How to know if self-regulation is working: Feature article in Adotas

Some key elements are now in place for the self-regulatory framework to ensure privacy and choice in ad tracking. Today in Adotas I’m suggesting three key things that will indicate initial success for the new system:

1. The consumer experience is great;
2. Failures are visible; and
3. Outliers are shunned.

Read the article at Adotas.

Google takes out the trash? Not so much.

Those keenly interested in Google’s every move on privacy didn’t miss the fact that Google chose this Friday-before-a-long-weekend to announce a revision to their master privacy policy, which will be effective on October 3. (Marked copy is at the end of this post.)

For fans of the West Wing, you might be thinking Google must be “taking out the trash,” which refers to the strategy of announcing bad news on Friday afternoons when fewer folks are tuned in. In fact, there’s actually very little in here of interest.

When I first saw the announcement, I hoped there might be greater clarity on Google’s data retention policy, but got no love on that count. In fact, there’s no mention of any changes coming in the separate advertising-related privacy policies.

At the risk of revealing my wonkishness, one passage did catch my eye; note the addition of the last three words in this paragraph:

Google also uses cookies in its advertising services to help advertisers and publishers serve and manage ads across the web and on Google.

I wasn’t aware that third-party ads were being served in Google, but perhaps with the advent of the Google’s ad exchange (see prior post), this is changing.

See anything else interesting in here? Let me know.

MARKED COPY

Privacy Policy

Preview of updated policy which will take effect on October 3, 2010

Last modified: October 3, 2010March 11, 2009 (view archived versions)

At Google we recognize that privacy is important. This Privacy Policy applies to all of the products, services and websites offered by Google Inc. or its subsidiaries or affiliated companies except DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy Policy). Sometimes, we may post product specific privacy notices or Help Center materials to explain our products in more detail); collectively, Google’s “services.” In addition, where more detailed information is needed to explain our privacy practices, we post supplementary privacy notices to describe how particular services process personal information. These notices can be found in the Google Privacy Center.

Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program.

If you have any questions about this Privacy Policy, please feel free to contact us through our website or write to us at

Privacy Matters
c/o Google Inc.
1600 Amphitheatre Parkway
Mountain View, California, 94043
USA

Information we collect and how we use it

WeWe offer a number of services that do not require you to register for an account or provide any personal information to us, such as Google Search. In order to provide our full range of services, we may collect the following types of information:

• Information you provide – When you sign up for a Google Account, we ask you for personal information. or other Google service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). For certain services, such as our advertising programs, we also request credit card or other payment account information which we maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other Google services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information. You can use the Google Dashboard to learn more about the information associated with your Account. If you are using Google services in conjunction with your Google Apps Account, Google provides such services in conjunction with or on behalf of your domain administrator. Your administrator will have access to your account information including your email. Consult your domain administrator’s privacy policy for more information.
• Cookies – When you visit Google, we send one or more cookies cookies – a small file containing a string of characters – to your computer or other device. that uniquely identifies your browser. We use cookies to improve the quality of our service, including for storing user preferences, improving search results and ad selection, and tracking user trends, such as how people search. Google also uses cookies in its advertising services to help advertisers and publishers serve and manage ads across the web and on Google. We may set one or more cookies in your browser when you visit a website, including Google sites that use our advertising cookies, and view or click on an ad supported by Google’s advertising services.
• Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, your interaction with a service, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account..
• User communications – When you send email or other communications to Google, we may retain those communications in order to process your inquiries, respond to your requests and improve our services. When you send and receive SMS messages to or from one of our services that provides SMS functionality, we may collect and maintain information associated with those messages, such as the phone number, the wireless carrier associated with the phone number, the content of the message, and the date and time of the transaction. We may use your email address to communicate with you about our services.
• Affiliated Google Services on other sites – We offer some of our services on or through other web sites. Personal information that you provide to those sites may be sent to Google in order to deliver the service. We process such information under this Privacy Policy. The affiliated sites through which our services are offered may have different privacy practices and we encourage you to read their privacy policies.
• Third Party ApplicationsGadgets – Google may make available third party applications, such as gadgets or extensions, through its services. The information collected by Google when you enable a third partygadget or other application is processed under this Privacy Policy. Information collected by the third party application or gadget provider is governed by their privacy policies.
• Location data – Google offers location-enabled services, such as Google Maps and Latitude.for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
• Unique application number – Certain services, such as Google Toolbar, include a unique application number that is not associated with your account or you. This number and information about your installation (e.g., operating system type, version number) may be sent to Google when you install or uninstall that service, when that service periodically contacts our servers (for example, to request automatic updates to the software).

• Links – Google may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our search technology, customized content and advertising. Read more information about links and redirected URLs.

• Other sites – This Privacy Policy applies to Google services only. We do not exercise control over the sites displayed as search results, sites that include Google applications, products or services, or links from within our various services. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you.

In addition to the above, we may use the information we collect to:

Provide,Google only processes personal information for the purposes described in this Privacy Policy and/or the supplementary privacy notices for specific services. In addition to the above, such purposes include:

• Providing our services, including the display of customized content and advertising;

• Auditing, research and analysis in order to maintain, protect, and improve our services (including advertising services) and develop new services; and

• ProtectEnsuring the technical functioning of our network;

• Protecting the rights or property of Google or our users.users; and

• Developing new services.

You can find more information about how we process personal information by referring to the supplementary privacy notices for particular services.

Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.

Choices for personal information

When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.

If we propose to use personal information for any purposes other than those described in this Privacy Policy and/or in the specific service privacy notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Privacy Policy and/or in the supplementary service privacy notices, unless we have obtained your prior consent.

Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information outside your own country.

Choices

You can use the Google Dashboard to review and control the information stored in your Google Account.

Most browsers are initially set up to accept cookies, but you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Google features and services may not function properly if your cookies are disabled.

Google uses the DoubleClick advertising cookie on AdSense partner sites and certain Google services to help advertisers and publishers serve and manage ads across the web. You can view, edit, and manage your ads preferences associated with this cookie by accessing the Ads Preferences Manager. In addition, you may choose to opt out of the DoubleClick cookie at any time by using DoubleClick’s opt-out cookie.

You can decline to submit personal information to any of our services, in which case Google may not be able to provide those services to you.

Information sharing

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

• We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
• We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
• We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will ensure the confidentiality of any personal information involved in such transactions and provide notice before personal information is transferred and becomes subject to a different privacy policy.

We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term, for example, or how many users clicked on a particular advertisement. Such information does not identify you individually.

Please contact us at the address below for any additional questions about the management or use of personal data.

Information security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption andas well as physical security measures to guard against unauthorized access to systems where we store personal data.

We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to process it on our behalf.operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Data integrity

Google processes personal information only for the purposes for which it was collected and in accordance with this Privacy Policy or any applicable service-specific privacy notice. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services or as otherwise permitted under this Policy. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.

Accessing and updating personal information

When you use Google services, we make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. Please review the service Help Centers for more information.Some of our services have different procedures to access, correct or delete users’ personal information. We provide the details for these procedures in the specific privacy notices or FAQs for these services.

Enforcement

Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce’s Safe Harbor Program.

Google regularly reviews its compliance with this Privacy Policy. Please feel free to direct any questions or concerns regarding this Privacy Policy or Google’s treatment of personal information by contacting us through this web site or by writing to us at

Privacy Matters
c/o Google Inc.
1600 Amphitheatre Parkway
Mountain View, California, 94043
USA

When we receive formal written complaints, at this address, it is Google’s policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between Google and an individual.

Changes to this Privacy Policy

Please note that this Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. Weconsent, and we expect most such changes will be minor. Regardless, we will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). WeEach version of this Privacy Policy will be identified at the top of the page by its effective date, and we will also keep prior versions of this Privacy Policy in an archive for your review.

If you have any additional questions or concerns about this Privacy Policy, please feel free to contact us any time through this web site or at

Privacy Matters
c/o Google Inc.
1600 Amphitheatre Parkway
Mountain View, California, 94043
USA

AddThis transitions to behavioral advertising, ignoring key privacy questions

Last week AddThis announced that data collected through their sharing widget, installed on 1.5 million websites, will now be used for behavioral advertising. According to the announcement, anonymous profile information for over 200 million users, including the pages they have visited on AddThis publisher sites, is now available to other ad delivery companies in real time bidding.

The new AddThis program is similar to Google’s transition of AdSense into an ad exchange platform (see prior posts). In both cases, tags placed on publisher sites for one purpose are now being used for different and more extensive purposes. And in both cases the companies should clarify answers to some important privacy questions.

Publisher Notice

Shouldn’t publishers be made aware of the change in how their users’ data will be handled, and provided with an opportunity to opt-out? Is it fair to assume that all sites with the widget already installed — including hospitals, schools, church groups, and government agencies with no other advertising — would choose the AddThis widget if they were aware that their user behavioral data will be sold?

For publishers signing up today, there’s no reference to behavioral data collection in the signup process for the AddThis widget. Is this deceptive?

Consumer Notice

Will the AddThis widget include a notice to consumers that tracking information is being collected on each page that serves the widget, regardless of whether the consumer interacts with it? (This kind of notice is required under the IAB’s guidelines and could be provided with something akin to the power “i”.)

Will AddThis also ensure that when the data are used to display an ad, the consumer will be notified that AddThis was the source and provide an opt-out?

Are AddThis publishers required to amend their own consumer privacy policies to provide notice of AddThis data collection, as is standard practice for compliant ad networks?

Will consumers be able to see what’s in their own AddThis profile, as they can on Google, Yahoo! and leading ad networks?

NAI Compliance

Neither AddThis nor its parent Clearspring is listed as a member of the Network Advertising Initiative, the industry organization charged with defining privacy standards and providing oversight for behavioral advertising.

The AddThis announcement says that the company “complies with the Network Advertising Initiative standards.” What does this mean, given that AddThis is not subject to NAI compliance reviews; they do not appear to follow the NAI’s requirement that publishers pass through disclosure in their privacy policies; and they lack NAI-required privacy disclosure as to data retention?

Why wasn’t NAI membership considered a prerequisite to launching the new program?

Conclusion

Hopefully AddThis will move quickly to remedy the privacy shortcomings in their new program. How they approach this will tell us not only about their own commitment to privacy and self-regulation, but also the commitment of any partners and advertising customers who continue to participate.

Nice link inside Google Chrome

True integration of Flash cookie management would be better of course (since Adobe’s interface is terrible), but every browser company should at least do this.

A Self-Regulatory Moment

An earlier post about Google’s new “certified ad network” program raised the question of whether websites should disclose to consumers which third-party networks may have access to user data through AdSense. Google’s program allows certified networks to use previously collected behavioral data to target ads served through AdSense, but prohibits (by contract) the collection of new data for future use. Based on this distinction, Google does not provide consumers with any specific notice-and-choice as to certified ad networks.

Lurking here is a fundamental question about ad-targeting disclosure: is it good enough to provide notice and choice only when behavioral data are being collected, or must you also provide it when being used?

Google’s approach seems founded on a literal reading the FTC’s 2009 Staff Report on Behavioral Advertising (see page 52), which by its terms speaks only of notice-and-choice on every website “where data is collected.” The NAI’s self-regulatory principles use similar language. But neither the FTC nor the NAI discussed “use” versus “collection,” the involvement of multiple companies in delivery of a single ad, nor a notion that disclosure standards might differ in those cases.

There are good reasons to conclude that consumers deserve notice-and-choice both at the point of collection and the point of use of behavioral data.

1. The serving of a targeted ad will be the moment of recognition for many consumers; the very point at which they want to understand and exercise their choices. If they can’t easily identify the company serving the ad based on prior collected behavior, they have no way to prevent it from continuing.
2. With visibility as to which third-parties have access to data, consumers can make their own decision about whether to rely on Google’s contractual rules about how it may be used. Google’s approach is a black box for consumers; they receive no direct assurance from the certified ad network about their practices, nor any assurance that Google will monitor or enforce the contractual prohibitions on their behalf.

In plain terms, Google says to the consumer: If you don’t opt-out when information is first being collected about you, you lose the practical ability to do so when it is used to show you targeted ads. Google’s own opt-out program does not appear to remove the user from receiving behaviorally targeted ads from non-Google networks through AdSense.

Did the FTC Staff intend this outcome? There’s nothing in the rest of the Staff’s discussion to indicate that they meant to exclude the use-only situation from enhanced disclosure.  Indeed, in distinguishing first-party from third-party data collection, the Staff said:

By contrast, when behavioral advertising involves the sharing of data with ad networks or other third parties, the consumer may not understand why he has received ads from unknown marketers based on his activities at an assortment of previously visited websites. Moreover, he may not know whom to contact to register his concerns or how to avoid the practice.

In the same statement, the FTC Staff spoke to this kind of novel situation when they said, “Where the data collection occurs outside of the traditional context, companies should develop alternative methods of disclosure and consumer choices that meet the [transparency] standards described above …”

The IAB-led coalition has adopted principles that require notice-and-choice “when data is collected from or used on a Web site for Online Behavioral Advertising purposes …” (page 17) The IAB’s overall approach to disclosure is premised on embedding notice into ad-delivery, which like the FTC explained, satisfies a consumer curious about why they saw a particular ad. This is true whether or not data are also being collected for future targeting.

“Fourth-party” ad delivery of the sort now available in AdSense is increasingly common, and Google’s precedent may end up as an industry standard. If enhanced disclosure only applies at the point of collection of behavioral data, and not at the point of use, that should be based on a thoughtful discussion of the consumer impact, rather than a narrow reading — and most likely a mis-reading — of FTC staff guidance.

This will be an important test of the industry’s self-regulatory framework. Google is an NAI member (as are several certified ad networks), and this question involves interpretation of NAI guidelines. One way or another, the NAI must pass judgment on the point, and in doing so will demonstrate whether consumers (and the FTC) can count on an effective self-regulatory effort for behavioral advertising.

AdSense Opens Up to “Certified Ad Networks”: Three Questions for Google

Google made it official last week: Any site in the vast AdSense network may now carry ads placed by third-party ad companies, which Google calls “certified ad networks.” This is an important privacy development, as it means that more than 80 new companies may now use or collect user behavioral information through Google ad tags that are already installed on millions of web pages. (To learn how this works, see the video embedded at the end of this post.)

Because these companies are hungry for access to the AdSense network, Google’s certification requirements may have more immediate impact on prevailing ad-industry privacy practices than any new regulation or industry initiative. By setting and enforcing standards on participating networks and AdSense publishers, Google has the opportunity to catalyze a truly effective self-regulatory system for interest-based advertising.

To do so, Google should answer three key questions:

1. How does Google confirm compliance with certification standards?

Google’s policies do not require that certified networks be members of the Network Advertising Initiative, the group of leading ad companies (including Google) that sets standards and provides compliance reviews. But Google does require certified ad networks to abide by the NAI’s 2008 Guidelines. These rules require a consumer-facing explanation of what kind of information is gathered and how it is used, as well as:

• Disclosure of how long consumer data is retained;
• A consumer opt-out process (such as an opt-out cookie); and
• Assurance that sensitive behavior (i.e. health, personal finance) will not be used for ad targeting without prior user consent.

A review of selected privacy policies from certified ad networks shows that quite a few do not meet these requirements (as of 3/19/10). Some examples (with links to the PrivacyChoice Index):

• No deletion policy: Adchemy, Brightroll, NetSeer, Red Aril, RocketFuel, TellApart, and others.
• No working opt-out process: AdReady, CPM Advisors (broken), Media Innovation Group (notified of fix 5/3/10), OpinMind, QuinStreet Media (4-day opt-out lifetime).
• No assurance as to sensitive information: Less than half of Google’s certified networks promise in their policies to stay out of sensitive areas.

Google also should clarify these technical and operational points:

• Do certified ad networks have access to behavioral data, even if they have agreed not to collect such information when serving ads through AdSense?
• Does the network see the site or page visited, an IP address or the network’s cookie? If so, does each certified ad network need to engineer their backend systems to segregate AdSense data from data gathered elsewhere?
• Will compliance be subject to review by Google personnel or any independent organization?

2. Will Google provide AdSense publishers with privacy-related information about certified networks, in order to enable them to make better decisions?

Google puts AdSense publishers in control by allowing them to turn off certified networks individually or entirely, but does not yet provide any privacy-related information to inform those decisions. Some AdSense publishers might want to allow only companies that are subject to oversight through the NAI; others might want to review retention or other specific privacy policies.

Google could improve website decision-making by showing publishers information about the privacy practices and oversight for each certified ad network. Website operators ultimately must be accountable to their own users for the practices of companies who have access to their user information. Google can make it easier for publishers to make good decisions, and thereby support higher standards across the industry.

3. Will Google provide AdSense publishers with a way to disclose third-party networks and their privacy policies to consumers visiting their sites?

Google already requires AdSense publishers to disclose that Google itself may collect or use behavioral information through AdSense, and requires sites to link to Google’s privacy policy and consumer opt-out choices. Under the NAI guidelines, each certified ad network engaged in behavioral advertising also has the same obligation when serving ads via AdSense. The practical problem is that AdSense publishers may not know which certified networks will be serving ads on their pages, since the ads come through pre-existing tags. The list is also subject to change, which makes disclosure a continuing headache for websites. Of course, just providing one big list of 80+ networks would not constitute meaningful disclosure.

For good reason, both the NAI Guidelines and those adopted by the IAB-led coalition require such disclosure not only when behavioral data are being collected, but also when behavioral data are being used to target ads (which is when the consumer may be most curious). This means that even if certified networks follow the rules against collecting behavioral information through AdSense, if they use other behavioral data to target ads, then enhanced disclosure is required on the website or page where the ad appears.

The process of providing this disclosure can be automated. The free PrivacyWidget service demonstrates one method to automatically present the right list of ad networks (and related opt-outs) on the fly, with minimal publisher effort.

Conclusion

When Google launched interest-based advertising across AdSense last year, their transparent consumer privacy approach raised the bar for other ad networks. Google’s launch of certified ad networks in AdSense should reflect the same commitment. By following through on the questions outlined here, Google can seize the opportunity to set best practices for the industry and accelerate consumer understanding (and informed acceptance) of interest-based advertising.

————–

PrivacyWidgets as a platform for value-exchange

As mentioned in the release notes for the PrivacyWidget and earlier posts, PrivacyWidgets can provide a platform for the value-exchange between consumers and advertisers using behavioral advertising. In this relationship, the consumer exchanges information about themselves and their interests for more relevant advertising and content.

Some ad-delivery companies are already investing in making the value-exchange more transparent for users, by showing them information about the specific interests and preferences that have been stored about them. At least seven companies already do this: Bizo, BlueKai, eXelate, Google, Rubicon Project, Safecount and Yahoo!

These companies are betting that, by and large, consumers will appreciate more relevant advertising and can be made comfortable with any privacy impact. They’re giving this substance by reading back something about what they know about the consumer, and inviting the consumer to engage with a process to share even more about their interests.

PrivacyWidgets facilitate this transparency. As a simple start, we had added links within the PrivacyWidget to take the user directly to their personal preference information for those companies that make it available. Check out the Sample PrivacyWidget on our site to see some examples.

This is also good for websites, who choose their ad delivery partners and provide the context for the exchange in value: ad-supported content and services. Consumers who will share more about their interests will provide more advertising value. So PrivacyWidgets offer more than just an easy way to comply with disclosure requirements; over time they can drive engagement and higher ad value. For the consumer, this virtuous circle leads to more and better free content.

Google’s Teracent: The worst consumer opt-out? (updated)

UPDATE 1-18-10: Some rapid progress on improvements: There is now an opt-out link on Teracent’s homepage and the CAPTCHA requirement has been removed. Hopefully improvements are also in the works to make the opt-out cookies unique and longer-lived (although just as likely, you might expect Teracent’s entire process to be assimilated into Google’s consumer disclosures and opt-out interface). In the mean time, here’s Teracent’s entry in the PrivacyChoice Index (still showing no opt-out available, given the remaining uncertainties).

In November of last year, Google announced the acquisition of Teracent, a company specializing in dynamic ad creative that is customized on the fly based on factors like the user’s interests and location. A review of Teracent’s consumer privacy experience shows that Google has much work to do in order to bring it up to industry norms. Unfortunately, it also provides a reminder of the challenges to self-regulation for ad-targeting.

Starting with disclosure, the Teracent privacy policy includes the kind of statement that confounds privacy advocates (for good reason):

“We retain the Non-[Personally Identifiable Information] collected via our Technology for up to 6 months in order to ensure that our Technology is functioning properly. After 6 months, we render this information anonymous and store it for up to three years.”

But wait, if the information you collect is “Non-Personally Identifiable” then why would you need to render it “anonymous” after six months? Isn’t it already anonymous?

Of course, they probably mean that after six months they will disassociate individual log entries from IP addresses, but can a consumer possibly understand what this means?

There’s even more work to do on Teracent’s opt-out process, which doesn’t even come close to best practices (see our handy guide to those):

1. The process is not easy to find because it’s not linked from Teracent’s homepage. An interested consumer needs to click the “About” link from the homepage to then see anything about privacy or an opt-out.

2. The opt-out cookies themselves store unique strings (destroying any semblance of anonymity) and are not named in a way to be identified by the user as an opt-out cookie. (The vast majority of networks include the phrase “opt out” in the cookie name or text to make this clear.) Also Teracent appears to use three different domains in the opt-out process (teracent.net, smtad.net, ytsa.net) but you can’t tell if all three are necessary for the opt-out to be effective. If all three aren’t necessary, the ones that aren’t shouldn’t even be written as part of the process.

3. The opt-out cookies have a six-month lifespan, far short of the five-year minimum now required by the NAI.

4. This is really unusual: the user has to complete a CAPTCHA in order to get the opt-out cookie(s). And it’s a fussy one, at least in my experience. I’m not sure I’ve seen an opt-out process that is less consumer friendly.

No doubt Google is working to assimilate Teracent into its own (much better) consumer privacy practices. But Teracent’s shortcomings provide a good reminder of the chasm in quality between the best and worst consumer privacy practices of ad-targeting companies. Until websites and advertisers start to attend to these matters in their own choices, this disparity in commitment to best practices will remain a central challenge to effective self-regulation.

Doubleclick’s Flash cookies

Since the next version of the privacychoice opt-out tool will incorporate integrated control of Flash cookies, we’ve developed internal tools to start monitoring the incidence of use of Flash cookies by tracking companies. It’s not news that use of Flash cookies has been widely embraced by ad networks; what is surprising is how few of them explain this in their privacy disclosures, or provide any guidance on how to delete or control them.

The most notable example of missing Flash-cookie disclosure comes from the biggest dog of all: Google’s DoubleClick subsidiary. We’re seeing their Flash cookie, googleads.g.doubleclick.net, on multiple test machines, which raises questions:

1. Is DoubleClick’s Flash cookie used to gather interest information? This is not confirmed one way or another in the privacy policy, but should be. (In fact, a search of DoubleClick’s site reveals no mention of Flash cookies.)
2. If I expressly opt out using the regular DoubleClick browser cookie, and then that opt-out cookie is deleted for any reason, does DoubleClick reconnect my profile with the surviving Flash cookie? Why doesn’t Google just delete the Flash cookie as part of the normal opt-out process?
3. Better yet, if Google is using Flash cookies to enhance the ad serving experience, why not set the user’s opt-out preference with a durable Flash cookie?

My guess is that DoubleClick’s Flash cookies are not used for interest gathering or ad targeting, but in the absence of a clear statement as to how they are used, consumers are left to wonder.

AdSense opens up and privacy disclosure gets more complicated

According to Paid Content, Google’s AdSense network will soon allow many other third-party ad networks to serve advertising via the AdSense code already embedded on millions of websites. This is significant from a privacy point of view, to the extent that it provides many smaller ad networks with access to a much wider set of websites, complicating privacy and opt-out disclosures.

Google will make the determination as to whether a third-party ad network qualifies to participate, and according to the program rules, this includes a review of their privacy practices. When it comes to user targeting, here’s how Google explains the requirements in an FAQ for third-party ad networks:

You may use cookies for reporting purposes and to target ads, provided that the data you use was collected in accordance with industry standards:

• NAI Self-Regulatory Code of Conduct for Online Behavioral Advertising (www.networkadvertising.org)
• IAB UK Good Practice Principles for Online Behavioral Advertising (www.iabuk.net/en/1/behaviouraladvertisinggoodpractice.html)

Where there is a conflict between the NAI and IAB UK policies, the more stringent policy applies. Google determines at its own discretion whether or not you are compliant with these standards.

In particular, the certification process requires you to have the following:

• A descriptive privacy policy on your site
• A prominent link to opt-out from the privacy policy
• No PII used in the creation of segments
• No sensitive segments or segments targeted at children under 13 years of age
• No packet sniffing in the collection of behavioral data

There’s no mention of the new self-regulatory principles, which are more specific about disclosure and require individual websites to disclose specific ad networks that use or collect behavioral data on their site (if such disclosure is not present in the ads themselves). Google does not seem to be requiring that a participating AdSense website provide such disclosure; the privacy statement and opt-out presentation applies only to the ad network’s own website.

The AdSense policies draw a distinction between collection and use of behavioral information in this program — third-party networks may use behavioral information they have gathered elsewhere to serve the ad, but may not collect information for behavioral purposes in the course of serving it. As Google explains it to the ad network:

You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency and/or conversion reporting. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization, or syndication to other parties on AdSense inventory is prohibited. (This restriction does not apply to click- or conversion-level data.)

Google does not explain here if or how these distinctions will be enforced. The same information is available to the ad network in either case, so to confirm compliance with this rule would require some kind of back-end audit of the network’s practices.

We will be watching AdSense sites closely as new networks start to flow through Google’s widely distributed Javascript. The privacychoice platform looks beyond the Javascript itself to see which servers are actually serving ads on a page through that code, so our Network Privacy Profiles will provide an accurate picture of the privacy policies in play for any AdSense website that opens up to third-party ads. For an AdSense website publisher committed to complete privacy disclosure and choice, our system should provide a simple solution.