Privacy Whitewashing, History Sniffing, and Zombie Cookies, Oh My…
This content originally posted on the ClickZ Marketing News & Expert Advice website with thoughtful comments and numerous reactions on August 11, 2011.
There’s a great deal of fear, uncertainty, and doubt (FUD) in the hearts and minds of consumers regarding their privacy online. While not totally unmerited, this FUD is fueled by mainstream media sources like The Wall Street Journal and USA Today, that typically paint the issues with a stark black and white perspective. Unfortunately, this perspective corrals all advertisers, website operators, and would-be digital trackers into a single category of shameful voyeurs.
While some tracking practices may indeed be dubious, other allegations are accused of slander. Both scenarios are reason enough to give conscientious consumers pause, thereby placing your online business and the way you track customers in jeopardy. The root of the problem is a fundamental communication breakdown.
What’s Really Going on Behind the Privacy Curtain?
The majority of first-party digital measurement (“first-party” data is obtained by the entity that owns and controls the domain) is designed to improve the user experience online by making processes easier, enabling faster access to relevant goods and services, as well as offering time-saving conveniences for everyday users. These practices have been going on since the dawn of consumerism, and for the most part are tolerated and even appreciated by consumers as long as they adhere to some semblance of consumers’ rights. However, consumers must retain the right to shop, browse, and otherwise interact online in an anonymous manner if they choose to do so. Thus, the opt-out policy. But technologies today have inadvertently enabled ways to circumvent the opt-out by regenerating cookies (dubbed “zombie cookies”) or embedding locally stored objects into users’ machines. These practices are wrong and deftly explained and criticized in Eric T. Peterson’s whitepaper, “Flash LSO’s: Is Your Privacy at Risk?” (registration required).
The flip-side to first-party tracking is third-party tracking, (“third-party” data is obtained from the first party and typically not reasonably known to the end user). This data is often employed by ad-serving technologies as a method for targeting consumers. The primary objection to third-party data is that it can be used to track visitors across multiple domains (“history sniffing” or “daisy-chaining”), thereby creating a history of multi-site browsing behavior that reveals aggregate details on consumer actions unbeknownst to the user.
Most third-party data sources still don’t know names, nor do they profit from selling any personally identifiable information. Instead, anonymous user data is brokered to a slew of third-party advertisers, ad exchanges, ad networks, ad platforms, data aggregators/exchanges, and market research companies who work to serve up relevant content based on the websites users visited. I hate to break it to folks, but that’s how most content websites work. Visitors get free content, hosts deliver ads. It’s a trade-off that most of us are willing to accept. It’s also this trade-off that’s sucking any remnants of serendipity out of the Internet, because things just don’t happen by coincidence today; they happen by marketing.
If They Want Out, Show Them the Door!
The fact is that if consumers don’t want to be tracked, then you must offer them a simple and permanent way out for the wary. Of course, browsers can do this today and consumers can take proactive steps to delete cookies, but it’s still the responsibility of the business to offer choice. Your primary responsibility as a vendor or business is to educate your users through effective communication. This is where most of the confusion festers because vendors don’t provide easy-to-understand guidelines about how their technologies are designed to be used; and businesses often don’t educate their customers about how they treat personal data. As a result, technologies are used inappropriately and consumers feel violated by targeted content and there’s typically a whole lot of fingerpointing going on to pass the blame.
If you’re a business, it’s your responsibility to understand how the technologies you use for digital tracking work, but also to give consumers a choice regarding their ability to remain anonymous and to opt out of all types of tracking. For first-party data collectors, this should be a relatively straightforward exercise; don’t retain customer information if they don’t want you to. If you need more guidance on the right thing to do as a practitioner or data collector, visit the Web Analytics Association’s (WAA) Code of Ethics that outlines the core tenets of ethical first-party, data-handing practices.
For third-party data collection, organizations like the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA) offer third-party opt-out choices for consumers. Consider joining one of these coalitions to join the ranks of the self-regulated. Alternatively, you can brush up on third-party data collection guidelines issued by organizations like TRUSTe, who act in the best interests of consumers by offering guidance on what to do and what not to do regarding digital data collection.
Create an Action Plan for Maintaining White-Hat Digital Tracking Practices
Finally, the best thing that you can do as a vendor, a marketer, or a business is to operate above the fray of privacy pundits by following a few key principles. Take these steps to use digital tracking in the way in which it was designed and to deliver value for your customers and your business:
1. Understand the technologies. While this sounds relatively basic, you must know what the technologies you build or deploy are capable of doing. While getting inside the minds of the devious shouldn’t consume all your time, vendors should issue guidance for utilization as well as educate constituents about how technologies function.
2. Keep PII safe, secure, and private. It should go without saying that keeping customer data safe and private is a top priority, but go beyond offering lip service and spell it out for consumers. Demonstrate how you protect and secure data by communicating to your audience about the measures you take to do so and instill confidence by provisioning multiple safeguards.
3. Divulge data usage practices. If your business is collecting and utilizing first- or third-party data, make it known by divulging your practices in clear and readable language. This requires keeping the legalese to a minimum and offering consumer-friendly policies and explanations for what you’re trying to accomplish. Transparency is the best practice here, so explain what you’re doing and how visitors benefit.
4. Empower consumers to opt out. This one bears repeating…give consumers a way out. And for crying out loud, don’t opt them back in if they don’t request it. This is potentially the biggest threat to online privacy today and as more and more organizations abide by consumer preferences, the ones who don’t will be outed and ultimately tarnish their reputations.
5. Spread the word. The Internet offers many incredible opportunities for networking, commerce, education, and entertainment, but collectively we must act as stewards of consumer data. Perhaps I’m naïve, but I believe that most data collectors are ethical and simply need to do a better job of describing what they’re up to and where the value exchange exists for consumers.
I personally applaud researchers like Ashkan Solanti and Jonathan Mayer for the work they do and for keeping vendors honest about the realities of their digital tracking applications. We need more education and we desperately need to voice the digital measurement side of the argument to crystallize the validity of what we do as analytics professionals.
The online privacy discussion won’t dissipate anytime soon, so the best we can do is communicate effectively, demonstrate value, and offer choice. Do you agree?