Monday, March 17, 2008

ISP Based Behavioral Targeting under Fire

Last month I wrote about 3 British ISPs getting into Behavioral Targeting using technology from a company called Phorm. In my blog post, I raised my concerns about Privacy with this kind of Behavioral Targeting. I wrote “However, ISP based ad networks also pose a bigger privacy threat than traditional BT networks, …. Phorm promises the same level of anonymity but I still think that the chances of privacy leaks are more in an ISP based network than they are in a traditional BT network.

Phorm also says that consumers are in control, they can switch relevance 'off' or 'on' at any time at a site called Webwise.com, site that educates users on how ISP based advertising works.”

Well, according to TheRegister.co.uk BT (British Teleco) is under fire from its customer for illegal use of their data. According to the news BT used its customers’ data to test Behavioral Targeting offering, without the customers’ consent.

BT and Phorm maintain that no personally identifiable data was used in this test. They said "We conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform.
"Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all service providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose."


In my first post on ISP based targeting, I raised a concern about ISPs collecting and using data without website owners permission. Echoing the same sentiments, some authorities on RIPA (Regulation of Investigatory Powers Act 2000) have argued that ISPs would need permission from website owners to profile the content of their pages

As Behavioral Targeting become omnipresent, the question still remains “Who does the data belong to?
  • Visitors (User or Customer)?

  • Site Owner where data is collected

  • Internet Service Provider (ISP)

  • 3rd Party Behavioral Targeting network? Like Tacoda, Revenue Science etc.

  • 3rd Part Ad servers? Some server ads on behalf of publisher or Behavioral Targeting networks

  • 3rd party tools like toolbars etc.

  • Government

  • Anybody else?


In an interview for BBC, Sir Tim Berners-Lee said "I myself feel that it is very important that my ISP supplies internet to my house like the water company supplies water to my house. It supplies connectivity with no strings attached. My ISP doesn't control which websites I go to, it doesn't monitor which websites I go to."
He also said that his data and web history belonged to him.
He said "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

Which means that the data belongs to the visitors. That also means that anybody engaging in targeting based on user behavior or user provided data should seek users permission before using their data to target. Use Opt-in model instead of opt-out currently used by Behavioral Targeting networks. This is exactly what I have been advocating too.

Now, I am not sure how all this will affect on-site behavioral targeting. The kind now Omniture is pushing with its “Test&Target” offering. I will write my views in a future post.

What do you think? Chime-in.