jump to navigation

Even Opt-In is Not Safe January 14, 2009

Posted by Simeon Simeonov in Advertising, Mobile.
Tags: , , , , , ,
add a comment

mocoNews continues the coverage of the FTC complaint by consumer privacy groups against the mobile industry.

But where consumer groups see a threat to privacy, companies see a user experience they claim can be managed by giving the consumer the ability to opt in or opt out. Google’s product manager for mobile services in North America told Forbes that mobile ads would have to add value, offer proper education and awareness for users and give them full control. The big question is will consumers and companies ever agree on what opt-in really means on mobile? If you read the full complaint, you’ll find that the vast majority of practices or services that companies think are adding value and are opt-in are things that USPIRG and CDD find objectionable. The groups found, for example, mobile marketer Velti’s opt-in loyalty campaigns of sweepstakes, fr*ee games, and alerts, that allowed advertisers to build up a detailed profile of their customer base from the signups as manipulative,’ noting that it was unlikely that consumers would fully understand the privacy implications of every discount coupon, fr*ee download, or ringtone offer that comes their way. Velti, I’m sure, believes they are adding value to the consumer experience by giving users fr*ee content. This really is an opening shot of what has been an issue that the mobile ad sector already knows they need to tread carefully around, and it’s not going away any time soon.

I hadn’t noticed that opt-in programs were considered highly objectionable. I do buy the argument that consumers don’t deeply understand what they are opting into much of the time. Case in point are sub-prime mortgages and nasty credit card offers. However, we are on a slippery slope when explicit consumer consent is not considered enough. The best solution IMO is to have clear and consistent disclosure guidelines. For a good read on this topic, I highly recommend Full Disclosure: The Perils and Promise of Transparency.Also,the BBC did a piece on behavioral targeting about the time Phorm was about to launch. Note the discussion of opt-in vs. opt-out.

Let’s Be Smarter About Privacy January 13, 2009

Posted by Simeon Simeonov in Advertising, Digital Media, Mobile.
Tags: , , , , , , ,
3 comments

I don’t know what it would take for history not to repeat itself.

The story goes something like this… Company X figures out a cool new way to collect and analyze lots of data for the purposes of better ad targeting or delivering better product recommendations. Company X comes up with a decent privacy architecture because they care about privacy. They launch. Things are going OK but business isn’t growing as fast as the investor presentation promised. Then, in a confluence of greed and idiocy, Company X does something crazy, sleezy and/or deceptive to make the business grow faster. Inevitably, someone finds out. They dig in and investigate. They write a blog post. It gets picked up. Then the lawsuits come. Then execs start resigning.

The latest story to follow this pattern is that of NebuAd, the company that snooped ISP traffic and surreptitiously modified, amongst others, Google’s home page in order to drop cookies on hapless consumers’ machines (that’s a simplification of what actually went on). I read some of the NebuAd whitepapers a while back and was struck by how they seemed to have taken the right steps from a technology standpoint to protect privacy. They were anonymizing IDs, using double hashing and other security techniques to break the link between personally identifiable information (PII) and the ad targeting profile they had created by observing traffic patterns. All that went to waste when they decided to act badly.

The point that gets lots in much of the privacy analysis in situations like that is that it is not the collection of information about consumer behavior that’s a problem. It is what companies do with that information. Or, in some cases such as NebuAd, what they do independently of  that. Modifying the traffic coming from major Web properties is a terrible idea that has absolutely nothing to do with data collection and building consumer profiles.

Personally, I don’t see a problem with companies tracking consumer behavior and building ad targeting profiles as long as how they use the information is legit. Advertising is just another form of content. Targeting adds relevance and increases the quality of consumer experience. When content is relevant consumers like to see it. For example, in the age of TiVo, I have friends who watch the Superbowl just to see the ads (yes, they fast-forward the plays).

What does it mean to be legit in this context? First and foremost, it means protecting the privacy of individuals. There are lots of ways to target without disclosing PII to advertisers. Second, it means clearly documenting and explaining what you are doing. No shady, secret stuff. Absolutely no deceptive behavior. Third, in some cases, it means allowing for a clear opt-out mechanism (unless the entire program is opt-in in the first place).

In every industry there are shady companies that misbehave and, inevitably, there are cries for more regulation. The latest one I’ve seen (and the reason for this post) comes from the mobile space, as reported by Adotas.

ADOTAS — Two consumer groups demanded today that the Federal Trade Commission launch an investigation into the mobile market, focusing especially on practices that they say compromise user privacy.

The Center for Digital Democracy and the U.S. Public Interest Research Group jointly petitioned the FTC and asked that the agency look into alleged mobile marketing privacy threats and inappropriate practices targeting children, adolescents, and multicultural consumers.

The reasons for the request are that “as our petition makes clear, mobile marketers have refined a wide range of sophisticated practices that allow them to track, analyze, and target millions of Americans who increasingly rely on their phones for information.” I have an issue with that positioning. I don’t think the mere act of tracking and targeting is objectionable. And I don’t see regulation as a good solution. Mobile media is an emerging, fluid market. I can’t see how the FTC will be able to regulate it in a meaningful way without substantial inefficiencies. I would suggest an alternative approach. An industry, in this case the mobile industry, should develop clear, testable guidelines for acceptable privacy architectures & tracking/targeting behavior. Testable in this context means that it should be possible to certify within reason whether a vendor is or is not following the guidelines. There is an opportunity to leverage technology to protect privacy and identify bad players. Once the bad players are identified, the market takes over. You know how it goes. The lawsuits come. Then execs start resigning.