Online tracking and the privacy violations of behavioral marketing

15 Oct Online tracking and the privacy violations of behavioral marketing

Posted at 09:14h in Commentary, Internet, Legal by

You are checking the forecast at an online weather site and an ad on luxury golf vacations is shown to you. Interesting, you think, since just last night you were surfing for information to plan a Phoenix golf trip. Coincidence? Probably not, if online marketers are using behavioral targeting.
What is behavioral targeting? It’s tracking a user’s online activities to deliver advertising targeting to that user. Users are generally familiar with “cookies” that hold information pertinent to any given website visited, and can usually choose whether cookies should be used or not.
Today’s debate centers on information tracked on a broader level by Internet service providers (“ISPs”), called “deep packet inspection.” This information is made up of granular details on users. The ISPs create profiles based on the search terms entered by a user into search engines, the Web pages visited, and the content viewed. The information on these habits is valuable to online marketers who desire to serve up the most relevant ads to the user.
The behavior of online marketers
Online marketers such as Phorm, NebuAd, and Adzilla have been receiving press about their plans to offer behavioral targeting advertising. Charter Communications, the third-largest publicly traded cable operator in the U.S., had announced plans to work with NebuAd to deliver to its users “an enhanced online experience that is more customized to your interests and activities.”
Charter’s announcement triggered an inquiry this summer by the House Energy and Commerce Committee. Privacy advocates likened the sale of this behavioral data to illegal wiretapping. The public backlash on the privacy issues took many companies by surprise.
In June, Charter put its plan on hold indefinitely. NebuAd’s CEO resigned, and in September the company announced that it had put on hold plans to widely deploy its behavioral targeting advertising technology. Earlier this month, Adzilla announced that it was closing its North American operations, and its CEO resigned, all over the unexpected scrutiny on the privacy front.
Phorm is proceeding with its plans in Europe, emphasizing its privacy protection measures. It went so far as to commission a Privacy Impact Assessment, posted on its home page.
FTC weighs in
The Federal Trade Commission has weighed in, reporting that “behavioral advertising provides benefits to consumers in the form of free content and personalized advertising,” but noting that “this practice is largely invisible and unknown to consumers.” See “Behavioral Advertising, Moving the Discussion Forward to Possible Self-Regulatory Principles.”
The FTC proposes that “every web site where data is collected for behavioral advertising should provide a clear, consumer-friendly, and prominent statement that data is being collected to provide ads targeted to the consumer and give consumers the ability to choose whether or not to have their information collected for such purpose.”
According to the FTC, any company with such data should provide reasonable security and retain the data only as long as necessary. Also, for companies that are moving to this model, the FTC proposes that they should obtain affirmative express consent from consumers before using the data in a manner materially different from promises the company made when it collected the data.
The FTC is seeking comment on what might constitute “sensitive data” (such as medical information or children’s online activities) and whether collection should be altogether prohibited.
Opting out
In this current era of self-regulation, many companies are calling for clear mechanisms for consumers to opt out. Roy Shkedi, CEO of AlmondNet, a New York-based behavioral targeting advertising company, proposes adding an opt-out link to every delivered advertisement, and making it clear to consumers that no personally identifiable information is used to deliver targeted ads.
Given that ISPs already have all of this detailed data, if they sell it without any personally identifiable information attached to it, how risky is it that a user’s privacy will be impacted?
Stay tuned – perhaps someday you will be served a targeted ad with an update on this debate!
Related WTN News articles:

Deborah A. Wilcox is a lawyer and co-chair of intellectual property litigation at Baker and Hostetler, LLP, in Cleveland. She is a graduate of the University of Wisconsin-Madison Law School and regularly handles copyright, trademark, and e-commerce litigation. She can be reached at dwilcox@bakerlaw.com.
The opinions expressed herein or statements made in the above column are solely those of the author and do not necessarily reflect the views of Wisconsin Technology Network, LLC. WTN accepts no legal liability or responsibility for any claims made or opinions expressed here.