BT's most overlooked issue

I was recently on a conference call with a potential partner who noted that his company was delivering millions of contextual ads per day on publisher sites based on referrals from Google searches. The potential partner was simultaneously dropping cookies on these ad-viewing consumers in order to retarget them within ad exchange inventory. 

"Let me make sure I understand," I said. "If a consumer searches for 'mortgage' on Google and then arrives at a blog where you deliver ads, the consumer sees a relevant 'mortgage-related' contextual ad on the blog site from you, and then sees additional mortgage ads elsewhere?"

He answered yes and noted that he was collecting millions of these queries per day and could redirect them onward. The offer was interesting, but wondered how a privacy policy link could be inserted on all of the pages where the cookies were being dropped.  This link would provide the consumer with the opportunity to opt-out from tracking, but this was not something that my counterpart considered or planned to do.  

My company walks away from data provider deals that do not involve sufficient consumer notice and consent via an NAI opt-out, so this deal -- and others like it -- never got off the ground. If you think that the behavior of my counterpart is OK, well, you're not alone. Data collectors have been dropping cookies on and delivering targeted ads to consumers wherever they go without appropriate notice and consent. 

Much of the data management and consumer privacy debates to date have focused on the distinction between PII (personally-identifiable information) and non-PII, opt-in vs. opt-out, or deep packet inspection vs. cookie targeting.  But the issue of dropping cookies without consent is more pervasive than we think and potentially more damaging to the industry than other privacy topics that have attracted media attention.

The NAI has been laying the groundwork for a "race to the top" in privacy standards by working closely with the FTC to introduce and enforce meaningful industry self-regulation. These standards are grounded in robust notice and consent for consumers at the point of data collection via a link on every consumer-facing page to a privacy policy with an opt-out link. Meanwhile, others have been laying the groundwork for a "race to the bottom" by dropping cookies without appropriate opt-out links and using the acquired data to deliver targeted ads on behalf of themselves, their partners and advertisers.  In the end, this practice will only lead to the following:

Damaged consumer relationships
By not having an opt-out link, these others are not providing the consumer with proper notice and therefore could be potentially tracking consumers without their knowledge. Even though this type of tracking most likely involves the use of non personally-identifiable information, it is nevertheless intrusive because the consumer did not have the opportunity to opt-out of it.

Unnecessary regulations
This also creates an unlevel playing field for those who do, while at the same time empowering overzealous privacy advocates and inviting government regulation as opposed to industry self-regulation. Moreover, if only a few players in the space are upholding proposed self-regulation standards, it makes it more likely for the government to step in to ensure that consumers and their online data are protected.

Stunted industry growth
A data trading industry seems to be developing as ad networks and others seek to acquire data, the new currency of internet advertising, in order to monetize difficult-to-sell inventory. With behavioral targeting forecast to grow significantly over the coming years, this data trading will only become more pervasive. If done right, with appropriate privacy standards, consumers will enjoy the benefits of targeted ads and the benefits to other constituencies will naturally follow. If done incorrectly, without the proper opt-outs in place, consumers will feel violated and self-regulation will be replaced with government regulation, slowing the growth of the industry, and possibly our country's competitiveness. 

The choice is clear. Ad networks and other data acquirers need to make the right decisions and ask the right questions about where and how the data they use is sourced. Data-owning publishers from where data is sourced (like the blog mentioned above where the initial mortgage ad was delivered) have a role to play here as well by demanding to be notified and compensated when their data is used elsewhere. 

Mike Benedek is vice president of AlmondNet. 

 

Comments