Microsoft has agreed with the Article 29 Working Party of EU data regulators that they will remove cookies and IP addresses from search data after 6 months, but only if Google and Yahoo also go along. We will comment further about this, but are already thinking about the next issue – ad server log file retention.
Companies didn’t adopt search data retention practices until pressed by the European regulators and then were “ordered” to adopt a 6 month term. This time frame seemed to be a political compromise period agreed to by the group of regulators without any documentation of why 6 months is the model balance of improving search vs. user privacy. We propose a better process for ad server log files, based on examining the minimum period needed for the functions of serving and accounting for ad delivery and related auditing and analysis. We have some more work to do here and will be discussing this with ad serving and behavioral targeting companies, many of whom currently keep ad serving log data long term without any clear need to do so. We understand the value of having a year’s worth of data in order to understand seasonal or year to year trends and believe that retention periods of 9-13 months could easily be put in place at many companies with zero business impact whatsoever. Why wait until the next crisis hits or the Europeans decide to press this issue? Let’s figure out how to implement a more responsible practice in this area in order to improved user privacy in a business practical manner.
Please contact us via this site if you would like to be part of this discussion.
Pew on FaceBook Connect
Amanda Lenhart of Pew thinks FaceBook is off-base with plans for FaceBook Connect because of the complexity that will be added to the average user’s identity management desires. Perhaps we are extroverts, but we are optimistic that FaceBook will have done the work needed to make use of this extension of FaceBook into the rest of our web life intuitive to use so that we can share what we want with who we want. And, of course, we hope we can NOT share all of our data with a new site, just because we want to use our FB credentials and friend network on the site. Eagerly awaiting a look and this implementation – will need to ping our busy friend FaceBook CPO Chris Kelly to seek a preview!
Online Shoppers Carry Web Retailers' Baggage
Online Shoppers Carry Web Retailers’ Baggage
San Francisco Chronicle
By Deborah Gage
November 28, 2008
Online shoppers bring to the hunt a lot of baggage from retailers.
People who shop online share lots of information about themselves, even when they’re not buying anything, said Jules Polonetsky, the former chief privacy officer at AOL who now heads the Future of Privacy Forum.
Jules Polonetsky quoted:
“Simply visiting a Web site leads to an explosion of data to dozens of other companies,” he said. “You (may) think you’re shopping alone when you sit there at home, (but) you’ve got as many folks along with you as if you were in a crowd at the mall.”
The first, a story by John Markoff, explores the advances in “reality mining”, a term coined to capture the risks and opportunities of data-mining a full range of data about users, from location, to shopping, to online. It is hard to read this article, without understanding the need for leaders who appreciate the opportunities and risks of data to beginning setting down the parameters for ethical progress. At some point, the solution will clearly need to be a combination of technological standards, industry rules and legislation.
Without such guidance, the projects move forward subject to the personal and sometimes conflicting views of project leaders. Here’s is an example from the article:
Pentland says there are ways to avoid surveillance-society pitfalls that lurk in the technology. For the commercial use of such information, he has proposed a set of principles derived from English common law to guarantee that people have ownership rights to data about their behavior. The idea revolves around three principles: that you have a right to possess your own data, that you control the data that is collected about you, and that you can destroy, remove or redeploy your data as you wish.
At the same time, he argued that individual privacy rights must also be weighed against the public good.
Citing the epidemic involving severe acute respiratory syndrome, or SARS, in recent years, he said technology would have helped health officials watch the movement of infected people, providing an opportunity to limit the spread of the disease.
“If I could have looked at the cell phone records, it could have been stopped that morning rather than a couple of weeks later,” he said. “I’m sorry, that trumps minute concerns about privacy.”
Indeed, some researchers argue that strong concerns about privacy rights are a relatively recent phenomenon in human history.
“For most of human history, people have lived in small tribes where everything they did was known by everyone they knew,” said Thomas Malone, director of the MIT Center for Collective Intelligence. “In some sense we’re becoming a global village. Privacy may turn out to have become an anomaly.”
The second article is from the NY Times Magazine, by our friend Jeffrey Rosen, the leading legal and privacy scholar, who takes a look at the critical decisions about censorship, legal compliance, and often privacy made by the legal and policy team at Google. Having sometimes sat in smaller versions of that seat of responsibility (Jules while at AOL and Chris in his leadership role dealing with online hate speech at the ADL and at INACH), we understand the challenge of making private sector decisions that impact the public commons. The folks at Google recognize this challenge and do call for governments themselves to play more of a definitive role in establishing the legal guidelines in each jurisdiction. Given this isnt the case yet and may never be, how Google and how many others who are also juggling competing legal and policy obligations handle these conflicts is one of the critical issues for the future of the internet.
Where does your data go … before you even click
Who’s watching you while you’re shopping? This holiday season you may be getting more of a mouthful of cookies then expected. You may not be aware that when you visit a site you’re actually a part of a complex advertising and marketing mechanism. Very few things on the Internet are completely anonymous. Data collection is inevitable due to the architecture of the internet and much of the data collected is simply used to help sites analyze which offers are popular, but many users would be surprised at the multiple companies involved with nearly every Web site visit and the breadth of the data collected. The good news is there are tips to help control your privacy:
Most online tracking relies on little bits of data left on your computer called cookies. Use your browser privacy settings to delete those cookies after browsing, or visit the consumer tools page at fpf.org to find the opt-out links offered by the largest ad networks.
Download the new version of Microsoft’s Internet Explorer 8, which includes a powerful safety setting that will prevent your computer from silently loading many of the tracking tools.
Alternative browsers Firefox and Google’s Chrome also have settings that let users block or delete cookies.
Check out Ask Eraser, a useful privacy feature unique to Ask.com’s search engine which allows users to permanently eliminate their searches from Ask’s log files.
Avoid using the same company for your searches and for your email account, so that linking your searches and your email identity is not possible.
Additional useful resources for online privacy can be found at the TRUSTe and Federal Trade Commission sites.
Why do we think that right now, as 2009 approaches, there can be real progress on privacy? Because some of the most senior marketers in the industry are starting to sound like privacy advocates. Read this comment about advertising on social networks and then click here to see who said it!
“I have a reaction to that as a consumer advocate and an advertiser,” he said. “What in heaven’s name made you think you could monetize the real estate in which somebody is breaking up with their girlfriend?”
Of course his point, as a large global advertiser, isn’t that ads don’t belong on social networks, but rather that engaging users is more effective than using data simply to “target at” them. We couldn’t agree more. We certainly expect that FaceBook will continue to develop in this direction and that it will succeed in collecting ad dollars by increasingly serving the desires of its users. We never click on banner ads offering us a local date with a hottie in our area, but we do enjoy someone using a FaceBook application to buy us our favorite brand of scotch, even if virtual!
Hulu having success with opt-in ads
Hulu reports that giving users control over whether they see one long video ad or several short ones seems to be working well. Users don’t get a choice of viewing ads or not, but seem to welcome being able to decide the format of ads that they will see. Interesting to consider how ad networks or portals might provide similar options to give users additional controls like this.
Fox 7 Austin Features Chris Wolf & the Future of Privacy Forum
Click here to watch the video of Austin’s Fox 7 featuring Chris Wolf and the Future of Privacy Forum.
BBC: New privacy group to shape policy
New Privacy Group to Shape Policy
BBC News
By Maggie Shiels
November 17, 2009
Lawmakers have held several hearings examining online privacy protection. Privacy experts have banded together to influence policy in the new Obama administration and set best practices for the industry.
The newly formed Future of Privacy Forum aims to present a privacy agenda to the Obama team in late November.
It also plans to talk to internet users about their concerns.
Jules Polonetsky quoted:
“We are at a vital crossroads for improving consumer control over online data,” said the Forum’s co-chairman Jules Polonetsky.
“The Obama campaign used a lot of data in a tech savvy way so they fully appreciate the value of data for outreach and marketing and the need for best practices to ensure personal autonomy,” Mr Polonetsky told the BBC.
FPF note: FPF would like to note that the companies listed in this article are not necessarily supporters of the Forum. Some executives at these companies sit on the FPF Advisory Board. By serving as Advisors, they are not responsible for the content of the Web Site nor do they necessarily endorse the positions taken by FPF. Advisors serve in a personal capacity and their affiliation does not indicate the endorsement of their corporation or organization.
Consumer Choice and Relevant Advertising
The CEO of BlueKai, an online behavioral targeting and marketing company, makes some interesting points about giving consumers more control over their online profiles. The company’s profile viewer, which displays the categories they have put you in and which lets you edit your preferences, is no silver bullet, but it is one piece of the puzzle. Now how about asking Web sites who provide data about users to show a dashboard linking to the profile manager from their home page ?
I was interested in checking out my own profile, but alas have not visited enough web sites in their network to be included. Of course, most users would have no idea if they visited sites participating in this or any other network. (Hint – on your browser toolbar, choose View, then Page Source, and scrool thorough looking for the name of the code referring to the ad network. Or look at the bottom edge of your browser window when you visit a new web page and watch the locations your browser is visiting in the background to fetch the ad content of the page.) Check out your own profile at http://tags.bluekai.com/registry.