If the online advertising industry can't figure out how to deal with this whole privacy thing, how's Washington supposed to do it?
There are currently six -- count 'em, six-- proposed privacy bills on the Hill. All the proposed legislation would accord oversight and regulatory power to the FTC. While only half the bills specifically call for some type of do-not-track mechanism (such as opt-out, or ways to delete personal data), the FTC declared itself last December to be solidly behind do-not-track. After all, its do-not-call registry was the most popular website launch in history: 28 million sign-ups, or one-third of American households, in fewer than 30 days.
Stay connected. For more insights into the latest marketing strategies, attend the iMedia Entertainment Summit, June 28.
Request your invitation today.
In poll after survey after research report, an overwhelming majority of consumers express concern about their online privacy. Last summer, for example, a poll by Consumer Watchdog found that 90 percent of Americans want online privacy legislation, and 80 percent support some sort of do-not-track. A further 86 percent want a single-click browser button that renders their searches anonymous.
"But when you put [do-not-track] in front of them in a targeted ad, or in one of the other new methods they're trying, less than 1 percent are using it. For companies, that's a badge of success -- that so few people will choose that nuclear option," Jim Brock, of PrivacyChoice, said at a conference last week, as reported by paidContent.org.
But what's tracking, anyway? Sure, there's behavioral advertising. There's retargeting. Both of which can be -- and very frequently are -- based on perfectly anonymous data.
Even when users are a blank slate, relatively speaking, of behavioral, demographic, or psychographic data, they're still being targeted. The hot video making industry rounds last week was Eli Pariser's talk at TED, in which he points out that Google is currently tailoring search results based on up to 57 signals of "known data" (e.g. geo-location, browser type, brand of computer) -- even when a user is logged out of their account.
I'm a Mac. You're a PC. And Google knows it. It certainly wouldn't be at all difficult for other sites to sniff this data and target accordingly. In fact, it already exists in every basic web analytics package.
Will this type of targeting be a violation of do-not-track? Conceivably. At least one piece of proposed digital privacy legislation would explicitly prohibit geo-targeting.
Personally identifiable -- or not?
Geo-targeting isn't the issue, nor is much of the other data advertisers (and search engines and publishers) use to track and target. Just because advertisers know you live (or are browsing from) New York doesn't provide them with enough information to come to your house and knock on your door. Even if they embellish that broad fact with additional data (e.g., you're a female and in Brooklyn), you're still the proverbial needle in a haystack.
What do-not-track and other privacy bills should boil down to is clearly differentiating between "actual" versus "perceived" privacy (i.e., whether the data personally identifiable -- or not).
It's doubtful that consumers or legislators understand the difference between personal data and personally identifiable data. Perception, therefore, wins by default. Browse a specific shoe brand on Zappos or peruse a reservations page on Red Roof Inn. You'll be retargeted until the cows come home. It feels stalker-ish. It certainly feels personal. But creepy as it might appear, it's really perfectly benign.
Yet those same consumers who, for all we know, dread Tony Hsieh's imminent knock on their door don't hesitate for an instant when the cashier at Walgreen's or Radio Shack asks for their ZIP Code when they pay by credit card. Know why? The cashiers don't, and neither does the hapless consumer buying aspirin or batteries. But we marketers do: A postal code coupled with a credit card number equals a mailing address. Fork over that particular piece of personal data, and the junk mail will be coming to your home, just as sure as you're going to get a jury duty summons as soon as you register for a driver's license.
The above arguments do not, of course, apply to companies that share data with third parties, particularly personally identifiable data. Mobile is in a ballpark of its own, as nearly all mobile data can be tied to a specific device, and that device is tied to one single owner. Social networks also deserve their own category.
But that's really the issue here, isn't it? The digital landscape is evolving too rapidly for legislation to keep up.
It's a pity that industry self-regulation hasn't been as swift.
Rebecca Lieb is an author, speaker, and consultant specializing in digital marketing, advertising, publishing, and media.
On Twitter? Follow iMedia Connection at @iMediaTweet.
