Today, we filed comments with the Federal Communications Commission outlining recommendations to protect consumer privacy on the Smart Grid. Among our comments we stated:
“Viable Smart Grid technologies will rely heavily on the collection, communication, and storage of data from electricity producers, consumers, and other participants in the energy ecosystem. Although this data can be used to create a more efficient and cost-effective electricity grid, it could also be used improperly to gain detailed insight into consumer behaviors, habits, activities, and lifestyles.
A deeper dive into behavioral advertising in Europe
As mentioned in a previous blog post, we had the pleasure of speaking with nugg.ad CEO Stephan Noller last week. Nugg.ad is the German company that has just been awarded the EuroPrise Privacy Seal. nugg.ad’s new behavioral targeting system, Predictive Targeting Networking (PTN) 2.0, received the seal favored by many EU regulators after a vetting process by an independent expert which covered every aspect of their company’s business model, down to the language of their employee contracts. The success of nugg.ad’s business model testifies to a simple fact that FPF has known for a long time: that effective behavioral ads and respect for consumer privacy are not mutually exclusive goals.
Cookie Expiration Dates: A number of ad networks have set limited expiration dates for the tracking cookies they use. This is generally a good practice, as for many years companies simply set a default 30 year expiration date for cookies. Although no cookie has ever survived for 30 years (how old is your computer?) the issue created consumer alarm. In fact, most cookies do not survive for even one year and many are lost sooner. Rare is there a business use of cookies that depends on much more than a one year period. There are some who do seek to use year-to-year comparisons of campaign performance, for example comparing last year’s holiday sale campaign to this year’s, but that is probably the outer limit for the most robust business needs of tracking cookies. As such, companies such as Google and AOL have set expiration dates for their tracking cookies of 2 years. (http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html)
But here is the catch. Most ad networks will reset the date of previously placed tracking cookies each time they interact with a user. This effectively means that tracking cookies with limited expiration dates will remain on users’ computers and continue to transmit information about their browsing habits indefinitely, as long as users are surfing the web with any regularity.
In this area, nugg.ad stands out. Despite the technological hurdles involved, nugg.ad’s tracking cookies are not re-set – their cookies really do expire at the end of 26 weeks. This is certainly more in line with what users who are promised that their cookie expires expect.
With regard to expiration of opt-out cookies – those we urge companies to maintain long term and not expire quickly – kudos to Chris Soghoian who has successfully pressed ad networks to extend the expiration dates of their opt-out cookies. See Chris’s discussion of the issue here. (http://paranoia.dubfire.net/2009/07/open-letter-regarding-opt-out-cookie.html)
IP addresses: nugg.ad proudly does not log IP addresses, avoiding one of the leading flash points in the privacy debate and we credit them for this effort. A third party passes nugg.ad useful geographic information gleaned from the user IP address and then, hashes or deletes the information. However, we don’t want to make too much of this because it is important to understand nugg’s place in the ad system. They are assisting an ad network or a publisher with targeting the ads delivered by those entities. Those entities likely are logging IP addresses for important click fraud or audit purposes that are needed. So certainly nugg.ad is doing the best thing here, but they are positioned to do so because of their role in the system.
Sensitive data: US companies and trade groups have had a hard time deciding what types of profiles are too ‘sensitive’ to be used for non-personal targeting. For example, 7 or 8 years ago, most networks simply had a large category called ‘health and wellness.” But in more recent years, most have begun offering clickstream profiles labeled by specific illnesses. Asthma, diabetes, heart disease are all usually allowed. Cancer, impotence, and HIV are not permitted. But where to draw the line? What about pregnancy, that sensitive but widely marketed segment in other media? Hearing loss? Dandruff? Baldness? Unable to draw a logical line in the sand, industry groups have generally punted and restrict only pharmaceutical prescriptions and medical information about a specific individual. This is an area where continued effort to disavow use of categories that users would find discomfiting or where there is high concern about potential misuse is sorely needed.
nugg.ad, does not use any category in the health area that is more specific than “health and wellness, nor any other category addressed by the EU directive section covering sensitive data.
Notice to users: Many of our readers are likely aware of the recent IAB DMA AAAA ANA NAI agreement, (http://www.iab.net/media/file/ven-principles-07-01-09.pdf) following on the heels of firm advice from the FTC that behavioral advertising self-regulation needed to improve (http://www.ftc.gov/os/2009/02/P085400behavadreport.pdf). The agreement requires users to get notice of behavioral ads outside of a privacy policy, by labeling ads or some other web site notice. Because EU law, in theory, already requires web sites to give users appropriate notice and consent around data use, nugg.ad like others in the EU consider this notice to be part of the publishers obligations and does not mandate this of its partners. However it does provide clients with guidance and encouragement to do so.
Opt-Out: Typically, users in the US opt-out by finding a link in a site’s privacy policy and then clicking over to the Network Advertising Initiative opt-out page (http://www.networkadvertising.org/managing/opt_out.asp) or the adserver’s optout page, where they can choose to click to get an opt out cookie. nugg.ad admirably provides code to publishers that they can use, if they wish, to let users click to opt-out from the publisher’s own page.
Of course this is an area where the bar is moving, as companies such as Google and Lotame have begun to offer an optional downloads to ensure that their opt-out cookie is not deleted. The TACO (https://addons.mozilla.org/en-US/firefox/addon/11073) Firefox plug-in which provides users with permanent opt-out cookies from every ad network has received in excess of 150,000 downloads. And here at FPF, we are in discussion with some companies about ways to avoid requiring a separate download by using a browser header or other more stable opt-out method.
FPF applauds the efforts of nugg.ad to safeguard the privacy of internet users while working to provide them with ads more pertinent to their interests. As the Federal Trade Commission kicks off an effort to re-examine the model for privacy regulation in the US (http://www.ftc.gov/opa/2009/09/privacyrt.shtm) nugg.ad’s European certification of privacy compliance is a useful guidepost.
October 6 Future of Privacy Forum Teleconference
Talk of the town in privacy land this week was the survey/study released by our Advisory Board colleague Chris Hoofnagle, together with Joseph Turow and others at their institutions.
The report shows that Americans have very strong feelings about tailored advertising and takes issue with the policy arguments business make in favor of the consumer value of online customization based on past user activity. However, the authors do suggest steps forward for industry based on “respect” and “information reciprocity”. What is the business practical path for the use of data based on these operating values?
Please join us and the authors for a discussion of the report and its implications for the future of behavioral advertising.
October 6
Noon to 1pm EST
Joseph Turow is Robert Lewis Shayon Professor of Communication at the University of Pennsylvania’s Annenberg School for Communication.
Chris Jay Hoofnagle is director of the Berkeley Center for Law & Technology’s information privacy programs and senior fellow to the Samuelson Law, Technology & Public Policy Clinic
Turow Berkeley Study: Consumers have a Bad Attitude about Behavioral Ads
Prof Turow’s study of consumer attitudes toward behavioral advertising reported in the NY Times today is a severe indictment of the current state of behavioral advertising. Consumers just do not like the feeling of being tracked. What can companies do about it? How about take Turow’s advice! Despite the significant concerns captured by the poll, Turow says: “I don’t think that behavioral targeting is something that we should eliminate, but I do think that we’re at a cusp of a new era, and the kinds of information that companies share and have today is nothing like we’ll see 10 years from now. He would like “a regime in which people feel they have control over the data that marketers collect about them. The most important thing is to bring the public into the picture, which is not going on right now.”
We think there is a very short window of time for businesses to put users in charge and shift the debate to which site or ad network best helps you tailor your own experience to your preferences or provides the best offers.The only way to turn this debate around is to lean in to the issue and provide users with real transparency and real user control.
What’s the first step you can take? Let consumers know what is going on in an open and honest way. If you are a business involved in behavioral advertising, contact us ASAP to join our effort to design icons and symbols that can be used to let users know how you and your ad network or re-targeting partners are tailoring ads to consumers.
In Trust We Trust
Business Week’s cover story this week is about a commodity that many businesses don’t seem to have in abundance these days: trust. Only 44 percent of Americans in a recent public survey said that they trusted business, the lowest rating since 2001. According to BW, that’s led to some serious soul-searching in corporate America:
Not long ago, trust and reputation were the domain of the PR department. Marketing executives, by contrast, pushed products and brands…. That approach doesn’t work so well now—and not just because recession, job insecurity, and hammered home values have made consumers disinclined to part with their coin. The days of consumers passively absorbing a TV commercial—or, for that matter, a banner ad—are over. People research purchases as never before, and they read peers’ opinions about brands and products. [Emphasis ours]
Business Week’s article focuses on companies like Ford, McDonalds and American Express and their efforts to be more transparent and responsive to the concerns raised by consumers and advocates.
It’s easier than ever for consumers to switch brands – or avoid purchases altogether – which is why businesses need to focus on all aspects of the consumer experience, not just customization or value.
As the article notes, trust has moved back to the top of many corporations’ outreach efforts. Yes, that means such things as stressing quality and new technology, but it also means responsible use of consumer’s personal information. As headline after headline has shown, there are few better ways for a company to undermine trust than to act cavalierly with its users data.
Many businesses have responded to their awareness of the key role privacy plays in ensuring trust by appointing a senior level chief privacy officer to help oversee their practices. Across almost every business sector, the International Association of Privacy Professionals now reports 6000 members. Oddly, one sector which makes robust use of consumer data is underrepresented. The major advertising agencies, charged with protecting and enhancing the brands of their clients and often delving deep into consumer data use to do so, do not appear to be active in privacy circles. WPP has a senior executive charged with privacy; the others surely are aware of the proliferating privacy issues today, and it would be in their interest to be more visible, one would think.
AS BW makes clear, engaging users and critics before they blog, Facebook and Twitter their gripes to the world is smart business and key to maintaining a trustworthy brands. The ad agencies charged with responsibility for those brands would do well to recognize the importance of trustworthy data practices to the success of those brands.
Kudos to Rebecca Herold on Smart Grid Work…
Rebecca Herold, the newest member of our smart grid privacy working group, was a lead drafter of the Smart Grid Privacy Impact Assessment released today by NIST. At her site, she provides some of the background to the drafting process, and includes some key material that didn’t make it in to the final document. Kudo’s to her for some groundbreaking work. Follow Rebecca @PrivacyProf on Twitter for great privacy commentary on the grid, health care IT and general privacy.
No Flash in the Pan
The use of flash cookies and its impact on privacy has been getting a
lot more publicity recently. Earlier this month, Michael Kassner had
a good piece on TechRepublic. Now Darren Chin has an
We have our view on the privacy implications of flash cookies
– as well as what pretty clearly constitutes misuse. So it’s
good to see this issue coming to the front and generating publicity.
From our view, Adobe’s (belated) effort to provide Flash cookie
controls can’t come soon enough. If the flash cookie stores user
preferences, with the user’s permission, then it’s a good addition.
But if it’s doing anything else — especially including behavioral
tracking — then it’s a real problem. We’ll let you know when we find
out more about Adobe’s timetable.
NIST Calls Data Privacy "Achilles' Heel" of the Smart Grid
Commerce Secretary Gary Locke today released the draft NIST Framework and Roadmap for Smart Grid Interoperability Standards. The draft highlights privacy as an issue that must be addressed as Smart Grid technologies continue to be implemented. Key points from the report include:
“The major benefit provided by the Smart Grid, i.e. the ability to get richer data to and from customer meters and other electric devices, is also its Achilles’ heel from a privacy viewpoint. Privacy advocates have raised serious concerns about the type and amount of billing and usage information flowing through the various entities of the Smart Grid…that could provide a detailed time-line of activities occurring inside the home.”
“There is a lack of consistent and comprehensive privacy policies, standards, and supporting procedures throughout the states, government agencies, utility companies, and supporting entities that will be involved with Smart Grid management and information collection and use which creates a very significant privacy risk that must be addressed.”
“Future research is necessary to keep up with the multitude of use cases of the various technologies and business processes created for the Smart Grid. Legal and regulatory frameworks can be further harmonized and updated as the Smart Grid becomes more pervasive.”
The Future of Privacy Forum is assembling a working group of companies, advocates, and academics who want to ensure that new data collected will empower users as it enables the technologies of the grid. It has been heartening to hear companies committing to consumer control during GridWeek presentations in Washington, but lessons from other areas of consumer data collection make it clear that communicating with consumers about data use is not easy. Now, before billions are spent to roll out new types of data collection, is the time to begin the needed research to understand the privacy expectations that consumers will have for the grid of the future.
Live Blogging From GridWeek
Round Two:
Updates today will be from our smart grid privacy fellow Matt Gruenberg:
Session on end user perspectives: do utilities truly understand their customers?
Ohio Consumers Counsel J.M. Ostrander only way demand response can work is if consumer understand it
Viktor Mayer-Schönberger on forgetting in a digital age http://bit.ly/NfALa Are grid folks thinking about data retention policies?
Val jensen of Con edison: debate among utilities and regulators as to who “owns” the customer
IBM Survey: Green is important but 90% of customers will not pay for it. (so here enter the data companies?)
Smartgrid Security: not everything requires same level of protection; It’s really CONTROL we need to protect. & DATA
Alabama Power: Will the consumer want all their electric usage analyzed?
Greenbox Technology: Home power usage details MUST be Opt-In.
Future of Privacy Forum: Great to hear everyone talking opt-in, but don’t think that talking to consumers about choices is easy. Research to learn how to engage users is critical, or consumers will be worrying about the grid version of cookies and web bugs.
GridWeek Day One
US CTO Aneesh Chopra at GridWeek says “democratize the data for smart grid apps”. FPF: OK, but these apps better behave, not like some socnet apps! You can also follow realtime at twitter.com/julespolonetsky
CNT Energy: Some ask: Why should power company send a bill telling you how you spend compared to peers. Credit card company doesn’t.
Austin Energy: Data has always belonged to customer. Feds need to play a role so AGs around the US don’t have different rules for obtaining user data
CNT Energy: With meter outside house, mos tpeole are already making power usage public
Tendril: Display power data to users in a way they understand, live power bars on cell fone.
Gridweek: Tom Casey of Current Group: McKinsey said 80 plus % of smart grid benefit gained on the grid side, not the consumer side. Major benefit to users has been reduced outages.
Tendril: Adrian Tuck Save money, save the planet, beat your neighbors. So use game theory to create competition between types of users. In his house, kids run around turning off power to beat the neighbors.
Tendril: But many users don’t care. So for them, make sure the smart devices are not disruptive.
Tendril: Zigby enabled GE fridge. Not disruptive. Looks like normal fridge, no space age screens. But usually makes ice at 3 a.m. because it gets a power price signal. Fridge talks to wash machine to be sure it doesn’t make ice when washing machine is running, avoiding peek usage.
Privacy and the Power Grid
Grid Week 2009 comes to Washington, DC this week and this year’s gathering features some of America’s top policymakers: Secretary of Energy Steven Chu, Secretary of Commerce Gary Locke and Aneesh Chopra, the Obama Administration’s CTO. In the coming years, these officials and their departments will make critical decisions about the future of smart grid technology.
We firmly believe in the potential benefits of enabling our electric power system to become “smart”. More efficient management of the power supply could bring down consumption, enable green technologies and help consumers save money. The many ways in which data about consumer demand will be used for smarter electricity provision have the potential to revolutionize the electricity industry and to benefit society. However, this very same information about consumers will create major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from start to end of the standards development process. Principles of privacy by design must be part of the overall design for smart grid data flows.
We are pleased to announce that we have signed an agreement with the Gridwise Alliance (sponsors of Gridweek) to collaborate on projects involving data privacy and the smart grid.
We have also begun “construction” of *SmartGridPrivacy.org* (expired), a site that we hope will serve as a clearinghouse for information about the Smart Grid and privacy issues. And we are planning a conference that will be devoted to privacy issues related to the smart grid.
Contact Matthew Gruenberg, FPF smart grid policy fellow, at
[email protected] to get involved with any of our smart grid privacy efforts.