The Rising Price of Privacy

The Federal Trade Commission (FTC) gave the digital content industry a dubious present last Christmas. At the same time the FTC approved a merger of Google with ad network and services provider DoubleClick, it also lobbed the issue of privacy back over the net for the companies to solve. At issue for the first time in a very public way is a topic I have been writing about in these columns since 2002: behavioral targeting (aka BT).

After holding a “town meeting” in November specifically on this cluster of technologies that track user behavior over time to target merchandise and ads, the FTC declined to recommend a regulatory or legislative response. Instead, the FTC offered guidelines and principles for industry self-regulation. Was this a gift to an industry that was anticipating some kind of official regulation? Maybe not so much.

Hidden and murky privacy policies, unannounced data sharing across sites, and user profiles that lurk for years in some buried data silo are still the rule rather than the exception online. Also, don’t suppose that business information providers get off the hook on this one. Lead generation, one of the main revenue streams coming from the enterprise and into B2B publishing and services of all sorts, is just as susceptible to shoddy identity protection as consumer-based BT. And, as professionals start using social networks to make business connections and to recruit new employees, there is a whole new layer of personal and corporate information in which privacy needs to be addressed.

Add to that morass of data swapping the new world of application programming interfaces (APIs) and widgets that actively share information across sites. When Site A offers an open platform into which Site B can insert an application, who touches, owns, and protects a user’s interaction with that tool? Most casual MySpace or even Facebook users may dismiss this concern cavalierly, but it is not a question that your company’s IT manager will ignore. He or she will want to know what company information is flowing out of the enterprise and which vendors can be trusted with it.

The industry as a whole is a long way from addressing issues of privacy satisfactorily. When I talk to analysts, publishers, and marketers, there is a lot of disagreement about the real price we will pay for playing fast-and-loose with privacy. JupiterResearch found that only 4% of consumers generally are concerned with websites tracking their online behavior and keeping their information anonymous and safe. Most of us are more concerned with identity theft and fraud. So who is minding the privacy project? There is the Network Advertising Initiative, an industry organization that lets users easily opt out of many BT networks. However, according to privacy consultant Alan Chapell, only about a third of marketers in the category of “preference marketers” are members of that coalition.

Relying on users or enterprises to remain oblivious to online privacy strikes me as a recipe for disaster. We are just one bad news tsunami away from having the issue suddenly become important. In just the last few months, some advocacy groups recommended to the FTC that BT techniques be considered unfair trade practice because in many cases the users are unaware that their online movements are being profiled. They also argue that no matter how much networks claim that personal profiles are “anonymous” and “not personally identifiable,” IP addresses and cookies ultimately can be pieced together in order to track back to a user. Facebook’s very public error in starting its Beacon marketing program without letting users first opt out was a clear warning to the industry. The social networking phenomenon ratchets up the stakes surrounding privacy more than ever.

What’s to be done? Publishers should err on the side of caution and transparency. BT and other online targeting techniques are complex technologies that can be hard to explain, but we are supposed to be communicators, right? Talk to users about their data. Let them edit their profiles and opt out easily. Moreover, we need standards that marketers, publishers, and tech providers can all agree on and will mutually enforce. That means that publishers will need to turn away businesses and partnerships that do not comply. Why is it important to bite the bullet now? Because as data moves across platforms, from web to mobile to appliances, to cars and to set-top TV boxes, the risks of data abuse and user revolt over privacy issues multiplies. This is an issue we cannot afford to ignore.