Just prior to 9/11, a survey of U.S. citizens was conducted asking them what their main worries about the future were. The vast majority listed online privacy as their major concern. Needless to say, 9/11 moved other issues to the head of the queue, but the underlying concern about online privacy remained. Over the last few years, we have seen the rise of a new industry focused on tracking online activity, then creating and selling the resultant behavioral profiles, usually to underpin behavioral targeting of ads. Completely unregulated, often engaging in "questionable" practices, such as skimming data from private forums, there has been a corresponding rise in concern by the public and legislators. Public concern peaked in 2010, with The Wall Street Journal's series on this issue, replete with evocative titles such as "The Web's New Gold Mine: Your Secrets."
Meanwhile, governments have commenced the process of legislation. Many in the digital marketing industry feel forthcoming legislation is misguided and ill-informed. For example, as of mid-2011, the EU's Privacy and Electronic Communications Directive requires all websites to obtain a formal opt-in before setting cookies of any form and will specifically ban the use of cookies to record what someone has put into their shopping basket.
Stay informed. For more insights into the latest digital marketing opportunities and challenges, attend the iMedia Agency Summit, May 21-25.
Request your invitation today.
In France and Germany, where personal privacy is a constitutional right, there are moves to limit the lifetime of even opt-in cookies to 30 days. In the U.S., congressional representatives like Republican Cliff Stearns and Democrat Jackie Speier are competing to introduce their own online privacy legislation.
Never before in the history of the internet has online business practice been under so much public scrutiny, and never before has the future of digital marketing been so much in the hands of those outside the industry. The industry response has, of course, been to attempt to introduce self-regulation before (in their view) misguided governments destroy a lucrative industry.
Since web analytics is the mechanism underpinning all online data gathering, tracking, and targeting, web analysts are at the center of this storm. As the sole industry body for web analysts, the response of the international Web Analysts Association (WAA) represents web analysts' first foray into highly sensitive, controversial, and political realms. Largely at the initiative of web analysts Eric Peters and John Lovett, the WAA has now launched a Code of Ethics and is encouraging WAA members to join the initiative.
The WAA Code of Ethics covers five topics: privacy, transparency, consumer control, education, and accountability. Each section is short, only a few sentences, so that the entire code fits onto a single page. Terms are not defined. There is an assumption that most of the terms used are straightforward, but, as we all know, lawyers delight in digging up alternative meanings for terms, so this lack of definition of terms is a potential weakness in the code. While there are five sections, at its heart the code is about data privacy.
As John Lovett, one of the authors of the code, explained: "Privacy is the biggest thing that consumers are worried about, and we wanted to ensure that this code was up-front about our collective commitment to consumer privacy."
The privacy section makes it unethical to pass personally identifiable data to a third party without prior permission from the person that data pertains to. This effectively bans much of the profiling industry. However, it does not define "personally identifiable data," and what that constitutes is much less obvious than most web analysts assume, as we'll see later.
The transparency section requires the web analyst to "encourage" their clients or employers to disclose how the data is used in a language ordinary people can understand. It is unclear whether this places any obligations on websites to understand the data practices of those running advertising through their site.
The consumer control section says the web analyst must actively tell consumers how to opt out of any and all data collection and provide them with the means to do so. This effectively means all websites should have a mechanism built into them that enables visitors to turn off tracking completely. Leaving it to the consumer to block cookies via the browser is not enough.
The education section of the WAA Code of Ethics obliges the web analyst to be a communicator, telling clients, employers, and peers what data their organization is collecting, what they can do with it, what the dangers are, and how consumers could potentially see web analytic technology as "invasive." Of course, this pre-supposes that the web analyst actually knows what happens to the data after it has been gathered.
The accountability section calls upon the web analyst to champion the consumer, acting as a "steward" of their data, upholding their right to privacy, ensuring all organizations keep up-to-date lists of who has access to what data, and telling people who have access to the data how it "can and cannot be used."
In general, the web analytics community has reacted positively to the code. As you'd expect with any broad community, there are a few who feel it goes too far, and a few who feel it doesn't go far enough.
