Where’s the consumer in all of this online ad stuff?

I run a startup that has been building online ad optimization tools, a self-service ad buying system, integrating with various exchanges etc. etc. – there’s a lot going on! But amidst all of the excitement and goings on in the display advertising industry, it does appear that one particular constituency is taking a back seat and is little-discussed: the consumer.

I’ll spend some time on this blog talking about what the user wants, but in the meantime let’s see what the “ad industry” thinks the government thinks the user wants…

The AAAA, IAB, ANA, DMA and BBB (whew!) all came together and in July announced

“self-regulatory principles to protect consumer privacy in ad-supported interactive media that will require advertisers and Web sites to clearly inform consumers about data collection practices and enable them to exercise control over that information.”

So they came up with some principles; the implementation of which I don’t believe has really been delved into much detail just yet. Here they are (descriptions paraphrased):

  • Education Principle: educate individuals and businesses about online behavioral advertising. Intention to run 500 million impressions over 18 months to explain this stuff to consumers.
  • Transparency Principle: clearer, more accessible disclosures to consumers about data collection and use practices of behavioral advertising. New, enhanced notice “on the page where data is collected through links embedded in or around
  • Consumer Control Principle: provides expanded ability to choose whether data is collected and used for online behavioral advertising purposes. This choice will be available through a link from the notice provided on the Web page where data is collected. Requires “service providers”, (includes Internet access service providers and providers of desktop applications software such as Web browser “tool bars” to obtain the consent of users before engaging in online behavioral advertising), and take steps to de-identify the data used for such purposes.
  • Data Security Principle: reasonable security and limited retention of data, collected and used for online behavioral advertising purposes.
  • The Material Changes Principle calls on organizations to obtain consent for any material change to their online behavioral advertising data collection and use policies and practices to data collected prior to such change.
  • The Sensitive Data Principle requires parental consent for behavioral advertising to children and heightened protections to certain attributable health and financial data.
  • The Accountability Principle calls for development of programs to further advance these Principles, report uncorrected non-compliance with these Principles to appropriate government agencies. The CBBB and DMA have been asked and agreed to work cooperatively to establish accountability mechanisms under the Principles.

A few thoughts here:

Education: It’s hard to explain behavioral targeting to people in the online marketing industry. At a recent conference I spoke at, I had the same conversation explaining retargeting to smart marketers who all did a lot of search and not so much display. What are we going to say to consumers to explain how this stuff works? How will saying what it is affect what consumers do about it? In my past life as an analyst for Jupiter and Nielsen NetRatings, I’ve seen the wide disparity between what people say they will do and what they actually do. 500 million impressions over 18 months? Average clickthrough rates on display ads are around 0.1 percent – let’s be generous and say that 10 times that number pay any kind of attention to these impressions and click on them (though I’m guessing these will be late-session impressions of lower value than the average). We’ll end up with 5 million users learning more about what is going on, over 18 months – or about 3.333 million users per year. Better than nothing? Yes, but not by much.

Transparency: This is a big one. Enhanced disclosure on the page where the data is gathered. Let’s look at the major sources of where data comes from:

  • Publishers: A person lands on a web site and perhaps does something and is put into a behavioral bucket. There are more in-depth uses of data that occur when some sites take user registration information and use that to put a user into an audience bucket. The PII data doesn’t persist in the network per se, but it is there.
  • Advertising campaigns: a user clicks on an ad and the ad network often flags that as interest of a user in a particular category. The data gathering happens within the entity who is serving the ad, and there is typically no communication channel between the entity and the consumer since they are directing the ad click to an advertiser’s page
  • Advertisers: retargeting, typically for other advertiser campaigns. Really a subset of publishers, above.

Putting notice on the page where the data gathering is happening is going to be very difficult. It’s going to be much easier to enforce and to provide a fair trade-off to the user to ask them at the point at which the data is used…. So for example, I visit a site about baseball as I do every day (I don’t like baseball at all, for anyone keeping score at home BTW) and at some point later on I see an advertisement for baseball tickets for an upcoming game in my area. I would also see a little moniker attached on the bottom right corner of the ad with a question mark that I could click on to expand and see why this ad had targeted me specifically. It would then have an easy link for me to 1) opt-out of this instance of data use, 2) opt-out from the provider(s) involved and/or to 3) opt-out completely from the whole damn lot assuming I hadn’t already in which case I would not have seen this ad in the first place.

If we really want change we should have incremental steps. Data notice and choice at the point of use in the online display world, when combined with better policing of how and where data goes to in the middle in an industry-managed solution is the cheapest, least innovation-stifling and most effective way to get past the “of course I care about privacy” nonsense (everyone cares about it, but it’s not an interesting question unless you get specific) where someone has absolutely no context for knowing if that data is going to be of help to them.

I’ve been stuck in this world before as a research analyst trying to reconcile what consumers say they want vs. what they do (I spoke at an FTC workshop about this back in 2002 – here is some data that I presented then that is still quite relevant I think.

I encourage further discussion here as this market changes and develops, and hope to outline more of the consumer angle in coming posts.