Ad optimizer Rubicon announced acquired OthersOnline, which is “an “affinity scoring” service that determines how strongly a person is interested in particular brands, products or topics.” Business Week frames this as part of an inevitable consolidation of sources of behavioral targeting data. It sounds like a good occasion to dig into their privacy practices.
Rubicon has been a puzzle for the privacychoice classifications, since like a number of companies in this field, they have no consumer-facing privacy policy. The policy linked from their homepage literally applies only to their customers and visitors to their website. Rubicon’s policy is certified by TRUSTe, which might lead a consumer to think the certification also covers their practices relative to the general public. In this case, TRUSTe certification may mean that Rubicon does not collect any user information, even though consumer browsers interact with Rubicon servers when visiting websites where Rubicon is installed.
OthersOnline doesn’t link to any privacy statement from their homepage, but with some searching you can find a blog post about privacy from February 2007. It includes assurances that personal information is never shared, but no mention of whether or how anonymous information or profiles may be shared, whether sensitive information is collected or what policies apply to deletion, assuming those concepts apply to how their service operates.
We will keep an eye out for any changes to the Rubicon privacy policy. Transactions of this sort often provide a good opportunity for some housecleaning. Even if Rubicon collects no consumer information, a statement to that effect in the privacy policy would be helpful.
UPDATE: Since this post, Rubicon has shored up its disclosures. See my post here.
privacychoice 