Mastercard’s exemplary opt-out

I just came across Mastercard’s site, which provides users with the ability to opt out of the aggregation and analysis of their behavioral data. This is interesting not only because it’s an opt-out within a single site (usually we only see them for data collected across sites), but also because of how it is implemented. Mastercard seems to store the opt-out preference via a Flash cookie (local stored object).

Of course, as discussed in prior posts, this is the most durable approach for consumers. My comments filed for the upcoming FTC Roundtable suggested that, at the very least, tracking companies should maintain proportionality between the methods they use to gather information and the methods they use to signify the opt-out; which is to say: if a tracking company gathers user information via Flash cookies, then their opt-out mechanism should use Flash cookies as well.

Mastercard’s opt-out is also interesting as part of a larger trend: more and more individual companies and advertisers — and not just ad networks — are starting to collect deeper behavioral information within their own sites and across websites where they advertise. While it is good that many of these companies recognize the need to offer enhanced disclosure and choice, implementing and managing opt-outs is becoming much more difficult. Any serious industry effort aimed at consumer choice will not expect average users to decipher this on an ad-by-ad basis. A truly usable disclosure and choice platform will provide aggregation, both at the website level and across tracking companies based on policy patterns and certifications.

Who’s data are they, anyway?

With so much attention focused on the technical complexity of behavioral targeting as it affects consumers, you might not realize how the same issues challenge the daily dealings among companies in the advertising ecosystem.  You can see this in new guidelines announced today by ad-industry trade groups, who have revised the standard contractual template used by website publishers and advertisers for ad-insertion contracts. As a technical matter, the operational interactions involved in fulfilling these contracts often involve an unavoidable exposure of targeting information that is proprietary to one party or the other. As explained in a summary on Mediapost:

Among other changes, the updated terms and conditions restrict advertisers’ ability to retarget users based on information collected at publishers’ sites. That is, advertisers (and their agencies) can’t now decide to send a second ad to users simply because they already viewed a first ad at a particular publisher’s site.

“The fear is, agencies have been harvesting this data for free — or want to — and that’s not part of the current business model,” [Jeremy] Fain [of the Interactive Advertising Bureau] says. “If an agency wants to buy the data from a media company, that’s fine, but it has to do so in a separate negotiation.”

The new terms and conditions also state that media companies can’t create profiles based on how users interact with particular advertisers. “If, for example, it is known that a media company has only one auto brand advertising on its site and it develops a behavioral targeting segment called ‘auto enthusiasts’ based solely or substantially on user interactions with ads from that one auto brand, it would be a breach of contract,” the guide to the new terms says.

These business-to-business issues have parallels in the business-to-consumer world. Websites and advertisers would agree that even though they each  may record and store valuable targeting information belonging to the other, they will use it only for the specified purposes. Likewise, ad targeting firms make promises to consumers in the form of privacy policies, such as commitments to segregate behavioral information from personally identifiable information or restricting how long it can be retained. In either case, a great deal of trust is required, since it is practically very difficult to verify compliance when the information is stored and used via complex back-end systems.

The trust level required only increases as advertisers become more directly involved in ad targeting (a trend we see in the PrivacyChoice database of third-parties present on top sites), and as ad exchanges and demand-side networks increase the number of players at the table in the ad marketplace. The good news may be that, to the extent technology and auditing practices evolve to validate B2B compliance in advertising contracts, they also may offer ways to better assure consumers that they too can count on privacy policies to be enforced.

CDT’s recommendations on targeting privacy: how does the PrivacyWidget compare?

In connection with today’s FTC Roundtable, the Center for Democracy and Technology released their views on a “comprehensive regulatory framework” for online behavioral targeting. I’m pleased with the alignment between the CDT’s recommendations and the features and services we are demonstrating at PrivacyChoice, particularly in the two key areas of Transparency and Individual Participation. Here are excerpts from the CDT’s conclusions that are most relevant to our efforts (emphasis mine):

• Transparency

o Consumers have the right to clear, prominent and meaningful notification about how their personal information is being collected and used.

o Notice should occur distinct from privacy policies and terms of service. Notice should be located on every Web page where such data collection or use occurs and should link to more comprehensive disclosures.

o To optimize the effectiveness of any notification scheme, an element of standardization in notifications and disclosures should be implemented.

o Notice that links to a trade association Web site is insufficient. Notices should link to information that describes the specific companies that are tracking the consumer, including any companies tracking the consumer through an advertisement, the companies that have contributed data about the consumer to behaviorally target the advertisement, and other data collection objects on the Web site the consumer is visiting.

o The content of disclosures should be clear and comprehensive.

• Individual Participation

o Every Web site where data is collected for the purpose of behavioral advertising should either provide consumers with a clear, easy-to-use opt-in or a centralized, comprehensive and easy-to-use means to opt-out of data collection and use.

o A consumerʼs choice should be (1) available for the consumer to view and change, and (2) persistently honored until the consumer decides to alter his or her choices.

o Consumers should be able to access, and delete or correct, data that is being collected about them and the profiles being constructed in connection with behavioral advertising.

The PrivacyWidget provides a good start on demonstrating how the industry can begin to fulfill these recommendations. Here’s how:

• With the widget, notice can easily be placed on every webpage where data collection or use occurs, and can be clearly distinct from other privacy notices (websites can anchor it anywhere);
• The widget automatically shows all companies present on the webpage (or website), which should include the companies contributing data about the consumer because those companies must be present on the page to leverage their tracking data by reading a cookie or IP address;
• For each targeting company present on the page or the site, the PrivacyWidget automatically provides links to relevant privacy policy excerpts and opt-outs, without requiring the consumer to open a new page;
• The user’s choices are remembered and available for the consumer within the same site and across sites; and
• The experience integrates a browser add-on to “persistently honor” the consumer’s choices.

Later this week we will be opening up the PrivacyWidget for any website to install and start testing. The most important feedback will come from real consumers who, for the first time, will actually have enhanced disclosure and choice easily available within the context of the websites they use and value.

The critical role of websites in ad-targeting disclosure: PrivacyChoice’s submission for the FTC Roundtables

In advance of the FTC Privacy Roundtable Series starting next week, I was pleased to contribute an analysis of ad-targeting policies and practices based on information in the PrivacyChoice database.

My submission supports what everyone already knows: the current self-regulatory approach is not working to provide consumers with meaningful disclosure and choice when it comes to online behavioral advertising. This does not necessarily mean that government regulation is necessary; it does mean that it’s time for a new approach.

Here’s the most important finding:  NAI members are outnumbered by non-NAI members on popular websites. Although NAI members have huge reach in terms of ads served, companies outside the circle of best practices still gather and use a great deal of information about consumer activities and interests. This led me to conclude in the report:

Website publishers are not fully considering privacy impacts when they enable ad targeting on their websites.

Recommendation: Websites employing ad targeting should provide enhanced disclosure and choice at the webpage and website level. This supports greater accountability among websites and advertisers and provides the easiest and most complete user experience.

The key to an effective self-regulatory approach is to ask websites to be more directly involved in disclosure, as first called for by the IAB and BBB guidelines published in July. This will have two benefits:

1. With targeting disclosure linked from each page, websites and advertisers will make more careful decisions about who collects user data on their site and what policies they follow. Transparency and accountability leads to better behavior, and this will naturally flow back through the ad ecosystem. Once it really matters to their business, more and more targeting firms will clarify their policies, clean up their practices and seek certification by organizations like the NAI and TRUSTe.
2. Websites, advertisers and ad networks will finally have a framework within which to engage consumers on the value exchange involved in targeted marketing. If you remove the mystery and empower consumers with the information they need to make real choices, you will find far fewer than you expect will choose to opt-out. If you explain the benefits and create an environment of transparency, we may be surprised by how many actually opt-in.

Ad-hoc educational campaigns and informative icons will be helpful for consumers. But it would be folly to expect that icons in ads will eliminate the need for websites to step up to better disclosure. Standing alone, in-ad disclosure doesn’t provide an acceptable consumer experience. It depends on the consumer to have separate interactions for each ad, gives no single view of all relevant companies and opt-out choices, and does not easily provide visibility on multiple companies that may be involved in selection of each ad.

Better website-based disclosure doesn’t have to be painful for websites. An approach like the PrivacyWidget is simple (it installs in minutes), and doesn’t involve a massive technical undertaking to automate disclosure from within the bowels of the ad-delivery chain. Disclosures can be easy to find and use, without a big allocation of page real estate and without impairing a site’s user experience. With an open platform that embraces easy experimentation by websites, we can shore up disclosure now while also preparing for increasing complexity as ad exchanges, demand-side platforms, and other technical advances increase the number of companies engaged in online targeting.

View this document on Scribd

It’s a good time to clean house (and get a retention policy)

Update: On 12/17 Audience Science adopted a 2-year retention policy. The housecleaning continues …

Update: 24/7 Real Media, the WPP subsidiary, now also has a retention policy we first logged on 12/09. They’ve chosen 13 months across the board.

We’ve seen a number of upgrades to ad network privacy policies in the last couple of weeks, which may indicate that networks are starting to clean up missing and non-typical provisions in their privacy policies. The timing is good, since the FTC Roundtables on privacy that commence next week will no doubt raise attention around ad-network privacy policies.

One notable recent policy improvement comes from x+1, which added a retention policy, stating that log file information is only kept available for 90 days from the date of collection. Accordingly, I’ve removed them from the list of NAI members lacking a specific retention policy, leaving only three four NAI members left without published data retention policies: Audience Science, Microsoft, and SpecificMEDIA and 24/7 Real Media.

As part of the PrivacyChoice submission to the FTC Roundtables on privacy, we will be providing a set of overall statistics on privacy policy provisions and practices, based a snapshot from our database later this week.

PS Apologies to regular readers for the silence on this blog in the last month. While it hasn’t been a great month for writing, it has been a terrific month of meetings with industry and thought leaders, and a ton of product design and development, which we will be unveiling very soon. Stay tuned!