through the AdSense network and DoubleClick. It also also gives away Google Analytics for free to web publishers, which is present on over three-quarters of the sites sampled for privacychoice. For customers who are also advertisers on Google networks, the appeal is an integrated end-to-end cycle — from ad click through user actions taken on the site — enabling publishers to connect the dots for a more effective ad spend. The other analytics providers include a handful of enterprise-grade platforms like Omniture. Once Omniture becomes part of Adobe, they may have access to a larger web-wide footprint through the huge installed base of Flash applications (also widely used in ads).
Yahoo! also offers its own analytics product to advertising customers, and Yahoo! makes it clear that analytics data is leveraged to target advertising. User activities on sites running Yahoo!’s analytics program can be associated with the user’s account and activities on Yahoo!’s family of sites. For purposes of disclosure, websites using Yahoo!’s service are directed to include specific language in their privacy policies and a link to more information. According to Yahoo! search, around 3,000 sites carry the required language:
“We use third-party web beacons from Yahoo! to help analyze where visitors go and what they do while visiting our website. Yahoo! may also use anonymous information about your visits to this and other websites in order to improve its products and services and provide advertisements about goods and services of interest to you.”
Yahoo! can connect user activities from its analytics network with Yahoo!’s sites or ad networks. Does Google?
The answer is, probably not, if only in light of Google’s other practices. DoubleClick requires each participating website to make a special privacy disclosure about the use of information for ad targeting, and provides an opt-out cookie for consumers. Google Analytics has neither. Also Google analytics collects user information through a different domain (google-analytics.com) than they use for their ad networks (doubleclick.net, googlesyndication.com and others). While this doesn’t mean they can’t use analytics data for ad targeting, it does make it harder as a practical matter.
However unlikely it may be, given the huge but invisible reach of Google Analytics, it’s reasonable to expect an express statement from Google. This could be as simple as: information gathered via Google Analytics is not associated with other Google user information or used to target advertising.
Google’s general policy is particularly unhelpful in explaining how user information is handled by Google Analytics. In the explanation of data gathering via cookies, IP addresses and such, matters are framed with “when you visit Google'” or “when you access Google services.” Who even knows they are using Google services when they happen to trigger Google Analytics code on a third-party site? But still you will find no express statement about mixing analytics and targeting data.
Turn from the consumer disclosures to the terms of service Google Analytics provides its analytics customers. There you find this express statement about the use of information:
The policy does go on to say that, although Google may retain and use the information, it will not share any site’s information with third parties. But by implication, Google still can use the information to target ads, so long as it does not disclose the targeting information to advertisers. The fact that Google probably doesn’t use analytics data this way isn’t the point. What is needed is a statement that makes Google accountable for that policy. In crafting privacychoice summaries, this ambiguity in Google’s policies means we cannot assume that users are anonymous to Google when they are on sites using Google Analytics.