Archive for March, 2010

Nice link inside Google Chrome

March 31, 2010

True integration of Flash cookie management would be better of course (since Adobe’s interface is terrible), but every browser company should at least do this.


A Self-Regulatory Moment

March 26, 2010

An earlier post about Google’s new “certified ad network” program raised the question of whether websites should disclose to consumers which third-party networks may have access to user data through AdSense. Google’s program allows certified networks to use previously collected behavioral data to target ads served through AdSense, but prohibits (by contract) the collection of new data for future use. Based on this distinction, Google does not provide consumers with any specific notice-and-choice as to certified ad networks.

Lurking here is a fundamental question about ad-targeting disclosure: is it good enough to provide notice and choice only when behavioral data are being collected, or must you also provide it when being used?

Google’s approach seems founded on a literal reading the FTC’s 2009 Staff Report on Behavioral Advertising (see page 52), which by its terms speaks only of notice-and-choice on every website “where data is collected.” The NAI’s self-regulatory principles use similar language. But neither the FTC nor the NAI discussed “use” versus “collection,” the involvement of multiple companies in delivery of a single ad, nor a notion that disclosure standards might differ in those cases.

There are good reasons to conclude that consumers deserve notice-and-choice both at the point of collection and the point of use of behavioral data.

  1. The serving of a targeted ad will be the moment of recognition for many consumers; the very point at which they want to understand and exercise their choices. If they can’t easily identify the company serving the ad based on prior collected behavior, they have no way to prevent it from continuing.
  2. With visibility as to which third-parties have access to data, consumers can make their own decision about whether to rely on Google’s contractual rules about how it may be used. Google’s approach is a black box for consumers; they receive no direct assurance from the certified ad network about their practices, nor any assurance that Google will monitor or enforce the contractual prohibitions on their behalf.

In plain terms, Google says to the consumer: If you don’t opt-out when information is first being collected about you, you lose the practical ability to do so when it is used to show you targeted ads. Google’s own opt-out program does not appear to remove the user from receiving behaviorally targeted ads from non-Google networks through AdSense.

Did the FTC Staff intend this outcome? There’s nothing in the rest of the Staff’s discussion to indicate that they meant to exclude the use-only situation from enhanced disclosure.  Indeed, in distinguishing first-party from third-party data collection, the Staff said:

By contrast, when behavioral advertising involves the sharing of data with ad networks or other third parties, the consumer may not understand why he has received ads from unknown marketers based on his activities at an assortment of previously visited websites. Moreover, he may not know whom to contact to register his concerns or how to avoid the practice.

In the same statement, the FTC Staff spoke to this kind of novel situation when they said, “Where the data collection occurs outside of the traditional context, companies should develop alternative methods of disclosure and consumer choices that meet the [transparency] standards described above …”

The IAB-led coalition has adopted principles that require notice-and-choice “when data is collected from or used on a Web site for Online Behavioral Advertising purposes …” (page 17) The IAB’s overall approach to disclosure is premised on embedding notice into ad-delivery, which like the FTC explained, satisfies a consumer curious about why they saw a particular ad. This is true whether or not data are also being collected for future targeting.

“Fourth-party” ad delivery of the sort now available in AdSense is increasingly common, and Google’s precedent may end up as an industry standard. If enhanced disclosure only applies at the point of collection of behavioral data, and not at the point of use, that should be based on a thoughtful discussion of the consumer impact, rather than a narrow reading — and most likely a mis-reading — of FTC staff guidance.

This will be an important test of the industry’s self-regulatory framework. Google is an NAI member (as are several certified ad networks), and this question involves interpretation of NAI guidelines. One way or another, the NAI must pass judgment on the point, and in doing so will demonstrate whether consumers (and the FTC) can count on an effective self-regulatory effort for behavioral advertising.

AdSense Opens Up to “Certified Ad Networks”: Three Questions for Google

March 22, 2010

Google made it official last week: Any site in the vast AdSense network may now carry ads placed by third-party ad companies, which Google calls “certified ad networks.” This is an important privacy development, as it means that more than 80 new companies may now use or collect user behavioral information through Google ad tags that are already installed on millions of web pages. (To learn how this works, see the video embedded at the end of this post.)

Because these companies are hungry for access to the AdSense network, Google’s certification requirements may have more immediate impact on prevailing ad-industry privacy practices than any new regulation or industry initiative. By setting and enforcing standards on participating networks and AdSense publishers, Google has the opportunity to catalyze a truly effective self-regulatory system for interest-based advertising.

To do so, Google should answer three key questions:

1. How does Google confirm compliance with certification standards?

Google’s policies do not require that certified networks be members of the Network Advertising Initiative, the group of leading ad companies (including Google) that sets standards and provides compliance reviews. But Google does require certified ad networks to abide by the NAI’s 2008 Guidelines. These rules require a consumer-facing explanation of what kind of information is gathered and how it is used, as well as:

  • Disclosure of how long consumer data is retained;
  • A consumer opt-out process (such as an opt-out cookie); and
  • Assurance that sensitive behavior (i.e. health, personal finance) will not be used for ad targeting without prior user consent.

A review of selected privacy policies from certified ad networks shows that quite a few do not meet these requirements (as of 3/19/10). Some examples (with links to the PrivacyChoice Index):

Google also should clarify these technical and operational points:

  • Do certified ad networks have access to behavioral data, even if they have agreed not to collect such information when serving ads through AdSense?
  • Does the network see the site or page visited, an IP address or the network’s cookie? If so, does each certified ad network need to engineer their backend systems to segregate AdSense data from data gathered elsewhere?
  • Will compliance be subject to review by Google personnel or any independent organization?

2. Will Google provide AdSense publishers with privacy-related information about certified networks, in order to enable them to make better decisions?

Google puts AdSense publishers in control by allowing them to turn off certified networks individually or entirely, but does not yet provide any privacy-related information to inform those decisions. Some AdSense publishers might want to allow only companies that are subject to oversight through the NAI; others might want to review retention or other specific privacy policies.

Google could improve website decision-making by showing publishers information about the privacy practices and oversight for each certified ad network. Website operators ultimately must be accountable to their own users for the practices of companies who have access to their user information. Google can make it easier for publishers to make good decisions, and thereby support higher standards across the industry.

3. Will Google provide AdSense publishers with a way to disclose third-party networks and their privacy policies to consumers visiting their sites?

Google already requires AdSense publishers to disclose that Google itself may collect or use behavioral information through AdSense, and requires sites to link to Google’s privacy policy and consumer opt-out choices. Under the NAI guidelines, each certified ad network engaged in behavioral advertising also has the same obligation when serving ads via AdSense. The practical problem is that AdSense publishers may not know which certified networks will be serving ads on their pages, since the ads come through pre-existing tags. The list is also subject to change, which makes disclosure a continuing headache for websites. Of course, just providing one big list of 80+ networks would not constitute meaningful disclosure.

For good reason, both the NAI Guidelines and those adopted by the IAB-led coalition require such disclosure not only when behavioral data are being collected, but also when behavioral data are being used to target ads (which is when the consumer may be most curious). This means that even if certified networks follow the rules against collecting behavioral information through AdSense, if they use other behavioral data to target ads, then enhanced disclosure is required on the website or page where the ad appears.

The process of providing this disclosure can be automated. The free PrivacyWidget service demonstrates one method to automatically present the right list of ad networks (and related opt-outs) on the fly, with minimal publisher effort.


When Google launched interest-based advertising across AdSense last year, their transparent consumer privacy approach raised the bar for other ad networks. Google’s launch of certified ad networks in AdSense should reflect the same commitment. By following through on the questions outlined here, Google can seize the opportunity to set best practices for the industry and accelerate consumer understanding (and informed acceptance) of interest-based advertising.


Yahoo!’s AdChoices … seems familiar

March 17, 2010

Yahoo! seems to have unveiled their own landing page for the behavioral-targeting uber-icon, viz:

Seems quite similar to Microsoft’s, which was discussed here (same questions apply). This is what standardization looks like.

Flash-cookie opt-outs: The VideoEgg Example

March 12, 2010

In an earlier post I was critical of VideoEgg’s opt-out implementation, but with their latest upgrade, they now have one of the easiest and most durable opt-out processes of any ad network. Unlike many ad companies that bury the opt-out link in the text of their privacy policy, VideoEgg presents it at the top of the privacy statement, in an easy to use button. VideoEgg links to this policy from every page on their site (including the homepage) with the title, “Privacy Policy and Opt-out.” And most importantly, because the opt-out is maintained using a Flash cookie, it stays in place even when a user clears their normal browser cookies.

Here’s an idea for how VideoEgg can build on this good work:  Why not join the Network Advertising Initiative and help the rest of the industry adopt Flash cookie opt-outs? This will involve a significant change to the NAI’s opt-out framework, but would be an ideal way to ensure that consumer choices remain persistent without the burden of installing browser add-ons.

Credibility Gap: What does Ghostery really see?

March 4, 2010

The popular Firefox add-on, Ghostery, was recently acquired by Better Advertising, which is building a vast system to monitor compliance with new privacy rules for online behavioral advertising. I continue to get questions that indicate confusion about how Ghostery works. Because Better Advertising has portrayed Ghostery as a way to “see 99% of behavioral targeting,” it’s important to understand what Ghostery really sees.

When Ghostery is operating in the browser, it looks for known segments of Javascript that have been mapped in a database to particular companies, including ad targeting companies.

However, unlike our own add-on, TrackerWatcher, Ghostery does not look at actual browser interactions with ad-company servers. As a result, it completely misses non-Javascript tracking methods. Pixel-based tracking, a mainstay of behavioral tracking, may be missed by Ghostery if it is not enabled via Javascript. Because one company’s Javascript can serve another company’s tracking pixel, Ghostery may report the presence of the first company but ignore the second one entirely.

To see a demonstration of this problem, try Ghostery on the master opt-out page at the Network Advertising Initiative. This page includes image files (pixel-equivalents) served by dozens companies engaged in behavioral targeting. Several of these companies (ironically) even write new cookies the minute you hit that page. But because Ghostery is only looking for Javascript, and not actual server interactions, it only reports two advertising companies as present on that page.

This is not to say that Ghostery isn’t a useful tool — it is, and we link to it on PrivacyChoice. The problem is that Ghostery in its current form is being oversold both as a privacy protection tool for consumers and a compliance tool for the industry. In fact, Ghostery needs to be fundamentally re-engineered to be a truly effective tool to detect online tracking.

In the mean time, Better Advertising would be well served to clarify the presentation on Ghostery’s site to make it clearer to consumers what Ghostery really does (and doesn’t do). Credibility is too important to the self-regulatory initiative to be anything less than completely clear.

Note: Please be sure to read Better Advertising’s comment to this post, which includes an update on the product roadmap for Ghostery.