FTC’s Proposed Privacy Framework

FTC’s proposed a framework to protect the privacy of consumers. Part of this framework is a “Do Not Track” option that has raised a lot of questions among the web analytics and advertising community. Well since this is just a proposal at this stage nobody knows how it will finally pan out. At this point FTC has published the report to seek public comments. The report that FTC has put together is 122 pages long. I have extracted some important point from that report in case you don’t have the time to read the full report.

The basic building blocks of this framework are:

• Scope: The framework applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device.
  
  Note: This is not limited only those who collect PII data, if you collect any information about a consumer then this applies to you. However commission is seeking input on how to determine
  “reasonably linked to a specific consumer…”
  
• Privacy by Design: Companies should promote consumer privacy throughout their organizations and at every stage of the development of their products and services.
  
  • Companies should incorporate substantive privacy protections into their
    practices, such as data security, reasonable collection limits, sound
    retention practices, and data accuracy.
  • Companies should maintain comprehensive data management procedures
    throughout the life cycle of their products and services.
    
    Note: You might need to assign a person to oversee that privacy of data is built into your products/services/process etc. Think, “Chief Privacy officer”.
    
    • Ensure physical data protection
    • Do not collect what is not required
    • Do not retain data for longer than it is required
    • Ensure accuracy of the data so that you do not harm someone because of the inaccurate data
• Simplified Choice: Consumers face considerable burdens in understanding lengthy privacy policies and effectively exercising any available choices based on those policies. Under proposed framework, companies should simplify consumer choice.
  
  
  • Companies do not need to provide choice before collecting and using consumers’ data for commonly accepted practices, such as product fulfillment.
    This also includes tracking for improving the sites (Web Analytics), fraud protections, legal compliance and first party marketing.
  • For practices requiring choice, companies should offer the choice at a time and in a context in which the consumer is making a decision about his or her data.
• Greater Transparency: Companies should increase the transparency of their data practices.
  
  • Privacy notices should be clearer, shorter, and more standardized, to enable better comprehension and comparison of privacy practices.
  • Companies should provide consumers with reasonable access to data about themselves; the extent of access should depend on the sensitivity of the data and the nature of its use.
  • Companies must provide prominent disclosures and obtain affirmative express consent before using consumer data in a materially different manner than claimed when the data was collected.
  • All stakeholders should work to educate consumers about commercial data privacy practices.

Feel free to leave a comment if I missed anything. You can read the full report at http://ftc.gov/os/2010/12/101201privacyreport.pdf.

Read my other articles on Privacy

----------------------------------------------------------------------------------------------------
Open Web Analytics and Online Marketing Jobs

• Web Data Analyst
  at Genworth Financial (Richmond, VA)
• Web Games Analyst
  at Arkadium (New York, NY)
• Web Metrics Analyst
  at Omnitec Solutions (Alexandria, VA)
• Web Data Analyst
  at Alzheimer's Association (Chicago, IL)
• Web Analytics Manager
  at Tig Global (Chevy Chase, MD)
• Sr. Data Analyst
  at Capella University (Minneapolis, MN)
• Manager, Web Analytics, Search & Production Support
  at Asme (New York, NY)
• Web Analytics Manager
  at Conde Nast (New York, NY)
• Web Analytics Manager
  at Juggle (Swansea, IL)
• Sr. Analyst Web Analytics
  at Williams-Sonoma (San Francisco, CA)

The Web’s New Gold Mine: Personalizing Your Online Experience

Past weekend, WSJ published a story titled Web’s New Gold Mine: Your Secrets on online tracking and advertising (behavioral targeting). It appears to me that the author of this article is either confused between malware and cookies is or she is just doing what she is supposed to do to sell the story i.e. using words that instill fear in people.

The article projects any tracking, business and advertisers do to serve relevant ads or personalize the users experience on web, as malicious. Businesses have been trying to understand consumer preferences and then make personalized recommendations ever since the humans existed. We do it offline all the time. So how is online tracking for the same purpose malicious?

My dad used to run his clothing store in India, way before internet existed. He used to gather all the information (in his brain) about consumers browsing and purchase behavior to make personalized recommendation to existing customers and new customers. He used all that information to determine what products, colors, sizes, quantities etc. to stock. He knew almost all of the existing customers by their name and what they preferred. Was that spying? Nope. Customer loved it.

If someone can understand me and provide me exactly what I want then why won’t I like it? If they miss the mark well then I have a choice of not paying attention to them.

Do you know that Visa, MasterCard and American express have more information about you than any cookie or advertising company has? Your super market collects your information and tries to guess about what you might buy next. Have you ever got a coupon from an automated coupon dispenser when you check out from your local super market? Well do you know that it is based on your current and past purchases, you zip code etc? Do you ever worry about that or happily walk away with the coupon? Why is the fuss about online tracking for the same purpose? Don’t you love personalized recommendations from Netflix or Amazon?

In my opinion advertisers/publishers/network should invest in consumer education and make tracking and targeting more transparent and articles like this should help with the education instead of branding all tracking as bad.

Comments?

Why is Google really rolling out Google Analytics opt-out plug-in?

Last week I wrote about a browser plug-in that will allow people to opt-out of the Google Analytics cookie. The release of this plug-in seems to be a proactive step towards another announcement.

Eric Peterson, on his blog, voiced his opinion on why Google is rolling out this plug-in. I think Eric has a point in his post about Google trying to make a push into Federal Government web sites and this roll out is a check-box to satisfy the needs of privacy advocates.

However, I am still not entirely clear on what Google will get if it can’t use all the data that it will collect on Federal Government website? It won’t be able to use in any way…well maybe at an aggregate level to compete with the likes of ComScore. So what do I think the reason is?

Behavioral Targeting

I think the real answer to Google Analytics’ rolling out Opt-out is “Behavioral Targeting”.
Google Analytics is deployed on thousands of websites and collects a wealth of data. However, so far this data is used by individual sites to optimize their ad spend and improve the site for customers while improving the websites impact on the bottom line. Google has not really used that data much other than providing benchmarking reports in Google Analytics. I think the time has come for Google to start using Google Analytics data to make more money.

Google Analytics Data Sharing

Remember, in 2006 Google Analytics started asking GA accounts to opt-in/opt-out of data sharing. As I wrote in my blog post on Google Analytics Data Sharing, “data sharing” was a step towards using Google Analytics data for behavioral targeting. This opt-out plug-in seems to be a next step in that direction.

Limited functionality of Adwords Remarketing

Last week Google Adwords announced the roll-out of “Remarketing” feature that will allow advertisers to remarket to the visitors (cookies) who came to their sites but left without taking the desired action i.e. without converting (this is also called Retargeting, a form of Behavioral Targeting). For this feature to work, Adwords advertisers will have to put a small script and identify the people (cookies) whom they want to target.
The functionality to identify the segment that you want to retarget seems to be very limited in Adwords.

Google Analytics role in enhancing Adwords Remarketing

Now imagine, you can create complex segment in Google Analytics and then use Adwords to target the visitors who fall in that segment. Won’t that be nice? Well that can’t happen unless you use Google Analytics. Here is an example to make this clear:
I want to target visitors who viewed more than 3 products and looked at the contact us page and then left without converting (or it could be more complex than this).
This is a segment that I won’t be able to create easily in Adwords without some coding on my pages. Using Google Analytics, advanced segment functionality this is a piece of cake. I create my segment then use Adwords to remarket to visitors who fall in that segment. Won’t that be more powerful? I think that’s where the money is.

Other Behavioral Targeting Scenarios with Google Analytics

Let’s take a hypothetical example to see how this will work.

Say I write a blog on luxury cars. I use Google Analytics as my web analytics tool (it is free, so why not). I don’t have real business model but I use Adsense ads to make some extra money. Since my blog is really popular I get lot of traffic. My blog reader are those who have interest in luxury cars because that’s all I write about.

Now imagine Google asks me to pool my visitors’ information, collected in Google Analytics, into a pool that they can use for advertising purposes. They tell me that by doing so I will be able to make some more money from my visitors even when the visitors have left my site. Hmm… free money. Sure :)

How will Google use that data?

Google will identify the visitors who come to my blog, read articles, write comments, come often etc. They will then put the visitors (cookies) who fulfill certain criteria (as defined by Google or the Advertiser) in a segment called “Luxury Car Enthusiast”. They will pool my data with other similar sites or similar pages on other sites to create a bigger pool than my site has to offer. Google now has a set of cookies who are interested in luxury cars.

BMW creates a campaign in Adwords to reach “Luxury Car Enthusiasts”. They are willing to play 2X-3X CPC or CPM to reach this target.

A visitor, who left my site (A) and lands on a site (B) that, has nothing to do with luxury cars. Google can identify that visitor because that visitor is in the pool of cookies that belong to “Luxury Car Enthusiasts” segment. Google shows this visitor an ad from BMW on Site B. Visitor sees the ad that matches his/her interest and the advertiser reaches their target.

Note: This all is a speculation by me and I have no official information.

Win-Win Situation

• BMW finds its target
• Google gets more money for the same ad slot.
• Publisher of the ad makes more money.
• Sites, which pool their visitors in this segment, get a cut.

What does GA Plug-in has to do with all this?

Behavioral Targeting has been under scrutiny for a long time and there is a big uproar about tracking people. Privacy advocates want an easy way for people to opt-out of Behavioral targeting and this plug-in seems to be a proactive step in that direction.

What do you think?

---

Looking to fill your Web Analytics or Online Marketing position?
Post your open jobs on Web Analytics Job Board

• Senior Data Analyst
  at Looksmart (San Francisco, CA)

Online Privacy - Consumer Education is Missing

During 2007-2008 I wrote a lot about online privacy on this blog. Most of the online privacy discussion at that time revolved around online targeting based on tracking users online behaviors also knows as behavioral targeting.

It amazes my how many privacy advocates and senators are concerned about anonymous online tracking and behaviorally targeted ads based on peoples click behavior when the consumers are voluntarily giving all the private information on social media sites.

Last week Google Analytics announced a plug-in that will let users opt-out of Google Analytics. Really...is web analytics tracking detrimental to visitors' privacy? Google Analytics collects click stream data anonymously. It does not know who you are, it identifies you via a cookie and tracks what pages were viewed by that cookie, what buttons were clicked by cookie etc. This data is then used by individual sites using the tool (Google Analytics) to understand the behavior of their visitors and optimize the experience both for the user and their business. Where is the privacy threat in all this?

Proliferation of the services like Facebook, Twitter and location based services like Gowalla and Foursquare have enabled people to share their personal information with their "friends". Users of these services are willingly giving a lot of personal information. Information, that can be used by others ("friends"), in so many harmful ways. But is general consumer aware of such harms? Why isn't that the most important issue?

The real threat to privacy is the lack of education about the online information sharing. We are the ones who are voluntarily revealing a ton of information, which is far more harmful than anonymous click stream behavior. Using Facebook, twitter and Foursquare you can pretty much know what a person likes, dislikes, who the family members are, what time they leave the house, what time they arrive at work, where do they spend their day, afternoon, evening, what they wear, etc. That to me should be more concerning than anonymous web analytics tracking and the ads that are targeted based on a users click behavior.

Most of the consumers don't even know how all the little personal information they are leaving on social media sites could harm them. I have not seen any public service ads warning me about the downside of using such services. Shouldn't there be those ads warning people, both offline and online?

In my opinion governmental agencies, privacy advocates and marketers should focus their attention on consumer education. Educate them about various tracking methods, implications of information sharing on social media sites etc. No matter how strict the online tracking & targeting rules are you won't be able to avoid privacy leaks unless the end consumer is educated about the implications.

What do you think?

---

Looking to fill your Web Analytics or Online Marketing position?
Post your open jobs on Web Analytics Job Board

• Senior Data Analyst
  at Looksmart (San Francisco, CA)

Google Analytics Opt-out Browser Plug-in

Late last week Google Analytics announced a browser plug-in that will allow users to opt-out of Google Analytics tracking.

Here is an offical statement from Amy Chang, group product manager at Google Analytics:

As an enterprise-class web analytics solution, Google Analytics not only provides site owners with information on their website traffic and marketing effectiveness, it also does so with high regard for protecting user data privacy. Over the past year, we have been exploring ways to offer users more choice on how their data is collected by Google Analytics. We concluded that the best approach would be to develop a global browser based plug-in to allow users to opt out of being tracked by Google Analytics. Our engineers are now hard at work finalizing and testing this opt-out functionality. We look forward to make it globally available to our users in the coming weeks.

How does it impact the website stats reported by Google Analytics

This is the biggest question everybody is asking. Since I don't have the full information on how this plug-in will exactly work, let's take a look two potential ways this plug-in can work.

• The plug-in will not collect any sort of data for the user
  Let's assume that this plug-in will ensure that absolutely no data about the users behavior on any of the site that user visits will be collected. Which means that Google Analytics will completly ignore the presence of that person (computer) as if that person never visited the site. In that case all of the data, i.e. visitors, visits and page views, conversion etc., will be under reported.
  
• The plug-in will collect the data but then destroy the cookie after every session (visit)
  In this case, a session level cookie will still work but this cookie will be removed from the users computer after every session. This will result in the accurate count of visits (sessions) and page views and all the data that is reported at visit or page view level. However, the visitors count will be inflated since same person (computer) will get a new cookie for every visits.

How big the impact will be?

Well, it is not clear how widespread the use of this plug-in will be. Currently, there are 3rd party tools available clear or block Google analytics cookies but the use of such tools do not seem to be an issue for Google Analytics tracking. So I wonder if this plug-in will have any huge impact on Google Analytics data. However keep in mind that there will be some impact.

---

Looking to fill your Web Analytics or Online Marketing position?
Post your open jobs on Web Analytics Job Board

• Senior Data Analyst
  at Looksmart (San Francisco, CA)

Online Data Tracking and Privacy

Online privacy is a hot button these days. Privacy advocates and lawmakers are putting a lot of pressure on several large internet companies such as Google, Microsoft and Yahoo to be transparent about how they intend to use users web surfing data (behavior). Mainly they are concerned with the companies that collect a huge amount of user data and then engage in Behavioral Targeting.

However online data tracking is not limited to companies who engage in Behavioral Targeting. Any companies which collects users’ web surfing data or user provided data needs to make sure do not compromise user privacy (actual or perceived). They need to clearly state how they are collecting data and how that data will be used.
Enterprise web analytics tools like Omniture, WebTrends, Coremetrics etc and free tools like Google Analytics and Yahoo IndexTools have made it very easy for website owners of any size to track users’ online behaviors. Most of the web analytics tools use a first party anonymous cookie to track users and their behaviors on any given site.

Side Note: The data is called anonymous because it mainly uses a cookie value to indentify a user (there are other ways which I am not covering in this post) without knowing who the actual user is. Say John Doe arrives on AnilBatra.com, a web analytics tool will drop a cookie with a random id say 123ASXBA12. This cookie id is not tied to any personally identifiable information (see below) of John Doe. So Web Analytics tools (in most cases) do not know who the person is, they just know that cookie id 123ASXBA12 came to the site. They use this id to track current and future site visits.

Even if the data is anonymous the potential of it being tied to personally identifiable information is there and that can cause privacy concerns. It is critical that every company that collects any sort of consumer data, anonymous or personal, needs to clearly state its data collection and usage policy in its site’s privacy policy.

Usually Web Analysts do not tackle this issue and it is left to the legal department. However, a lot of times the web analytics tracking and any kind of targeting is implemented without getting legal involved. As a result companies sometimes do not have proper privacy policy in place. This is a huge blunder, companies need to take privacy issues seriously and pay due attention to their privacy policy.

Do we need Privacy policy even though we use Third Party Web Analytics Tool and they collect the data.

It does not matter who is collecting the data. The data is collected on your site and is collected on your behalf so you are responsible for clearly stating how you are collecting and using the data.
Those who use Google Analytics, need to be aware that Google Analytics requires such disclosures. Here is what Google Analytics states in its Terms of Service

You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.

Tracking Personally Identifiable Data

In simple terms Personally Identifiable Information (PII) can identify a particular user, example last name, first name, email address etc. Most of the commercial Web Analytics Tools have the capability to track Personally Identifiable Information. In other tools such as Omniture, Webtrends etc. you can pass the personally identifiable information either via JavaScript variables or via importing an outside file which ties the anonymous cookie with identifiable information.
If you collect or track PII data then it becomes even more important that you disclose what information you are collecting or tracking and how you intend to use that information. Before you start collecting PII information, think hard what information you need and why you need it. Once you have figure out the information then make sure to fully disclose it on your site’s privacy policy.
I am a big supporter of giving users an opt-in option before using PII data for tracking and targeting. If you do decide that opt-in is not the right for your business model then at least provide an easy way for users to opt-out from being tracked and targeted using PII information.

Note: Google Analytics does not allow any Personally Identifiable information to be tracked via Google Analytics, period. Here is what Google Analytics Terms of Service says:

You will not (and will not allow any third party to) use the Service to track or collect personally identifiable information of Internet users, nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties' website(s)) with any personally identifying information from any source as part of Your use (or such third parties' use) of the Service.

Google Analytics even considers IP address as PII. It uses IP address to populate Geo Report but will not show IP address in any report. Other tools such as Omniture, WebTrends etc. can display IP and other PII data.

Optimization and Privacy

Most of the Optimization (A/B and Multivariate Testing) tools allow you to segment users based on IP, cookie or user provided data. For examples if you want to test a page on Males, age 35-45 from Redmond, WA, then you need to collect data from users so that you can create the right segment to test. However this type of data crosses the line of PII data, even though there could be thousands of users in that segment it can be used to identify a particular user. So make sure you are clear in your privacy policy that you might be (or are) using the data to test the optimal layout of the page and provide a better experience etc.

Examples of good privacy policies
Smart Money
Amazon.com
Proflowers.com

As marketers and web analysts lets do our part, let’s make sure to be clear and forthcoming in our privacy policies.


Also see Jim Stern’s view on giving users the control on privacy.

Questions? Comments?

--------------------------------------------------------------------------------
Site: AnilBatra.com

Twitter: http://www.twitter.com/anilbatra

--------------------------------------------------------------------------------
Looking to fill your Web Analytics or Online Marketing position? Try WebAnalytics Job Board

New Position

(Web Sales) Conversion Marketing Manager at Hewlett Packard (American Fork, UT)

Opt-out from Google and Yahoo Ad Network

Online tracking and advertising based on users’ online behavior have got a lot of heat and scrutiny from privacy advocates and lawmakers.

As a result of this scrutiny Yahoo and Google/Doubleclick are now both providing an easy way for user to opt-out of ad targeting on their receptive networks. Yahoo and Doubleclick were part of Network Advertising Initiative (NAI) and allowed users to opt-out from their network via NAI’s opt-out tool.

Google

To find out more about Google network cookie and how to opt-out visit http://www.google.com/privacy_ads.html

Since a lot of you are working in the field of web analytics, you must be wondering how google opt-out will affect the data tracked in web analytics. The simple answer is that this option will not affect Google Analytics. A first party cookie from the site using Google Analytics is used for tracking user behavior on the site using Google Analytics, this cookie is separate from Google ad network cookie. According to Google

“A different cookie is used for each website, and visitors are not tracked across multiple sites…. To disable this type of cookie, some browsers will indicate when a cookie is being sent and allow you to decline cookies on a case-by-case basis. “

Yahoo

Yahoo has been offering that opt-out option for the ads the company runs on it outside partner sites in its network. Yahoo will now extend opt-out option to ads displayed on its own sites. You can read more about this option.
Below is excerpt from Yahoo Press release

Anne Toth, head of privacy and VP for policy, said, "Yahoo! understands the trust of our users is our greatest asset, so we strive to create the most trusted, compelling online experience."
"Yahoo! strongly believes that consumers want choice when customizing their online experience and they have also demonstrated a strong preference for advertising that is more personally relevant to them," continued Toth. "However, we understand that there are some users who prefer not to receive customized advertising and this opt-out will offer them even greater choice."
This new opt-out capability is expected to be available for consumers by the end of August. Users will be able to access the opt-out in the Yahoo! privacy center, which is linked on the home page and nearly every page on the Yahoo! network. Users will also be able to access the opt-out through a link in the public service advertising campaign Yahoo! has been running with online ads across its network to educate users about customized advertising.

Yahoo and Google have taken the steps in right direction but they are not perfect. As I wrote before, both these models are dependent on an opt-out cookie. If you opt-out of these networks and later delete your cookies you will again be automatically opted-in. I have advocated an opt-in model for Behavioral Targeting. This model will remove this dependence on cookie for opt-out. I do realize publishers and ad-networks concern that opt-in model will limit the reach. It is possible that the opt-in model might limit the reach initially but in long run if the value proposition is strong for users then user will opt-in.

What do you think?

--------------------------------------------------------------------------------
Looking to fill your Web Analytics or Online Marketing position? Try WebAnalytics Job Board
New Position
Web Data Analyst at Alzheimer's Association (Chicago, IL)
---------------------------------------------------------------------------------

Consumer Attitude towards Behavioral Targeting

A recent report titled Behavioral Targeting Attitudes:The Privacy Issue by eMarketer, explored consumers attitude towards online tracking and behavioral targeting. There was a similar study by TRUSTe in April. This report builds on that study and few other surveys and provides an analysis of the consumers attitude toward Behavioral Targeting.

The conclusion of this report was exactly what I have been advocating. According to the report

online marketers might do well to develop transparent methods of letting the audience know when and how their Web history data will be used, the benefits they can receive in exchange for allowing it to be used and a clear, easy opt-in mechanism for informed consent.

I shared similar views in my post titles 5 Step Process to Ease Privacy Concerns Regarding Behavioral Targeting.

The key question this report tackles are

• What will encourage people to accept more ad targeting?


• Are consumer privacy concerns a deal breaker for
  behavioral targeting?


• How much transparency will marketers need to allay
  consumer concerns?


• Are all methods of behavioral targeting data collection equal?


• Will the government limit how online companies can use
  consumer data?

Some of the highlights of this report are

1. Over 87% of the respondents to TRUSTe survey said that at least three quarter of the online ads are irrelevant


2. 41% of the users are more willing to pay attention to personalized advertising


3. 75% of internet users are interested in receiving personalized ads


4. 59% of the respondents to Harris Interactive Poll responded that they are not comfortable with ads or content targeted to their personal interests based on their internet usage

The above findings create an interesting dilemma for marketers. Consumers want relevant ads but are not comfortable with being tracked. However, it also provides an opportunity for Behavioral Targeting companies to step up and innovate new ways to provide relevant ads while easing the concern about tracking.

Marketers and privacy officer’s need to keep in mind that the negative attitude towards tracking and targeting is not limited to Behavioral Ad networks such as Tacoda and Revenue Science etc but it also applies to content targeting and on-site targeting provided by tools such as Test&Target by Omniture, Optimost/Interwoven etc.

You can get the full report at http://www.emarketer.com/Article.aspx?id=1006407

Comments?


--------------------------------------------------------------------------------
Looking to fill your Web Analytics or Online Marketing position?
Try WebAnalytics360 Job Board

New Position

Mktg Web Analytics Manager at NetApp (Sunnyvale, California)
---------------------------------------------------------------------------------

Privacy of Online Data – Debate Continues

Today a U.S. Senate committee summoned representatives of several internet companies like Google, Microsoft, Facebook and also NebuAd, and expressed its concerns about the user privacy resulting from online data collection and targeting. (Source: LATimes)

This committee was led by Sen. Byron Dorgan (D- North Dakota), who said "I don’t have the foggiest idea who's tracking it, how they’re tracking it, how they might use it, whether that company has some scruples and might be very careful about how it handles it, or whether it's somebody else who grabs a hold of it…. There are so many unanswered questions about information on how people navigate this Web."

NebuAd and ISP based Behavioral Targeting

NebuAd, which has been on the hot seat lately, defended its position by maintaining that it does not violate the privacy of the consumer as it strips out any personally identifiable information from the data it uses.
"NebuAd’s systems are designed so that no one, not even the government, can determine the identity of our users", Dykes, CEO of NebuAd said. "We do not collect or use personally identifiable information. … We do not store raw data linked to identifiable individuals. And we provide state-of-the-art security for the limited amount of information we do store."

But Leslie Harris, president of the Center for Democracy and Technology, said the increasingly detailed profiles NebuAd and other companies keep could be linked to specific people.

Senators Understand the Benefits of Online Advertising

Dorgan and other senators said that they understand the benefits of online advertising. Their worries are with the security of the data used to deliver those ads.

Sen. Amy Klobuchar (D-Minn.) said "We're not against advertising on the Internet, but the issue is, as it becomes more sophisticated, do we have a role here to play in making sure that consumers' privacy is protected as companies develop more technology and are able to dig deeper into that information?"

And...debate continues….

Comments?

Death of ISP based Behavioral Targeting?

Last month Charter Communications, an internet service provider (ISP), announced that it will share it's customers web browsing data with NebuAd, to show ads based on customer’s web browsing behavior. NebuAd has developed a product know as “deep-packet inspection boxes” for ISP to track user behavior online and then serve ads based on these behaviors.


Since announcement, Charter Communications have come under pressure from privacy advocates and Congress. According to an article in Mediapost, Charter Communications has now delayed its plans to start sharing information with NebuAd.

I wrote a blog post on NebuAd when I first heard about it. In that post I talked about the privacy issues that ISP based BT raises.There has been a lot of concern regarding privacy of user when it comes to Behavioral Targeting. ISP based BT raises this concern to even a higher level.

I wrote: "This kind of technology is beyond simply using anonymous tracking. ISP do have a lot more information than just the browsing behavior. They have name, location, age, social security number (SSN). They know what time users login to their machine, when is the internet being used, what kind of sites are visited at what times, which sites provided information before a user made a purchase etc. etc. This is far more information than companies like Revenue Science or Tacoda has."

In response to my post I got the following response from NebuAd:

"Below are a couple of quick points from NebuAd’s CEO Bob Dykes to explain and clarify some of the information.

There is no information shard between NebuAd and the ISPs - the only involvement between the two is the agreement that lets NebuAd place the appliance in the ISPs network. To further ensure privacy, NebuAd does not collect the websites visited and map those back to the specific user. Instead it converts, via an appliance located in the ISPs network, the key user identifiers, such as IP addresses, to a one way random number so that the central servers see this and not the original identifier.

NebuAd works by listing categories (e.g. “Cars – SUV – Lexus”) and noting if random number goes to a site, or perform a search, that is related to the category. If yes, then it notes that interest mapped to the random number, but do not map the URL’s visited, just the interest. This is why, since it doesn’t even have the info on sites visited, there's no mechanism to map the random number to specific URLs

Since NebuAd and the partner ISPs do not exchange data, the ISPs do not see the categories each random number visits, and NebuAd does not receive specific customer information, so there is no way for either NebuAd or the ISPs to match specific customer information with even the categories of information associated with the randomized numbers. NebuAd also does not retain the raw data mapped back to the anonymous user profiles."

However, Free Press conducted an investigation of NebuAd technology and tracking and concluded

“that NebuAd’s advertising hardware monitors, intercepts and modifies the contents of Internet packets using Transmission
Control Protocol on Internet Protocol (TCP/IP). In doing so, NebuAd commandeers users’ Web browsers and collects uniquely identifying tracking cookies to facilitate its advertising model. Apparently, neither the consumers nor the affected Web sites have actual knowledge of NebuAd’s interceptions and modifications.

NebuAd exploits several forms of “attack” on users’ and applications’ security, the use of which has always generated considerable controversy and user condemnation, including browser hijacking, cross-site scripting and man-in-the-middle attacks. These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability. Moreover, NebuAd violates the Internet Engineering Task Force (IETF) standards that created today’s Internet where the network operators transmit packets between end users without inspecting or interfering with them. For example, the TCP protocol would normally not accept code from a source that is a third party from the client-server connection. NebuAd engages in packet forgery to trick a user’s computer into accepting data and Web page changes from a third party like NebuAd."

In March, three British ISPs got into a similar controversy and now NebuAd.

Is this the death of ISP based behavioral targeting before it even got started?

We will have to wait and see. For now, it looks like that for ISP based behavioral targeting to live it will have to prove that it is not doing anything sinister. I have said time and again that BT companies should ask explicit permission from user i.e. they should ask them to opt-in instead of automatically opting them in.

What do you think?


--------------------------------------------------------------------------------
Looking to fill your Web Analytics or Online Marketing position?
Try WebAnalytics360 Job Board

New Positions
1. Director, Web/E-Commerce Analytics at World Wrestling Entertainment, INC (Stamford, Connecticut)
2. Sr. Web Analytics Manager at NY Times Company (New York, New York)
--------------------------------------------------------------------------------

Consumer Awareness and Attitudes about Behavioral Targeting

TRUSTe conducted a study regarding American Internet users' knowledge, attitudes and concerns about behavioral targeting and its implications on their online privacy.

Here are the highlights of the study

• There is high level of awareness that internet activities are being tracked for purposes of targeting advertising.


• High level of concern associated with that tracking, even when it isn't associated with personally identifiable information.


• 71 percent of online consumers are aware that their browsing information may be collected by a third party for advertising purposes, but only 40 percent are familiar with the term "behavioral targeting."


• 57 percent of respondents say they are not comfortable with advertisers using that browsing history to serve relevant ads, even when that information cannot be tied to their names or any other personal information.


• 91 percent of respondents expressed willingness to take necessary steps to assure increased privacy online when presented with the tools to control their internet tracking and advertising experience.


• Nearly two-thirds (64 percent) would choose to see online ads only from online stores and brands that they know and trust and 44 percent of respondents would click buttons or icons to make that happen.


• To the contrary, 42 percent of the respondents say they would sign up for an online registry to ensure that advertisers are not able to track browsing behaviors, even if it meant that they would receive more ads that are less relevant to their interests.

What do these results mean for Behavioral Targeting?

1. As I have written before there needs to be education about what Behavioral Targeting is and how it impacts consumers.


2. A Brand has to build trust with consumers and then only can they venture into behavioral targeting. Amazon.com is a perfect example. I have talked to several people who don’t mind targeting by Amazon, though recognize that Amazon needs to improve on what criteria it uses for targeting.


3. 91 percent indicated willingness to take steps to control their tracking and advertising experience indicates a strong preference towards an opt-in model which I have advocated several times in previous blog posts.

So if you want to enagage in Behavioral Targeting, online advertising or On-Site, here is my quick 5 steps process

1. First build a trust with your consumers.


2. Educate them what Behavioral Targeting is and how you collect the data and use it.


3. Provide them a compelling reason to allow you to collect their data.


4. Build an opt-in model allowing users to control what data they want you to use.


5. Give users a way to easily opt-out of Behavioral Targeting.
   

Comments?

User Data and Behavioral Targeting

One New York assemblyman, Richard L. Brodsky, has drafted a bill that would make it a crime — punishable by a fine to be determined — for certain Web companies to use personal information about consumers for advertising without their consent.
There are essentially two main things in this bill

1. Opt-out for anonymous user behavior: It will force Web sites to give consumers obvious ways to opt out of advertising based on their browsing history and Web actions.


2. Opt-in for using PII data : Users would also have to give explicit permission before these companies could link the anonymous searching and surfing data from around the Web to information like their name, address or phone number.

My prediction about Behavioral targeting and privacy is coming true. Earlier this year, in my yearly predictions I said that this is year we will see a greater push for consumer’s privacy.
Here is what I said
"Behavioral Targeting will continue to grow this year; however, there will be greater push for protecting consumer privacy. The privacy concerns will result in:

1. Clear instructions (or links) on Behaviorally Targeted Ads that will allow behaviorally targeted visitors to opt-out of Behaviorally Targeted advertising
2. Opt-in system – Some networks (maybe new ones) will move towards opt-in rather than opt-out (I favor opt-in over opt-out as I wrote in past. So I am making this prediction that this year networks will pay attention to it). A new types of networks or services might come up which will allow users to be an active participant in BT and control who can use their online behavioral data and how they can use it."

Use of customer’s data without their consent created an uproar in UK last week. In response to the mess created by Phorm and British telecom, Sir Tim Berners-Lee said that his data and web history belonged to him.
He said "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

This is just the beginning; I think, we will see greater push for consumer privacy as consumers become educated about how their data is being used to target them. I think it is time for publishers and ad networks to be proactive about educating customers on how their data is being used and give them clear options to opt-out (or better opt-in) of any targeting.

I am big proponent of Behavioral Targeting and Personalization but it has to be with user’s consent.

Comments? Questions?

Unnecessary Outcry over Adobe CS3 and Omniture Tracking

On Dec 26th a blog post on Uneasysilence.comshowed that when a user launches CS3 suite adobe calls a server on Omniture. According to the article
When you launch a CS3 application the application pings out to what looks like an IP address - and internal IP address: 192.168.112.2O7.

This created a lot of paranoia among Adobe users and led to a lot of blog posts and comments on these blog posts (Also see http://valleywag.com/338011/wear-tinfoil-hats-when-using-adobe-products). Everybody started talking about how evil adobe is and so on. It appears that we, Web Analytics community and online marketers, have a huge task of educating users about Web analytics tracking and quelling this kind of paranoia.

Finally one product manager from Adobe stepped up to clear all the confusion.

Adobe Product manager wrote a reply on Adbobe Blog. Here is what he wrote:
According to Doug Miller from the Adobe.com team, "Omniture is Adobe's web analytic vendor for Adobe.com. There are only 3 places we track things via Omniture anywhere in or around our products.":

• The welcome screens (these things) in some Adobe apps include a Flash SWF file that loads current news, special offers, etc. These requests hit Adobe.com servers and are logged, like regular browser-based traffic, by Omniture.


• Adobe Bridge embeds both the Opera browser and the Flash Player, both of which can be used to load Adobe-hosted content. These requests are also logged.


• Adobe apps can call various online resources (online help, user forums, etc.), and those requests are logged. [Update: To clarify, those contacts are made only if the user requests them--e.g. by choosing Help->Adobe Exchange.]

This, as far as I've been able to discover, is the extent of the nefarious "spying." If I learn anything else when more people get back on email, I'll update this post.

Let me start by saying that the kind of tracking Adobe appears to be doing is pretty harmless to you end users. Now let me ask a question to all these people, who became so paranoid about Adobe and Omniture Tracking. “Do you know that you are being tracked at a lot of places?” I am sure you have done one or more of the following

Connected to the internet – Do you know that ISP track of what you do online? You should read my blog post titled “ISP Based Behavioral Targeting.
Visited any site on the internet? - A lot of sites (and in fact they all should) track user behavior to create a better experience for users and to help them in their business goals.
Installed a toolbar – Do you know that their activity is being tracked by toolbars you install?
Used any social networking site where they volunteered all sorts of information.
Used a credit card. – Yes they have whole history of what you bought, when and where.
Bought a product on any major retail chain, used a credit card or a club card. – They keep track of what you buy, when and where too.

Since you are tracked everywhere, why is there a paranoia about being tracked by Adobe? Actually the kind of tracking Adobe is doing is not even close to the information you are giving away via other activities (some of them mentioned above). The kind of tracking adobe is doing is to understand the usage of their sites and provide a better experience for the users. The way I understand, Adobe is looking at user behavior at an aggregate level and not at an individual level, most of the companies doing web analytics do not look at individual user behavior. Most of the web analytics tools, like Omniture, use an anonymous cookie to track user behavior. This anonymous tracking usually looks at aggregated data for entire user base (or few segments) instead of an individual and hence do not invade your privacy.
So I request you to stop this paranoia about tracking by web analytics tools. They are helping you to have a better experience on the web.

Note: I am not associated with Adobe in any way. I have never worked for them in any capacity and do not know anybody personally at Adobe.

Comments?

FTC Proposes Behavioral Advertising Privacy Principles

To address consumer privacy concerns associated with Behavioral Targeting FTC proposed privacy principals.

The purpose of this proposal is to encourage more meaningful and enforceable self-regulation to address the privacy concerns raised with respect to behavioral advertising. In developing the principles, FTC staff was mindful of the need to maintain vigorous competition in online advertising as well as the importance of accommodating the wide variety of business models that exist in this area,” according to its proposal “Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles. The proposal states that behavioral advertising provides benefits to consumers in the form of free content and personalized advertising but notes that this practice is largely invisible and unknown to consumers.

Below are the principal they proposed:

• Every Web site where data is collected for behavioral advertising should provide a clear, consumer-friendly, and prominent statement that data is being collected to provide ads targeted to the consumer and give consumers the ability to choose whether or not to have their information collected for such purpose.
  
  Sooner or later that is going to be almost every site that you encounter. Since there is no common definition of Behavioral Targeting any targeting (since it will uses onsite behavior, geo or any data collected from users ) can be considered behavioral targeting.
  
  Give consumers the ability to choose whether or not to have their information collected for such purpose - it is not clear if they mean opt-in or opt-out.
  
  I am in favor of providing an opt-in instead of opt-out. In my post on Google and Doubleclick privacy concerns, I wrote:
  I believe that if consumers are provided proper education (I will write about consumer benefits in one of my future posts) than they can infect benefit from Behavioral Targeting. It will be a win-win situation for all the parties involved. Proper education and disclosures by advertisers, publishers and networks will ease the concerns regarding Behavioral Targeting. Consumers have the right to opt out of Behavioral Targeting but what is lacking is proper education on how to do so. The networks currently opt-in users by default; however, in my opinion the proper process should be opt-out by default and opt-in if user chooses to opt-in, just like we do for emails and newsletters. This process will move the burden from users to the advertisers, publishers and networks.
  



• Any company that collects or stores consumer data for behavioral advertising should provide reasonable security for that data and should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need.
  
  “Reasonable” is very vague since every company can define it’s own explanation of reasonable.
  
  


• Companies should obtain affirmative express consent from affected consumers before using data in a manner materially different from promises the company made when it collected the data.
  
  This is to safeguard against changing privacy policies. Since almost all the privacy policies have a clause which says something like “We reserve the right to change this privacy policy. New privacy will be posted on this page”. It is hard for consumers to keep track of what has changed since they agreed to the privacy policy.
  


• To address the concern that sensitive data – medical information or children’s activities online, for example – may be used in behavioral advertising, FTC staff proposes:
  
  
  • Companies should only collect sensitive data for behavioral advertising if they obtain affirmative express consent from the consumer to receive such advertising.
  
  
  • FTC staff also seeks comment on what constitutes “sensitive data” and whether the use of sensitive data should be prohibited, rather than subject to consumer choice.
  
  
  
  My opinion: Sensitive data should be prohibited. However it won’t be easy to define what constitutes sensitive data especially when it has to apply to various countries and cultures. Sensitive information in one country might not be sensitive in another country or culture.
  

Comments? Questions?

NebuAd’s response to my blog post Part II

In response to my post on ISP based Behavioral Targeting, I got 2 response from NebuAd, one of them was posted at http://webanalysis.blogspot.com/2007/12/nebuads-response-to-my-blog-postin.html. The latest response is for one of the issue that was not answered in previous response:

The ISPs are completely passive in NebuAd’s model. In addition, there is no pop under, and the ads NebuAd sells to do not take over the publisher’s inventory. More specifically, NebuAd's technology does not include any type of overlays that affect publisher content or ad inventory without their knowledge.

Consumers do not see any more ads than they would otherwise see, and they are standard ad types, such as banners ads displayed only where you would expect to see them. The use of pop-ups and pop unders remains a publisher decision. With NebuAd’s solution, the ISP role is completely passive. They merely allow NebuAd’s equipment to reside on their network and are not involved in the advertising process. No data is shared between the ISP’s data systems and NebuAd’s data systems

NebuAd purchases online display inventory from publishers, mainly through leading ad networks. Targeted advertising that the consumer sees is placed there on the ad inventory that the publishers regularly sell to ad networks. These ad networks work with NebuAd to identify and deliver the right ad for the right user, allowing for the publisher to get a higher price from the advertisers who want the targeting. NebuAd’s revenue is generated by advertising sales during this process – the ISPs do not sell any of the advertising.

NebuAd’s response to my blog post

In response to my post on ISP based Behavioral Targeting, I got the following response from NebuAd:

Below are a couple of quick points from NebuAd’s CEO Bob Dykes to explain and clarify some of the information.

There is no information shard between NebuAd and the ISPs - the only involvement between the two is the agreement that lets NebuAd place the appliance in the ISPs network. To further ensure privacy, NebuAd does not collect the websites visited and map those back to the specific user. Instead it converts, via an appliance located in the ISPs network, the key user identifiers, such as IP addresses, to a one way random number so that the central servers see this and not the original identifier.

NebuAd works by listing categories (e.g. “Cars – SUV – Lexus”) and noting if random number goes to a site, or perform a search, that is related to the category. If yes, then it notes that interest mapped to the random number, but do not map the URL’s visited, just the interest. This is why, since it doesn’t even have the info on sites visited, there's no mechanism to map the random number to specific URLs
Since NebuAd and the partner ISPs do not exchange data, the ISPs do not see the categories each random number visits, and NebuAd does not receive specific customer information, so there is no way for either NebuAd or the ISPs to match specific customer information with even the categories of information associated with the randomized numbers. NebuAd also does not retain the raw data mapped back to the anonymous user profiles.

They have not yet provided any response to the following point that I made in my previous post:

It is also not clear to me if the ISPs will work with individual publishers or networks and provide behavioral data to power their ads on publishers inventory or if they will override publishers inventory with their own ads (which will probably cause sudden death of ISP based targeting) or if they will do popups (pop under) creating new inventory. NebuAd does however have a service for publishers where publishers can use their services on their own inventory; however I am not clear how ISPs plan to use it.

Behavioral Targeting and Privacy

Behavioral Targeting and Online Privacy is taking an interesting turn. Yesterday I wrote about Privacy groups proposal to create “Do-Not-Track” for online behavioral targeting just like “Do-Not-Call” list to stop telemarketers from contacting the people on the list.

To counter these groups, AOL took a proactive step by announcing the launch of Privacy education program for Behaviorally Targeted Advertising.

AOL is doing exactly what I wrote in April of this year in an article related to privacy

"I believe that if consumers are provided proper education then they can in fact benefit from Behavioral Targeting. It will be a win-win situation for all the parties involved. Proper education and disclosures by advertisers, publishers and networks will ease the concerns regarding Behavioral Targeting. Consumers have the right to opt out of Behavioral Targeting but what is lacking is proper education on how to do so."

According to an AOL press release:

Program Will Provide Greater Transparency, Enhanced Notice of How Targeted Advertising Works, and Patent-Pending Technology to Protect Consumers' Opt-Out Choices; The Program Will Reach More Than 91% of Online Consumers


“Our goal with this program is to engender greater trust for targeted advertising by communicating with consumers in a more visible way, and by providing them more information about their choices,” said Curt Viebranz, President of Platform-A. “AOL believes that doing more to explain to users the choices they have over the way their data is used, and helping them exercise those preferences will help them feel more in control.”


I also wrote in the previous article:

“The networks currently opt-in users by default; however, in my opinion the proper process should be opt-out by default and opt-in if user chooses to opt-in, just like we do for emails and newsletters. This process will move the burden from users to the advertisers, publishers and networks.”

I don’t think we are going to get opt-in process in near future, here is what AOL talked about the opt-out process:

The expanded use of the TACODA opt-out technology will help better preserve consumer choices. Today, users who opt-out of behavioral targeting by using an opt-out cookie risk having their preference lost if they later delete their cookies. TACODA leverages a Web cache technique to preserve a consumers' opt-out choice even if they delete their browser cookies, something other opt-out systems cannot currently do. AOL is also exploring opportunities to license this technology on a royalty-free basis for use exclusively in consumer privacy protection programs.

“We want to make the opt-out process as simple and transparent as possible,” said Jules Polonetsky, Chief Privacy Officer, AOL. “We urge the industry to join us in ensuring that users who take steps to minimize the data they provide have their choices maintained.”

In another article titled “Online Marketers Joining Internet Privacy Efforts” NYTimes.com writes:

AOL says it is setting up a new Web site that will link consumers directly to opt-out lists run by the largest advertising networks. The site’s technology will ensure that people’s preferences are not erased later.
There is a silver lining for marketers, however: the AOL site will try to persuade people that they should choose to share some personal data in order to get pitches for products they might like. Most Web sites, including AOL, already collect data about users to send them specific ads — but AOL is choosing to become more open about the practice and will run advertisements about it in coming months.

I think this is a very smart move by AOL/Tacoda, if it can convince consumers about the benefit of Behavioral Targeting then why not take one step further and have these consumers provide more information about themselves.

Other posts that I recommend
1. Privacy
1. Behavioral Targeting

If you like this post, you might want to subscribe to my blog feed. Click here to subscribe to Web Analysis, Behavioral Targeting and Online Advertising

Do-Not-Track List: An attempt to kill Behavioral Targeting

An article in AdAge reports that Privacy Groups Propose Do-Not-Track List.

According to the article:

"Demands of these groups would Hinder Marketers' Behavioral-Targeting Practices Online.

Privacy advocates are expected to propose the creation of a do-not-track list, a sort of internet version of the Do Not Call Registry, at a news conference tomorrow.

In addition to the list, the proposal calls for a requirement that advertisers, as part of their online ads, instantaneously disclose details of what they intend to track. According to a media alert announcing the news conference, the groups behind the proposal include the Center for Democracy and Technology, Consumer Action, Consumer Federation of America and the Electronic Frontier Foundation, among others.

...Typically, advertisers and online media sellers use web cookies to track and maintain information about online consumers. A cookie might be used to figure out what's in a user's shopping cart on a retail website or to record a user's login for a particular site so that user doesn't have to re-enter a login name and password every time they revisit the site. Cookies can also be used to track surfing behavior and offer up ads based on a user's surfing history.

Thanks to such behavioral-targeting technology, a user looking at a specific type of auto on a car-review site, for example, could be targeted with an ad for that particular make and model even when they move onto a general-interest site. Behavioral targeting tends to create more valuable inventory and be more effective, according to many advertisers and publishers familiar with the technology.

…However, consumer-privacy advocates charge that collecting such information in order to target ads creates "a privacy imbalance that has deprived Americans of the right to control their personal information."

So my questions to these groups are:

1. If consumer don’t like the irrelevant ads but still prefer free ad-supported content to paid ad-free content, how are these groups going to provide that?


2. How are they going to create Do Not Target list without (Personally Identifiable Information) PII information?
   
   1. One solution is used by NAI, that is to drop a cookie to indicate that user should not be tracked. But if a user deletes NAI cookie then the user is back in “Do-Track” list since most of the targeting solutions are “Opt-Out’ systems (user is opted-in by default).
   
   
   2. Another solution is to create a universal cookie that might be able to get by without any PII information but who is going to maintain that? Google? Microsoft? Yahoo?(Just Kidding)


3. Is anonymous tracking really a privacy concern? Do consumers really care about Privacy? Or is this mostly a concern of these groups? Anonymous cookie tracking is still better than what these users provide online to the social networking sites. Look at facebook.com, myspace.com where users voluntarily provide information everyday about their whereabouts, likes, dislikes, friends etc.

In my previous posts concerning privacy I proposed that Behavioral Targeting should be “Opt-In” instead of “Opt-out”, let the users make a call if they would like to be tracked to see more relevant ads.

Here is what wrote
"I believe that if consumers are provided proper education (I will write about consumer benefits in one of my future posts) than they can in fact benefit from Behavioral Targeting. It will be a win-win situation for all the parties involved. Proper education and disclosures by advertisers, publishers and networks will ease the concerns regarding Behavioral Targeting. Consumers have the right to opt out of Behavioral Targeting but what is lacking is proper education on how to do so. The networks currently opt-in users by default; however, in my opinion the proper process should be opt-out by default and opt-in if user chooses to opt-in, just like we do for emails and newsletters. This process will move the burden from users to the advertisers, publishers and networks.

In short run this could result in a lower reach for BT providers. But if the benefits to consumers are properly stated then most of the consumers will be willing to participate. If you (network or advertiser) tell a consumer that he/she does not need to go looking for deals or offers of products/services that he/she is in the market for, these deals/offers will be provided to him/her based on her online behavior no matter where in the network she is in, I think consumer will love it. If a consumer knows the process and she knows that she is willingly participating in the BT, the click-through rate on the ads will be higher too. Why force users into Behavioral Targeting and raise privacy concerns when you can offer them what they want (when they want) and make them your raving fans."

Comments?

FTC to Host Town Hall meeting to discuss Behavioral Targeting and Online Privacy

Federal Trade Commission is conducting a Town Hall meeting to discuss several topics on Behavioral Targeting and Online Privacy.
This is your chance to participate in the panel and have your voice heard.
This two-day Town Hall will bring together consumer advocates, industry representatives, technology experts, and academics to address the consumer protection issues raised by the practice of tracking consumers’ activities online to target advertising – or “behavioral advertising.” It will be held November 1-2, 2007 at the FTC Conference Center at 601 New Jersey Avenue, N.W., Washington, DC. It is free and open to the public.
The Commission invites interested parties to submit requests to be panelists and to recommend other topics for discussion. The requests should be submitted electronically to behavioraladvertising_requests@ftc.gov by September 14, 2007. The Commission will select panelists based on expertise and the need to represent a range of views about the issues. Panelists selected to participate will be notified by October 5, 2007.
Topics at the Town Hall will include:

• How does online behavioral advertising work? What types of companies play a role in this market?


• What types of data are collected? Is the data personally identifiable or anonymous? Even when the data is anonymous, is it, or could it be, combined with personally identifiable data from other sources??


• How is the data used, and by whom? Is it shared or sold? Is the data used for any purposes other than to target advertising??


• How has the online advertising market, and specifically behavioral advertising, changed since 2000??


• What security protections are companies providing for the consumer data that they collect, use, transfer, or store??


• What do consumers understand about the collection of their information online for use in advertising??


• Are companies disclosing their online data-collection practices to consumers? Are these disclosures an appropriate and effective way to inform the public about these practices? Are companies offering consumers choices about how data is collected and used??


• What standards do, or should, govern practices related to online behavioral advertising? Are companies following the Network Advertising Initiative Principles, originally issued in 2000 for online network advertising companies? Are these principles still relevant, in light of changes in the marketplace? What other legal or self-regulatory standards are applicable to these practices? Are certain practices generally regarded as appropriate or inappropriate in this area?


• What changes are anticipated in the online behavioral advertising market over the next five years? Will information be collected through technological means other than cookies? Is behavioral advertising moving beyond the Internet into other technologies?

Do you have an opinion on any of the above topics? Tell me what you think, maybe I will compile all responses and provide on this blog for future. And if I get selected on the panel I will take your voice to this town hall meeting.
Here is my previous post on FTC

Interactive Ad Bureau (IAB) Opens D.C. Office and a Lobbyist

Aiming to increase its sway over government, the Interactive Advertising Bureau has opened a Washington, D.C. office and hired its first in-house lobbyist, Mike Zaneis. Source: http://publications.mediapost.com/index.cfm?fuseaction=Articles.san&s=55849&Nid=27638&p=420929

Prior to joining IAB, Zaneis served as executive director of technology and e-commerce at U.S. Chamber of Commerce in Washington.

Zaneis predicts the upcoming Congress will see a number of Internet topics debated on the Hill, including privacy concerns, spyware legislation, data security legislation, and net neutrality.

"Congress is starting to take a look at this and is trying to understand how the Internet really works. And since advertising is the engine that allows the Internet to go, we're going to have to engage with them and do some education on what our members are doing," said Zaneis. Source: http://clickz.com/showPage.html?page=3625053