hI wrote last week about how AddThis has ignored significant privacy questions as it starts to harvest data for behavioral targeting. AddThis sharing widgets, installed on 1.5 million websites, now collect behavioral profiles for auction to third-party ad delivery companies.
I’m not objecting to the notion of collecting and using data through a widget. My objection is that, by failing to tell consumers and publishers about what’s going on, they are breaking the implicit bargain in the consumer data ecosystem. The “bargain” says that consumers get free content and services (like nifty sharing widgets) in exchange for their anonymous data, but data collection comes with robust notice of how data are collected and used, and a meaningful chance to opt-out.
What’s amazing is that, even after losing AOL as a partner over this issue, ClearSpring and AddThis are still breaking the bargain by hiding the ball from consumers and publishers. Here’s what I mean:
- There’s still no prominent mention of profiling in the AddThis signup process, except one buried deep in the terms of service.
- You also won’t find any announcement in the AddThis Blog, even though they could easily have cut and pasted from the extensive blog post about the program on the Clearspring blog (their separately branded portal for advertisers and ad partners). Apparently, the behavioral profiling of 1 billion users isn’t as blog-worthy as supporting the re-tweet button or Will and Charlie’s trip to the Internet Identity Workshop.
- You won’t find any announcement in the AddThis Developer Forums, although one curious developer happened to discover it on July 21 (pre-announcement, hmmm), and was provided some special code to disable cookies. If you want his code and didn’t catch that particular forum entry, good luck finding it in the help documentation (I couldn’t). You have to email them to get it.
In this light, it’s hard to take Clearspring’s CEO seriously when he says to the Wall Street Journal that “This is very much a participatory system” for publishers.
Are they terrified that if they actually provide good disclosure, more publishers like AOL will freak out, either over privacy or uncompensated leakage of valuable profile data? Personally, I doubt that, but it’s all in how you handle it. One thing’s for sure: hiding the ball isn’t working.
Two more interesting questions to think about:
What about back-end processes? Front-end disclosure is important, but the rubber meets the road on the back-end where consumer profiles are used and shared in ways invisible to users. For AddThis, there’s a critical back-end privacy function of keeping email addresses (which are used extensively in the service) separate from behavioral profiles. If AddThis won’t invest in simple front-end disclosures, why should anyone feel assured that they are investing in robust back-end privacy processes?
Where will the NAI come out? I’ve been told that Clearspring is in the process of applying for NAI membership. Can the NAI admit Clearspring with a deeply flawed privacy framework, particularly since publisher-to-consumer disclosure is a principle that the NAI vowed to enforce more strongly in 2010? Is it consistent with NAI policies for NAI members to purchase and use Clearspring’s tainted data, as Media6Degrees apparently may already doing?
Note 8/21: AddThis appears to be responding, and has a blog post on AddThis now about the new program. Still watching for integration of prominent notice and easy opt-out for publishers and consumers, to see if they really mean it.