A marketer's guide to the privacy debate

"A day of reckoning may be fast approaching." -- Federal Trade Commissioner Jon Leibowitz

These are the now famous last words of Jon Leibowitz as the U.S.  Federal Trade Commissioner. His official statement accompanied the February 2009 release of the "Federal Trade Commission Staff Report: Self-Regulatory Principles for Online Behavioral Advertising" -- a milestone document in the online privacy discussion. "In sum, almost all of us want to see self-regulation succeed in the online arena," he concluded, "but the jury is still out about whether it alone will effectively balance companies' marketing and data collection practices with consumers' privacy interests. A day of reckoning may be fast approaching." Interesting to note, one month later, Commissioner Leibowitz was officially sworn in by President Obama as Chairman Leibowitz.

For the select few that closely follow this issue, the industry is teetering on a precipice. Nevertheless, for the majority of digital marketing professionals, whose days are completely filled buying, selling, strategizing, and executing digital media, the privacy debate has been a back-burner topic. However, no one's saying it isn't important. We know it's important. 

Nonetheless, having not followed the matter closely, we do not have enough of the facts to understand what's really going on. Hopefully, by the time you finish reading this article, you will.

What's the core of this issue?
The first point of clarification is to define what the government thinks it could actually be regulating, which is not every practice of the digital marketing industry. Their focus is on online behavioral advertising (OBA). The Federal Trade Commission's (FTC) base definition of OBA is that it "involves the tracking of consumers' online activities in order to deliver tailored advertising." Why are they concerned? 

The answer is found in the FTC's "self-regulatory principles," which states, "Targeted advertising can benefit consumers, subsidize free content, and promote a robust online market. But the concomitant online tracking and data collection, coupled with inadequate notice to consumers about what information is collected and how it is used, raise critical privacy concerns. How companies collect, combine, disclose, and dispose of this data has serious ramifications for consumers."

Some good news that I can share, after talking with many of those in the inner circles of the privacy debate, is that it seems the notion that the government wants to interfere in our industry is a complete misperception. They have plenty to worry about without getting intimately involved with something as benign (comparably) as OBA. In fact, our government has a pretty good track record of supporting self-regulatory programs in many industries. Government regulation would cost a fortune to implement and maintain -- that's something they'd like to avoid.

There also seems to be a widely held misperception that the government is completely clueless on this subject. "They wouldn't know an internet cookie from an Oreo," some of us may say, but it's just not true. If you read the various documents published by the FTC on this issue, it's pretty obvious that they have a good handle on this topic. The experts handling this matter have studied the facts, collected industry comments, and interviewed many online advertising professionals to formulate their conclusions. They've given us a reasonably fair set of parameters to work within and have been flexible with their guidelines when presented with clear contradictory evidence. 

The Timeline 
To understand where we are now, you need to know how we got to where we are today.

1970 to 1994: The FTC becomes the champion of consumer privacy in various industries.

1994 to 1999: As the internet emerges, the FTC holds multiple public workshops to dive into the issues of online privacy and its impact on consumers.

1999: DoubleClick attempts to acquire market research company Abacus. As a result, privacy groups worry that Personally Identifiable Information (PII) may be at risk and complain heavily to the FTC. However, the deal goes through, but DoubleClick's ability to leverage the Abacus data is severely limited by heavy scrutiny and the company ends up selling Abacus for much less than the $1.7 billion paid. Years later, DoubleClick pays a small fine to the FTC to settle residual claims from this deal. Many privacy veterans feel that this is a seminal milestone and really kick off the government's deep concern regarding online privacy.

1999: In response to market pressures and to prevent any discussion on government regulations, the Network Advertising Initiative (NAI) is formed with ad networks and major publishers supporting the non-profit group. The NAI, which is still an important player in the online privacy debate, develops self-regulatory principles which are supported by the FTC and are still at the core framework of today's self-regulation movement. According to the NAI, these principles "set the standard for consumer notice, choice, and control."

2001 to 2004: Other than a few relatively minor lawsuits here and there, the FTC backs off of the online privacy issue, mainly due to the "bubble burst" of 2000 which greatly slowed web growth.

November 2006: The FTC sponsors the "Tech-ade" forum to examine the internet's future as it relates to consumers. Privacy is one of the main topics discussed.

November 2007: The FTC holds a public town hall event, called "Ehavioral Advertising: Tracking, Targeting, and Technology," in order to dive deeper into OBA. They invite industry groups to attend and comment.

December 2007: With the information acquired in November's town hall, the FTC releases a set of suggested principles for self-regulation. These principles focus on consumer safety and the need for online advertisers to disclose how they are collecting data and what they are using it for. 

February 2009: As a follow-up to their 2007 staff report, the FTC release "Self-Regulatory Principles for Online Behavioral Advertising, Behavioral Advertising Tracking, Targeting, & Technology." In this document, the FTC reaffirms their self-regulatory principles as well as answers specific feedback received from the online marketing industry since the release of the 2007 document. Attached is the aforementioned letter (and warning) from Commissioner Leibowitz. It should be noted that around this time, the idea of "do not track" legislation begins to gain more prominence around Washington.

July 2009: A coalition of advertising associations releases their own document, which expands the FTC's principles from four to seven, entitled, "Self-Regulatory Principles for Online Behavioral Advertising." These member associations include the American Association of Advertising Agencies (AAAA), the Association of National Advertisers (ANA), the Direct Marketing Association (DMA), and the Interactive Advertising Bureau (IAB), and are supported by the Council of Better Business Bureaus (BBB).

August 2010: The industry dodges a bullet when the 2010 Boucher-Stearns privacy bill doesn't pass through Congress. If it would have, the bill would require all online data collection to be opted in by consumers. Many digital advertising professionals agree that this would have severely impacted the online marketing industry and would have certainly resulted in the downfall of many companies and the loss of countless jobs.

October 2010: The formation of the non-profit Digital Advertising Alliance (DAA) is announced by the AAAA, ANA, DMA, and IAB. Although these associations have worked together for years on privacy, both formally and informally, the co-creation of the DAA is a major step towards self-regulation and helps further spread the principles outlined in their 2009 document.

December 2010: The FTC releases the 122 page "Protecting Consumer Privacy in an Era of Consumer Change: A Proposed Framework for Businesses and Policymakers," which summarizes their findings and point of view for the last decade and a half of the privacy discussion. This text eventually becomes the supporting resource for many of the various pieces of proposed legislation which have been appearing throughout 2011.

May 25, 2011: Europe's e-Privacy Directive, passed in 2009, goes into effect, mandating that all data collection online must be made with the consumer's consent.  

2011: No fewer than three privacy bills and three "do not track" bills are building steam in Washington D.C., each authored by such notable names as Senator John Kerry and Senator John McCain.  

What's the worst that could happen?
The most disruptive repercussion of government interference would either be the "opt-in" or "do not track" legislation. Each of these initiatives would be extinction level events to the strong growth of the online marketing industry. The blood, sweat, and tears that have been spent building this channel into a viable marketing platform would certainly be undermined, if not fully devastated. Advertisers, agencies, publishers, and vendors would find themselves in the throngs of a post-apocalyptic world where up is down and left is right. A few companies, including publishers only selling contextual advertising, might actually be better off, but that would be just a few winners in a sea of losers. Basically, it would take us years to recover.

Furthermore, government regulation would be costly. To satisfy what would certainly be a strict rulebook, companies would have to spend heavily, in comparison to current costs of the self-regulatory platforms, on tools and experts to ensure they are compliant. Another common worry is that it will stifle innovation, as companies would always be concerned about the affect of future updates to the government's policies. Certainly, it would be a nightmare for a company to spend years and millions of dollars on a new tech platform only to find out a month after launch that a new change in the regulation virtually negates their offering.

Self-regulation or "a day of reckoning?" Take your pick.
There's no guarantee that by following the self-regulating principles, the online marketing industry will be able to avoid government regulation. However, by not following their suggested course of action, it would seem likely that government regulation is absolutely going to happen.

By now, most of you have been exposed to the various icons appearing in the corner of many online ads. These may be clicked to learn more about how the ad has been targeted to you and they offer a link to more information. These icons are at the core of the industry's plan to satisfy the key requests of the government to notify consumers about data collection and offer them the opportunity to learn more and opt-out.  

Major players such as Google and Yahoo have already set up their own regulatory programs which include an icon, consumer education, and an opt-out database. For the rest of us, a DAA self-regulatory program for OBA includes the ability to license the icon and back end technology from the non-profit organization.

Additionally, advertisers, publishers, and agencies can work with approved providers of the program, which currently are DoubleVerify, Evidon (formerly Better Advertising), and TRUSTe.  These approved providers have developed very quick and easy platforms to ensure compliance with the DAA self-regulatory principles. For a relatively low entry cost, online marketing companies can opt into a comprehensive, turn-key solution that can be incorporated into their ad operations process.  

Remember, these measures are not needed for all of your online advertising, just for your OBA initiatives. If you're collecting or using data for ad targeting, you may be at risk here. 

In February of this year, the IAB set August 29, 2011 as the deadline for all of its members to become compliant with its revised code of conduct, which includes specific mention to the DAA self-regulation principles. "The IAB believes an industry as young, dynamic, and vibrant as this one, an economic engine of the U.S., responsible for so much employment and innovation, needs to be responsible and that self-regulation is in the best interest of our members," says Mike Zaneis, senior vice president of public policy & general counsel, in February's press release. "We are pleased that our members have embraced this groundbreaking commitment," Zaneis concludes.

This is a bold move by the IAB and demonstrates the seriousness of self-regulation. We've been warned by the FTC and given a clear (and arguably reasonable) set of guidelines that could keep government interference out of our industry. Our leading associations have come together to work closely with the FTC to build a program that meets their expectations. Not only can you work directly with the DAA on your own solution, but a trio of approved providers has made it fairly easy to become compliant.

For more information, visit the DAA site to learn about the self-regulatory principles, the icon, and how to become compliant for your online behavioral advertising initiatives.

Josh Dreller is VP of media technology and analytics at Four Digital.

On Twitter? Follow iMedia Connection at @iMediaTweet.

 

Comments

Shaun Dakin
Shaun Dakin December 9, 2011 at 8:18 PM

Very helpful.. Thanks.

Shaun Dakin
Founder @PrivacyCamp
Founder #PrivChat - a weekly twitter chat on privacy issues (Tuesday Noon ET)