Flash Cookies and Privacy

We are glad to read that Adobe is working with browser companies to incorporate Flash cookie controls into the current browser cookie controls. This is long overdue! Given that most consumers have no idea that Flash cookie controls exist or where to find them, companies should be very wary of using this type of cookie for robust tracking purposes. Using them as they were initially intended, to store a user’s expressed preference for their convenience, such as storing favorite channels on a flash media player — is cool. But using them for behavioral targeting without a user understanding how to control these cookies — not cool.

Check here to explore the privacy controls that do exist for your Adobe Flash cookies.

FPF Commends Yahoo Privacy Announcement



The Future of Privacy Forum (FPF) applauds the Yahoo! announcement today that the company has sharpened its privacy practices with a new global data retention policy. FPF Co-chair Jules Polonetsky called for such steps last week in his blog posting. We are delighted to see a great example of advancing privacy in a business practical manner.
Thanks to Tech Policy Central for noting our advocacy in this area.
The new Yahoo! policy will truncate IP addresses and cookies for search and, very importantly, for adserving logfiles. Most will be deleted at three months, with a subset of data remaining 6 months for security and fraud purposes. Google has previously enhanced practices in this area by announcing a 9 month time frame for search data, and per our earlier post, Microsoft is considering 6 months.
Whether the sweet spot is 6 months or 9 months, the engineers are finding the minimum time needed to use data to create and improve a great service. We see this as an important step towards a common set of privacy principles that can apply to everyone in the internet space – which will be of benefit to all businesses and consumers.



Marty Abrams



Congrats to Marty Abrams for being presented with the IAPP Vanguard Privacy Award. Marty has been an advisor to most of us in the privacy area and is a true thought leader. When I set up my first privacy advisory board about 9 years ago at DoubleClick, Marty was one of the people I turned to for guidance. Today he and his colleagues at the Center for Information Policy Leadership are doing some of the most important work in the global privacy arena. Kudo’s, Marty, on a well-deserved honor.



Search Log Files – Ad Server Log Files

Microsoft has agreed with the Article 29 Working Party of EU data regulators that they will remove cookies and IP addresses from search data after 6 months, but only if Google and Yahoo also go along. We will comment further about this, but are already thinking about the next issue – ad server log file retention.

Companies didn’t adopt search data retention practices until pressed by the European regulators and then were “ordered” to adopt a 6 month term. This time frame seemed to be a political compromise period agreed to by the group of regulators without any documentation of why 6 months is the model balance of improving search vs. user privacy. We propose a better process for ad server log files, based on examining the minimum period needed for the functions of serving and accounting for ad delivery and related auditing and analysis. We have some more work to do here and will be discussing this with ad serving and behavioral targeting companies, many of whom currently keep ad serving log data long term without any clear need to do so. We understand the value of having a year’s worth of data in order to understand seasonal or year to year trends and believe that retention periods of 9-13 months could easily be put in place at many companies with zero business impact whatsoever. Why wait until the next crisis hits or the Europeans decide to press this issue? Let’s figure out how to implement a more responsible practice in this area in order to improved user privacy in a business practical manner.

Please contact us via this site if you would like to be part of this discussion.

Pew on FaceBook Connect

Amanda Lenhart of Pew thinks FaceBook is off-base with plans for FaceBook Connect because of the complexity that will be added to the average user’s identity management desires. Perhaps we are extroverts, but we are optimistic that FaceBook will have done the work needed to make use of this extension of FaceBook into the rest of our web life intuitive to use so that we can share what we want with who we want. And, of course, we hope we can NOT share all of our data with a new site, just because we want to use our FB credentials and friend network on the site. Eagerly awaiting a look and this implementation – will need to ping our busy friend FaceBook CPO Chris Kelly to seek a preview!

Online Shoppers Carry Web Retailers' Baggage

Online Shoppers Carry Web Retailers’ Baggage

San Francisco Chronicle

By Deborah Gage

November 28, 2008

Online shoppers bring to the hunt a lot of baggage from retailers.

People who shop online share lots of information about themselves, even when they’re not buying anything, said Jules Polonetsky, the former chief privacy officer at AOL who now heads the Future of Privacy Forum.

Jules Polonetsky quoted:

“Simply visiting a Web site leads to an explosion of data to dozens of other companies,” he said. “You (may) think you’re shopping alone when you sit there at home, (but) you’ve got as many folks along with you as if you were in a crowd at the mall.”

To view the full article click here