Address Consumer Concerns about Behavioral Ads or the Browser Developers May Do It For You, Real Soon.
To support our point that businesses should worry about the consumer view of behavioral advertising as much as they worry about legislative activity, have a look at CDT’s update on the current browser privacy controls available to users. Healthy browser competition over the last few years has made privacy an increasingly prominent feature for browser developers. Although the options are still a bit too much trouble for many average users, they are becoming increasingly visible and easier to use. If businesses don’t succeed in satisfying consumer concerns about behavioral ads, the browser companies may just decide to solve it for them. Some are assuming the fact that some of the companies developing browsers are also in the advertising business will prevent these privacy features from ever becoming too effective. Yet others can easily imagine circumstances where being a privacy leader and ensuring success in being the leading platform for web based applications could trump behavioral ad interests. What do you think? Before answering, have a look at the “block list” of third party ad servers and analytics companies ready to be activated on your Internet Explorer 8 browser. If you don’t remember creating a list of servers that you didn’t want your browser to contact, be aware that IE 8 has conveniently assembled this for you as you were browsing in the normal default mode. Click to turn it on and no more behavioral ads for you.
Jules IE * browser
Time to go – iTunes is nagging that it needs an update. Oh, look at that, the update includes a copy of the Safari browser for our Windows PC, automatically set by Apple to block third party cookies by default.
Future of Privacy Forum Reply Comments on the Report to NIST on the Smart Grid
What a difference six months makes! Six months ago, the staff of the Federal Trade Commission released a set of proposed principles to guide the development of self-regulation in online behavioral advertising, which it described as an “evolving area”. Industry groups reacted by agreeing to a set of principles focused around ensuring that all behaviorally targeted ads carry a label leading to a behavioral advertising notice and a link to allow users to opt-out. Many privacy advocates responded by renewing their call for national privacy legislation. At the Future of Privacy Forum, we felt strongly that regardless of self-regulation or legislation, work needed to be done to figure out how companies who wanted to be transparent about behavioral ads could do so in a way meaningful to users. Together with WPP and a number of other leading companies, we launched an initiative to develop effective messages to communicate with users about online data use and hope to be able to provide an update on our work before too long.
When announcing the principles, the FTC referenced years of study and workshops and said “The purpose of this proposal is to encourage more meaningful and enforceable self-regulation to address the privacy concerns raised with respect to behavioral advertising.” In developing the principles, FTC said its staff was “mindful of the need to maintain vigorous competition in online advertising as well as the importance of accommodating the wide variety of business models that exist in this area.” The FTC explained: “The proposed principles acknowledged that behavioral advertising provides benefits to consumers in the form of free content and personalized advertising but noted that this practice is largely invisible and unknown to consumers.”
A piece in today’s New York Times, reports that the new head of the Bureau of Consumer Protection at the Federal Trade Commission, David Vladeck has embarked on a “broad mission to redefine how the Commission look[s] at online privacy” and that he has “outlined plans that could upset the online advertising ecosystem” . At the same time, the article reports Mr. Vladeck as saying “We’re not committing ourselves to imposing regulation. What we would like is to figure out useful tools and a more comprehensive way of looking at privacy protections that may obviate the need for rules.” Still, he observed that “Privacy policies have become useless, the commission’s standards for the cases it reviews are too narrow, and some online tracking is ‘Orwellian.’” And he is reported to have said he would consider “requiring sites collecting personal data to get consumers’ assent whenever they visit the site (an “opt-in”).” He continued: “Let people vote with their feet. If the marketers are right, and the consumers like behavioral advertising, then it should be no big deal.”
Recall that in the February report, the FTC staff was careful not to suggest that opt-in is the new paradigm, writing “Every Web site where data is collected for behavioral advertising should provide a clear, consumer-friendly, and prominent statement that data is being collected to provide ads targeted to the consumer and give consumers the ability to choose whether or not to have their information collected for such purpose” (emphasis supplied). Thus, the door was open to effective opt outs as well as opt-in.
But, six months later, based on the New York Times report of its interview with Mr. Vladeck, online advertisers may be dealing with a regulator that believes that “opt-in” is the new required default. Time will tell. But we continue to believe that the regulatory and legislative environment should not be the only reason that companies should be seeking to innovate around the ways they communicate to consumers about how data is used. As more and more information is used, across platforms and devices, we are heading for a day when behavioral advertising will either feel incredibly intrusive to users – or it will be a valued and appreciated as a relevant and personalized experience. If industry focuses on meaningfully engaging users and ensuring that the experience is transparent, profits and personalization are surely possible. If behavioral advertising continues to be largely invisible to most users, regulatory stress is certain to continue and soon we will see consumers voting with their feet.
Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?
Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?
New York Times
By Riva Richmond
July 31, 2009
When Internet giants team up, civil-liberties advocates tend to worry that their consolidated power will end up hurting the privacy of average users.
An agreement between Microsoft and Yahoo to work together on Web search is no different. But at least one expert thinks it could re-energize a three-year trend that has delivered to consumers more privacy protections around the search data Internet companies store.
Jules Polonetsky quoted:
Jules Polonetsky, director of the research group Future Privacy Forum and formerly chief privacy officer at AOL and DoubleClick, thinks the tie-up could restart competition among the big search providers for bragging rights to who has the best practices.
He’s optimistic because, he says, Yahoo currently has the most stringent privacy policy, and Microsoft has agreed to adhere to it for search queries that originate from Yahoo. Scrutiny of the deal by government regulators could push Microsoft to match Yahoo, Mr. Polonetsky says, which might pressure Google to make its policy stricter, too.
July 31, 2009 – Does Microsoft + Yahoo = A Privacy Arms Race Among Web Giants?, NY Times
Search Privacy and the Microsoft-Yahoo! Agreement
As we have followed the rumors of a Microsoft-Yahoo deal over the last few months, the area we were most concerned about was the future of Yahoo’s leading search data retention policy. We have repeatedly praised Yahoo for implementing a data retention policy that seeks to anonymize search queries after 3 months and we have urged others to follow suit. We understand why companies need to retain data to improve their services and for the related advertising that supports these services. Analyzing what results are selected by users in response to certain queries over time is essential to providing increasingly relevant results. But search queries are sensitive and provide an unusually rich record of user activities online. Yahoo proved that it was serious about privacy when it adopted a policy of deleting information as soon as it was not needed. Would Yahoo’s policy survive the deal?
We are pleased to report that it will. In emails from the Microsoft and Yahoo privacy leads this morning and after a more detailed discussion with Yahoo privacy lead Anne Toth, we were pleased to learn that Microsoft will maintain Yahoo’s retention period for the search data from Yahoo that it will now receive. We hope that this search deal leads to a period of aggressive privacy competition between Google and Microsoft and that consumers benefit from efforts to provide relevant services in a privacy smart manner.
(You can see FPF’s Gallery of leading practices for an overview of some of the other more progressive privacy practices we have highlighted.)
What about anti-trust issues? We think that the question of whether and how privacy issues should be considered in conducting an anti-trust is critical. When the FTC approved the Google-DoubleClick merger, it rejected the idea that the merger would have a negative privacy impact, but it clearly said the privacy issues were relevant to be considered in an anti-trust review. Our former advisory board member Professor Peter Swire has done some very interesting thinking and writing in this area. Here are the points he raised last year in anticipation of this deal:
• Will Yahoo’s and Microsoft’s existing databases of personal information be merged?
• How will the pre-merger privacy policies apply after the merger?
• What privacy guarantees arising out of the merger might be incorporated into the post-merger privacy policies?
At initial review, it seems that Yahoo and Microsoft have addressed these points, assuring us that Yahoo search data won’t be available for other Microsoft systems and assuring us that privacy policies will be updated to address this. If we were strategizing this on the corporate side, we might have come up with one or two more privacy advances so as to have something in our pockets to offer later when Congress and the FTC get involved. Perhaps Microsoft adopting the shorter Yahoo policy for retention for its own data as well? The Article 29 group of European data regulators is aggressively pressing all the search providers to anonymize data after 6 months regardless, so this would be responsive to them and it would almost certainly obligate Google to match this policy.
We do not discount the concerns some will have about the consolidation of data in the hands of two companies. But, to be pragmatic, it often requires real competition to kick-off privacy progress. Consider the progress Internet Explorer has made in the recent years as Firefox has become a serious competitor. We expect the same could happen here.
White House Asks Public If It Wants Cookies
White House Asks Public If It Wants Cookies
Media Post
By Wendy Davis
July 24, 2009
The Obama administration is asking the public to weigh in on whether the government should liberalize its 9-year-old policy limiting the use of persistent cookies. In a blog post issued Friday, administration officials asked for opinions about matters including what basic principles should govern cookies, the choice between allowing consumers to opt out and requiring opt-in consent, and whether the use of cookies raises any non-obvious privacy issues….
Earlier this year, groups including the think tank Future of Privacy Forum and digital rights organization Center for Democracy & Technology proposed that the White House should loosen restrictions on cookies.
The government’s use of cookies and other technology that potentially identifies particular computers is seen as raising more significant civil liberties issues than tracking by private companies who engage in ad targeting. But the government’s decision regarding cookies could still affect Web companies’ policies, says Jules Polonetsky, co-chair and director of the Future of Privacy Forum. “The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.
Jules Polonetsky quoted:
“The ability of government to track users needs to be far more constrained than the private sector, but a smart policy that enables analytics and some degree of personalization could be very influential in showing what can be done,” he says.
Kim Hart of Washington Post wrote her last piece today, before she moves on to a new tech related effort at “The Hill” newspaper. Kim has done some great reporting on privacy issues and is one of the savviest young journalists covering tech issues around. So nice to see her on the rise. Good luck Kim!
July 24, 2009 – White House Asks Public If It Wants Cookies, MediaPost News
