Have a look at the latest in our series of videos from our Evidon Empower Europe summit, which took place in London last December. Tim Flink, Managing Director, United Kingdom, Adnetik, brings to light the perspective of having grown an ad targeting company alongside the rise of the privacy economy. While the whole video is worth a watch, he has a great quote that stands out: “Cookies don’t have borders.”
The Evidon Weekly Digest 1/25/12
January 25, 2012Big news is brewing in Europe: Regulation has been proposed in Brussels that would compel web sites to tell consumers why their personal data is being collected and retain it for only as long as necessary. Specifically, this regulation will focus on data retention, transparency, and the growing notion of “the right to be forgotten.” It is very important, however, to understand that this applies to the collection and use of personally identifiable data, not data collected from cookies and other tracking scripts which are covered by the EU ePrivacy Directive.
Other EU news brought us a post by vice president of the European Commission Nellie Kroes that endorsed Do Not Track and an announcement by the IAB in Europe that it will “continue to welcome dialogue” focused on privacy and transparency in interest-based advertising.
This past week’s US news was full of reactionary press that centered on the DAA’s new “Your AdChoices” advertising campaign. The New York Times wrote a piece, as well as all of the industry publications. Also, Fatemeh Khatibloo, a senior analyst at Forrester Research, announced a new study about consumers’ sensitivities to various kinds of data, for which we had a great deal of input.
Europe Weighs Tough Law on Online Privacy – NYT – Europe is considering a sweeping new law that would force Internet companies like Amazon.com and Facebook to obtain explicit consent from consumers about the use of their personal data, delete that data forever at the consumer’s request and face fines for failing to comply.
Why we need a sound Do-Not–Track standard for privacy online – Nellie Kroes, Digital Agenda – This really is privacy and data protection week! In Brussels there is the Computers, Privacy & Data Protection conference and the Commission is soon adopting its proposal for a reform of the European Data Protection legal framework (which I wrote about here).
IAB Europe and EASA welcome dialogue with the Article 29 Working Party [Press Release] – Following the Article 29 Working Party open letter dated 8 December 2011, IAB Europe and EASA continue to welcome dialogue on the IAB Europe OBA framework and the EASA Best Practice Recommendation aimed at empowering consumers with transparency and choice towards Online Behavioural Advertising (‘OBA’).
For Online Privacy, Click Here – NYT – Something viewed online billions of times a month would seem to need no further promotion, but that assumption falls short when the something in question — a turquoise triangle in the upper right-hand corner of banner ads — is a critical piece of the debate about online privacy.
Fear & Irony On Madison Avenue: Industry Avoids Jargon To Promote ‘Interest-Based’ Advertising – MediaPost – Madison Avenue’s Digital Advertising Alliance (DAA) this morning unveiled “Your AdChoices,” a campaign aimed at educating consumers about “interest-based” advertising and how to take greater control of their online privacy.”
Ad Industry Wants to Rebrand Behavioral Advertising – DigiDay – It stands to reason that the advertising industry, faced with unease over behavioral advertising, would choose a rebranding exercise. It’s not behavioral advertising, you see, it’s “interest-based advertising.”
Evidon Empower Interview Series: David Evans, Group Manager, Business and Industry, ICO
January 12, 2012As a followup to our inaugural EU privacy event, we’re posting more interviews in the Evidon Empower Interview Series with key players from industry, government, and advocacy groups. Our first guest is the Information Commissioner’s Office (ICO) group manager for business and industry, David Evans. During the event, David drove home that the first element of consent is informing people, and giving them clear and comprehensive information about what you’re collecting and using their data for. More in the video below:
The Evidon Weekly Digest – 1/4/12
January 11, 2012This past week was a slow one for privacy news, but it was the “week of 7’s” – the FTC, Entrepreneur, and MSNBC all made lists conforming to this number. Rebate company Upromise settled a lawsuit with the FTC. MediaPost reported on newly proposed changes to COPPA and how they could possibly “kick networks off kids sites.” In London, Evidon client Media Contacts announced they have created a new consultancy to help companies comply with the EU ePrivacy Directive.
A Seven-Step Guide to Protecting Customer Privacy – Entrepreneur – Think protecting customer privacy is only an issue for business giants like Facebook and Sony? Think again.
The FTC’s Seven Opt-out Rules: A must-read for tracking companies – The PrivacyChoice Blog – The Federal Trade Commission’s recently finalized settlement with ScanScout is ostensibly about the use of Flash cookies, which led to the enforcement action. But as is often the case, the consent decree also outlines requirements that provide all companies, not just ScanScout, with guidance on how the FTC thinks the opt-out process should work for behavioral targeting.
Will Data Collection on User Behavior Be Forced to End Soon? – ReadWriteWeb – Harvard Business Review ran three interesting short pieces in this month’s magazine, under the misleadingly timeless title “Tackling Business Problems.” The three essays are actually guest submissions from business radicals, the final of the three being from social media luminary Doc Searls.
7 signs we’re living in the post-privacy era – MSNBC – Whether by corporate subterfuge, government decree, hacker invasion and our own ambivalence, our digital rights have never faced more peril than they will in 2012. Here’s a look at the most egregious losses in privacy — the ways in which the stage was set — during this past year.
Upromise Settles Privacy Charges By FTC – MediaPost – Rebate company Upromise has agreed to settle privacy charges by destroying data collected about 150,000 Web users between 2005 and 2010, the Federal Trade Commission said Thursday. Upromise also agreed that it will clearly disclose its data collection practices, and will tell users how to remove its toolbar.
Proposed COPPA Regs Could Knock Ad Networks Off Kids’ Sites – MediaPost – If the Federal Trade Commission wants to ban companies from using behavioral advertising techniques on children, the agency should try the direct approach. That’s according to the think tank Future of Privacy Forum.
Webinar: Taking action on the ePrivacy Directive now—lessons from Evidon Empower Europe
January 5, 2012“If you say ‘we are doing nothing,’ we can point to a lot of others and say ‘why aren’t you doing that?” - David Evans of the Information Commissioners Office (ICO)
Time to act! While there’s still clearly much to be worked out with the EU ePrivacy Directive, the news from Evidon Empower Europe, held on 6 December in London, is that a consensus is emerging on steps that you can take now.
In the debate over whether consumers will need to give either “explicit” or “implied” consent to be tracked—a fundamental aspect of the law (which EU member states are divided on)—the less-strict “implied” route was deemed a viable option in certain situations, by everyone from UK government officials to the French independent privacy authority CNIL.
There was also a firm consensus at the conference that doing something now, despite lack of clarity around the Directive, would put you in a much better position to be in compliance by the UK’s May 25 deadline. Nick Stringer of the IAB EU tweeted after his panel at the show: “three summing up words: transparency, control and education.” But how do you execute on that? The most important first step is to conduct an audit of all of the trackers and cookies that are used on your websites, and to understand their relative level of intrusiveness. Other steps include disclosing this tracking activity in a clear “AdChoices” notice to consumers on your site and in your ads, and creating a privacy team for your company.
Join key players in the debate— Nestle’s Nathan Howe, Akamai’s Khan Smith, legal expert Eduardo Ustaran, Evidon CEO Scott Meyer and others — for an insider’s view of the ePrivacy Directive and what you can do now to start yourself on the road to compliance.
The Evidon Weekly Digest 1/4/12 – Happy New Year!
January 4, 2012The new year is looking like it’s going to be filled with more digital privacy news than last. To kick things off, we’re hosting a webinar that will focus on the EU ePrivacy Directive and what businesses can do now to ensure that they’ll be in compliance. You can find out more and register for the event, which features Nestle’s Nathan Howe, Akamai’s Khan Smith, legal expert Eduardo Ustaran and Evidon CEO Scott Meyer, here.
Privacy news was slow over the past two weeks, but we do have catching up to do since the last newsletter we sent out in 2011. To start, Randall Rothenberg, president and CEO of the IAB, told DigiDay that one thing he hoped to hear less about in 2012 is “government regulation” of online advertising. Also, Campaigns and Elections ran a very interesting article on the current legislative climate (or lack thereof) around targeted political ads and this year’s looming elections.
In EU news, Marketing Week’s Michael Barnett made the call for UK companies to “Make online privacy [their] new year’s resolution” in order to avoid “unwanted attention.”
Make online privacy your new year’s resolution – Marketing Week –Most websites have yet to show any intention of complying with the EU’s new online privacy law, the so-called “cookie directive”. With six months to go until regulators start handing out punishments, it is time to make a new year’s resolution to show what you are doing.
IAB’s Rothenberg on Privacy Woes and Ad-Tech ‘Gobbledygook’ – DigiDay – Randall Rothenberg is the president and CEO of the Interactive Advertising Bureau, a role he returned to this February after a brief stint as chief digital officer at Time Inc. During Rothenberg’s tenure, the IAB has taken on the shortcomings of panel-based measurement, the dearth of talented creative executives in the industry, and numerous key nuts-and-bolts issues like viewable ad impressions and the industry’s overreliance on the click. These days, Rothenberg is hoping the digital ad business has dodged a bullet on privacy, and he’s bullish that 2012 will be the year of tablet publications and hit Web series.
Like It or Not, You’re Being Tracked – Campaigns and Elections – As Do Not Track pressure mounts, campaigns are taking notice.
45 Privacy Changes Facebook Will Make To Comply With Data Protection Law – TechCrunch – In 2012, Facebook will be making 45 privacy-related changes to comply with the recommendations of an audit by Ireland’s Office of the Data Protection Commissioner (DPC) released today. Below I’ve compiled a roadmap of all the changes Facebook will implement based on the 149 pages of DPC recommendations and how the social network says it will address them.
The regulatory crescendo in Europe
December 21, 2011For anyone following the ePrivacy Directive in Europe, 2011 is ending with a bang. In London, we at Evidon and our friends at Field Fisher Waterhouse hosted Evidon Empower Europe, where a cross section of Regulators, European Commission representatives, attorneys and executives from across the online advertising ecosystem met to discuss expectations and practical solutions. The Article 29 Working Party, an advisory body to the commission with regulators from each member state, adopted an opinion on 12/8 that was critical of the self-regulatory program for behavioral advertising in Europe. A week later, the UK’s ICO (the regulator for online advertising) released a ‘Half Term Report on Cookie Compliance,’ combined with a significant update to its guidance to companies seeking to comply with the Directive.
When it comes to tracking policy in Europe, perspective is critical. When you have multiple voices that differ on critical points, each needs to be understood in context. The Article 29 Working Party has no binding authority over the law, though it’s opinions hold significant weight. The ICO has binding authority, but only in the UK. So where does this leave us?
- The Directive is not going anywhere: Leaving aside the content for a moment, the fact that regulators have been so active over the last 30 days is a clear indication that this law is being taken seriously, and that regulators intend to see it enforced in 2012. The Regulators in the UK and France are making it clear that this is your problem, not theirs. UK Information Commissioner Christopher Graham dealt with this head on: “…if you have decided that this is all too difficult, that you don’t want to give your users choices about how your web pages might collect information about them … then be assured that if we get complaints or have concerns then we will be checking your site and we will take the necessary steps to ensure that you do work towards compliance.” When regulators are this committed, inaction is clearly not an option.
- Despite theoretical positions requiring “prior consent” remaining unchanged from the Article 29 Working Party, the UK ICO understands the role of pragmatic solutions. The ICO continues to push for cookie audits and is open to a range of innovative ways to bring the discussion about tracking to the consumer. The ICO guidance also included several good examples for how 1st parties can acquire consent, including basic improvements that fall well short of the radical steps that some have suggested. Most importantly: elevate the dialogue and give users options, and you will be at the front of the pack.
- Implied consent lives: After two years of discussion, no one has found a practical way to create a prior consent system without producing a terrible user experience or forcing the industry to make extreme and disproportionate sacrifices. There clearly is no consensus in the legal community that the law requires prior consent. Again, Christopher Graham: “We recognised that compliance could not be achieved overnight, that we could not simply switch off the internet and start again.” And that a company might have confidence that they are compliant if users “know that some things are more likely than not going to happen when they arrive at your site and that if they want to make choices about those things they know where to go and what to do.” Eduardo Ustaran at Field Fisher Waterhouse has an excellent post on this point.
Of course, for implied consent to work, it must be substantially more robust than the status quo. In particular, companies will need to demonstrate that consent is ‘freely given,’ ‘specific,’ and ‘informed.’
The Evidon Weekly Digest 12/20/11
December 20, 2011The EU ePrivacy Directive led the news this past week. First, the UK’s ICO issued a half-term report on cookies compliance. The guide gave a series of reference points for UK companies to use as they gear up for enforcement of the new ePrivacy Directive. This follows last week’s move by the Article 29 Working Party to criticize the IAB EU’s self-regulatory program.
We strongly encourage everyone to read this post by Field Fisher Waterhouse’s Eduardo Ustaran that explains why clear notice will satisfy the law without a strict opt-in requirement. Colin will be publishing our point of view on tomorrow, so look for the tweet when we post it.
In US privacy news, Law.com produced a great breakdown regarding the current legal landscape surrounding OBA and privacy, and media critic Jeff Jarvis wrote a hilarious parody about the FTC fining Santa over COPPA violations. Also, criticisms of Facebook’s new Timeline feature began to rise as it became more widely adopted.
Time to get to grips with cookies – Field Fisher Waterhouse –Without a doubt, figuring out how to comply with the notice and consent requirements affecting the use of cookies in Europe is going to be at the top of the New Year’s resolutions of many data protection officers and privacy counsels…We are now well past the deadline to implement these requirements and it is time to start doing something other than burying our head in the sand.
ICO blog: half term report on cookies compliance – ICO – Back in May this year, we published advice on how to comply with the revised cookie rule. The rule had just been implemented as part of the review of the ePrivacy Directive. In the advice, we set out what the law said, what it required and what it means for those who have to comply.
- Guidance on the rules on use of cookies and similar technologies [PDF] – ICO – This guidance will explain how the rules apply for those operating websites and using cookies. The guidance uses the term ‘cookies’ to refer to cookies and similar technologies covered by the Regulations.
European Regulations on Cookies Will Break the Internet – Forbes –It’s the web business methods that are going to get broken just as soon as everyone starts obeying the law, not the internet itself. But it really is going to be a large number of businesses that are really going to have to change the way they place cookies if they’re to stay within the law.
EU cookie laws could cause unwary firms to get their fingers burnt – The Guardian – Cookies are a key component of web technology, but anyone using them must beware new EU rules on consent.
The Legal Landscape for Online Data Collection – Law.com – This article will discuss the current legal landscape surrounding online behavioral advertising and data tracking, including recent actions by the marketing industry and Federal Trade Commission and the latest developments surrounding geolocation and the development of a Do Not Track web browsing mechanism.
FTC Fines Santa Claus Over COPPA Violations – BuzzMachine –Federal Trade Commission Chairman Jon Leibowitz today announced a record fine against Santa Claus for violations of the Children’s Online Privacy Protection Act.
Facebook Timeline privacy concerns deepen as rollout begins – ZDNet – The Facebook Timeline feature is rolling out across the world but not everyone is happy about it. Do you really trust Facebook to keep your private activities off your public timeline?
The Evidon Weekly Digest 12/13/11
December 14, 2011In privacy news, MediaPost ran an interesting article quoting KPMG’s new study that pointed out that “52% [of consumers are] saying they would be willing to let their usage patterns — and even their personal information — be tracked by advertisers, if this resulted in free access to content or lower product costs.“ Also, Microsoft and Google said that they have more than 100 engineers dedicated to privacy between them, showing just how important the issue is becoming to big companies. In that same vein, AdAge released its Top Ten list of important legal issues for 2012, and privacy self-regulation was at the top.
Will Trade Tracking For Deals, Consumers Signal – MediaPost –Consumers remain wary of behavioral tracking and want to maintain control of their data, but a new KPMG study suggests that digital users are also ready to cut a deal. The new research of Internet, mobile and cable users found 52% saying they would be willing to let their usage patterns — and even their personal information — be tracked by advertisers, if this resulted in free access to content or lower product costs.
Google, Microsoft teams work to keep pace with privacy laws – ComputerWorld – The companies offered a glimpse at the work required to try to stay on top of data privacy issues.
A marketer’s guide to the privacy debate – iMedia Connection – For the select few that closely follow this issue, the industry is teetering on a precipice. Nevertheless, for the majority of digital marketing professionals, whose days are completely filled buying, selling, strategizing, and executing digital media, the privacy debate has been a back-burner topic. However, no one’s saying it isn’t important. We know it’s important.
Editorial: Time to enact ‘Do Not Track’ – USA Today – Facebook’s 800 million users are probably feeling a little more secure since the social media giant agreed to privacy measures forced by the Federal Trade Commission (FTC) late last month. But they’d be wise to stay cautious. Plenty of incentive for mischief remains, and not only on Facebook.
- Opposing view: Better ways to protect consumer privacy – USA Today – The economics of the Internet are simple. Businesses produce interesting content and services to attract an audience, and advertisers pay businesses to show ads to this audience. This basic three-way trade underpins the explosion of innovation on the Internet over the past two decades and the development of a vast range of free content and services available to consumers today. In fact, the three most popular websites on the Internet — Google, Facebook and YouTube — are all paid for with online ads.
The Invisible Vote (Crosspost from Ghostery)
December 13, 2011**This post was first available on Ghostery’s Purple Box blog. You can view the original here.
We are a little under a year from US presidential elections, which means campaigning has begun in force. Presidential hopefuls and current President Obama have all launched campaign-focused websites; using the web to explain their platforms, reach out to their faithful, and solicit contributions.
It’s no surprise that potential candidates are interested in the demographic and behavioral makeup of the potential voters visiting their sites – it’s obviously important to craft a campaign to the interests of your constituents. What we found surprising, however, is the difference in the number of unique third-parties each candidate employs on their site.
We looked at Ghostrank panel data from November, 2011 – one year before elections will actually take place. Herman Cain didn’t officially end his presidential bid until the beginning of December, so we left him in for the sake of comparison. Here’s how things broke down:
- click to embiggen
Ron Paul employed the most 3pes (3rd party elements), by a margin of 16 over nearest competitor Cain. That margin is actually more than Rick Santorum embedded in total – members of the Ghostrank panel only encountered 14 elements on his site.
Privacy probably won’t be the hottest topic on the campaign trail this political season, but it’s worth keeping an eye on these candidates and how their practices with their own websites match their stances on the issue.
