Search Articles
Reproduction permitted for personal use only. For reprints and reprint permission, contact reprints@wistechnology.com.
Online tracking and the privacy violations of behavioral marketing
October 15, 2008
What is behavioral targeting? It's tracking a user's online activities to deliver advertising targeting to that user. Users are generally familiar with “cookies” that hold information pertinent to any given website visited, and can usually choose whether cookies should be used or not.
Today's debate centers on information tracked on a broader level by Internet service providers (“ISPs”), called “deep packet inspection.” This information is made up of granular details on users. The ISPs create profiles based on the search terms entered by a user into search engines, the Web pages visited, and the content viewed. The information on these habits is valuable to online marketers who desire to serve up the most relevant ads to the user.
The behavior of online marketers
Online marketers such as Phorm, NebuAd, and Adzilla have been receiving press about their plans to offer behavioral targeting advertising. Charter Communications, the third-largest publicly traded cable operator in the U.S., had announced plans to work with NebuAd to deliver to its users “an enhanced online experience that is more customized to your interests and activities.”
Advertisement
In June, Charter put its plan on hold indefinitely. NebuAd's CEO resigned, and in September the company announced that it had put on hold plans to widely deploy its behavioral targeting advertising technology. Earlier this month, Adzilla announced that it was closing its North American operations, and its CEO resigned, all over the unexpected scrutiny on the privacy front.
Phorm is proceeding with its plans in Europe, emphasizing its privacy protection measures. It went so far as to commission a Privacy Impact Assessment, posted on its home page.
FTC weighs in
The Federal Trade Commission has weighed in, reporting that “behavioral advertising provides benefits to consumers in the form of free content and personalized advertising,” but noting that “this practice is largely invisible and unknown to consumers.” See “Behavioral Advertising, Moving the Discussion Forward to Possible Self-Regulatory Principles.”
The FTC proposes that “every web site where data is collected for behavioral advertising should provide a clear, consumer-friendly, and prominent statement that data is being collected to provide ads targeted to the consumer and give consumers the ability to choose whether or not to have their information collected for such purpose.”
According to the FTC, any company with such data should provide reasonable security and retain the data only as long as necessary. Also, for companies that are moving to this model, the FTC proposes that they should obtain affirmative express consent from consumers before using the data in a manner materially different from promises the company made when it collected the data.
The FTC is seeking comment on what might constitute “sensitive data” (such as medical information or children's online activities) and whether collection should be altogether prohibited.
Opting out
In this current era of self-regulation, many companies are calling for clear mechanisms for consumers to opt out. Roy Shkedi, CEO of AlmondNet, a New York-based behavioral targeting advertising company, proposes adding an opt-out link to every delivered advertisement, and making it clear to consumers that no personally identifiable information is used to deliver targeted ads.
Given that ISPs already have all of this detailed data, if they sell it without any personally identifiable information attached to it, how risky is it that a user's privacy will be impacted?
Stay tuned - perhaps someday you will be served a targeted ad with an update on this debate!
Related WTN News articles:
- Beware -- Use of the word 'entrepreneur' can put you in a legal mess
- Brand Bullies- Entrepreneurs draw legal action over common words
Deborah A. Wilcox is a lawyer and co-chair of intellectual property litigation at Baker and Hostetler, LLP, in Cleveland. She is a graduate of the University of Wisconsin-Madison Law School and regularly handles copyright, trademark, and e-commerce litigation. She can be reached at dwilcox@bakerlaw.com.
The opinions expressed herein or statements made in the above column are solely those of the author and do not necessarily reflect the views of Wisconsin Technology Network, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed here.
The opinions expressed herein or statements made in the above column are solely those of the author and do not necessarily reflect the views of Wisconsin Technology Network, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed here.
Comments
Robb Topolski responded 1 year ago: #1
--Quote--
Given that ISPs already have all of this detailed data, if they sell it without any personally identifiable information attached to it, how risky is it that a user's privacy will be impacted?
--EndQuote--
Deborah,
These ISPs convey every word that we read or write on the Internet, every request to load a new page, or to visit another site. Even though the ISP is not prefixing it with PII like "Deborah A. Wilcox said," it is prefixed with your unique identifier. In a brief time, you identify yourself anyway within your own data either by logging in to a website, searching for directions from your home, or searching your own name to see how many pages are carrying your article.
With NebuAd, 20 or 30 ISPs each elected to do this! And who was NebuAd? It was a start up with no track record of trustworthiness and a pile of half-truths to trick consumers into believing that ISPs gave them much less data than was actually provided.
Think about this -- why do we especially protect PII? Your name is no more or less special than anyone elses. Your address is displayed on the side of your house. You've just disclosed your education and vocation right here on this site. Your phone number is probably not difficult to find. While we treat all this publicly-available PII especially carefully, it's to allow someone who wishes to keep their personal or business affairs private to do so.
Your telephone company is in the position to listen in on every call, and sell tapes and transcripts to marketers. Do you really want them doing that? Why not?
The Internet is no different.
Given that ISPs already have all of this detailed data, if they sell it without any personally identifiable information attached to it, how risky is it that a user's privacy will be impacted?
--EndQuote--
Deborah,
These ISPs convey every word that we read or write on the Internet, every request to load a new page, or to visit another site. Even though the ISP is not prefixing it with PII like "Deborah A. Wilcox said," it is prefixed with your unique identifier. In a brief time, you identify yourself anyway within your own data either by logging in to a website, searching for directions from your home, or searching your own name to see how many pages are carrying your article.
With NebuAd, 20 or 30 ISPs each elected to do this! And who was NebuAd? It was a start up with no track record of trustworthiness and a pile of half-truths to trick consumers into believing that ISPs gave them much less data than was actually provided.
Think about this -- why do we especially protect PII? Your name is no more or less special than anyone elses. Your address is displayed on the side of your house. You've just disclosed your education and vocation right here on this site. Your phone number is probably not difficult to find. While we treat all this publicly-available PII especially carefully, it's to allow someone who wishes to keep their personal or business affairs private to do so.
Your telephone company is in the position to listen in on every call, and sell tapes and transcripts to marketers. Do you really want them doing that? Why not?
The Internet is no different.
David Kessler responded 1 year ago: #2
Over here in the UK, Phorm are pushing ahead with their trials but are hardly being open and honest about it.
The partner ISP "BT Retail" is actively censoring discussion about their webwise product in their customer forums. When "volunteers" opt-in to the trial they already have their data intercepted prior to opt-in. The "volunteer" is NOT informed that their browsing habits are being monitored, they are told they are being protected from phishing. Even if you opt-out, all your browsing data still goes through Phorms profiler, just you don't get the "more relevant" ads.
Add to this Phorms murky history using rootkits in their past ad(spy)ware, leads to a very untrustworthy company.
Behavoural Targetting has it's place, but that place is not inside your internet provider.
The partner ISP "BT Retail" is actively censoring discussion about their webwise product in their customer forums. When "volunteers" opt-in to the trial they already have their data intercepted prior to opt-in. The "volunteer" is NOT informed that their browsing habits are being monitored, they are told they are being protected from phishing. Even if you opt-out, all your browsing data still goes through Phorms profiler, just you don't get the "more relevant" ads.
Add to this Phorms murky history using rootkits in their past ad(spy)ware, leads to a very untrustworthy company.
Behavoural Targetting has it's place, but that place is not inside your internet provider.
Anil Batra responded 1 year ago: #3
I have written extensively on this subject on my blog http://webanalysis.blogspot.com/search/label/privacy. My suggestion is to provide users a choice rather than forcing them to opt-out give them opt-in. If they see or hear about the value of BT they will opt in.
You can see my 5 step process for easing privacy concerns at http://webanalysis.blogspot.com/2008/04/consumer-awareness-and-attitudes-about.html
You can see my 5 step process for easing privacy concerns at http://webanalysis.blogspot.com/2008/04/consumer-awareness-and-attitudes-about.html
Pete responded 1 year ago: #4
DPI is a nonsense.
First and foremost, respect for privacy requires that you obtain the consent of both parties to a communication before you intercept a private message. In the UK that's what the law requires.
Second, a web request is no different to a phone call. It passed unencrypted over a public communication network. It is a private communication between two parties.
Third, the data being exchanged does not belong to the ISP. It is entrusted to them, but they have no licence to copy it. The web page is a Copyright literary work. Copying, and creating adaptations is the exclusive right of the creator. Think of it the same way that you might illegal music sharing. Its illegal.
But ultimately here's what it boils down to... trust. Private communication is essential to commerce, democracy and freedom of expression. If Internet Service Providers cannot be trusted to respect the privacy and confidentiality of communications trusted to them, expect to see a proliferation of encryption across the net, and/or fragmentation of the net into trusted and untrusted zones.
First and foremost, respect for privacy requires that you obtain the consent of both parties to a communication before you intercept a private message. In the UK that's what the law requires.
Second, a web request is no different to a phone call. It passed unencrypted over a public communication network. It is a private communication between two parties.
Third, the data being exchanged does not belong to the ISP. It is entrusted to them, but they have no licence to copy it. The web page is a Copyright literary work. Copying, and creating adaptations is the exclusive right of the creator. Think of it the same way that you might illegal music sharing. Its illegal.
But ultimately here's what it boils down to... trust. Private communication is essential to commerce, democracy and freedom of expression. If Internet Service Providers cannot be trusted to respect the privacy and confidentiality of communications trusted to them, expect to see a proliferation of encryption across the net, and/or fragmentation of the net into trusted and untrusted zones.
Add Your Comment
Comment Policy: WTN News accepts comments that are on-topic and do not contain advertisements, profanity or personal attacks. Comments represent the views of the individuals who post them and do not necessarily represent the views of WTN Media or our partners, advertisers, or sources. Comments are moderated and are not immediately posted. Your email address will not be posted.
WTN Media cannot accept liability for the content of comments posted here or verify their accuracy. If you believe this comment section is being abused, contact edit@wistechnology.com.
Advertisement
Most Popular Stories
Advertisement
Featured EventsMore…
More Stories
- HHS help on the way for online insurance exchanges
- How fast can a cloud run?
- Facebook isn’t a leak, It’s a Faucet
- Maybe your customers don't want to talk to you
- The four questions every board should ask the CIO
- Survey: How many would pay for Twitter? Zip, zilch, zero
- Google eyes more government deals for online apps
- Wal-Mart reignites RFID hysteria
- After IT, there's more that needs fixing
- GSA, union negotiate on rules for workers' posts on Facebook, other social media
- Web filtering and reporting tools for the small business
- Apple’s business model lesson
- Shift happens: handling things in transition
- What to do when you launch: Before, during, and after
- Physician uptake of smartphones grows by leaps
- Now legal in the U.S.: Jailbreaking your iPhone, ripping a DVD for educational purposes
- Majority of consumers use social networks to inform buying decisions, says study
- Forget the Numbers: Manage your mentors on social networks
- Core BTS achieves Cisco Master Unified Communications Specialization
- Transparency creates an information blizzard not an excuse, nor an absolution
- Ingenix to acquire Picis
WTN Media Presents
