Given this visibility, it never ceases to amaze me how many companies fail to check or monitor their own opt-out processes. We’re now up to well over two dozen cases in which an ad targeting company purports to offer an opt-out, but it either was never really implemented or is broken in some serious way.
The latest example is Chango, which targets ads based on search queries harvested from referring URLs seen by Chango’s publisher partners. There’s probably no behavioral data more intimate to users (and more valuable to advertisers) than the stuff Chango collects.
Unfortunately, we have been unable to verify the proper operation of Chango’s opt-out for several months; their process tells you you’re opted out, but doesn’t write any kind of enduring cookie, much less one that is labeled as an opt-out. As is our practice, we have privately written to Chango multiple times to let them know of the issue, but we’ve never received a reply.
Here’s the deal: For all of its limitations, cookie-based opt-outs are at the heart of the self-regulatory framework. If you’re not prepared to invest in a well-designed, properly functioning and monitored opt-out program, then you really shouldn’t be in the behavioral targeting business.
If you manage privacy at an ad-targeting company, ask yourself three questions:
- Which human in your company owns the technical opt-out process end to end?
- Have you implemented an opt-out with best practices (including a long cookie life and overwriting any unique identifiers that collect behavioral data)?
- How will you know when it’s broken?