BEHAVIOURAL ADVERTISING, PRIVACY AND COOKIES.

Why is everyone STILL talking about Online Behavioural Advertising (OBA) and privacy? And why exactly are cookies back in the spotlight again? The technology is complicated and, because it’s difficult to understand how it works, some people worry what it's getting up to. Also, OBA has become caught up in some of the concerns about web privacy generally – particularly those surrounding the proliferating use of social networks. OBA will play an increasing part in online advertising (as a recent Forrester report confirms - see here) and all of us who work in the industry should feel confident enough to be able to talk about and, if necessary, defend the use of Behavioural Advertising. So we thought it was a good time to take a step back and address the subject objectively.

Firstly, the purpose of OBA is to deliver web users ads that are more relevant than most of the ones they already get. Hopefully, this means that web users have a better web experience while advertisers waste less money and publishers get paid more for their ad inventory. So what’s the risk? How is it possible to do this without somehow ’spying’ on what web users are doing online? Now this is where it can get complicated - and different OBA companies use different technologies - but there are two fundamental things to understand. Web users are anonymous and no personal data is involved – unless you give it to the company yourself.

Personal data and anonymity.

Let’s take a look at these two issues separately; first the anonymous part. If web users are anonymous how can we ‘identify’ individuals to assign lifestyle interests and judge possible purchase intent as they browse the web and then deliver them specific ads rather than random ones? This is where cookies come in, as every time a web user visits a site in the OBA company’s network, they are sent a cookie that includes a unique number. A cookie can only be read by the site that sent it and it can’t collect any data from the user’s PC.

Every time a user then visits another website in the OBA company’s network the ID is recognised and more interests can be added and existing interests examined to see if there is a relevant ad that can be delivered. This means a web browser can be ‘identified’ but not an individual. However, there are two further issues that concern some people. Can you be identified from your interests and are flash cookies somehow ‘worse’ than browser cookies?

This brings us to the ‘personal data’ bit. Some OBA companies are also websites or online service providers (like Yahoo!, Google and AOL) so if you have registered with them and gave personal details (like your name and address) they may associate this personal information with your cookie ID and your interests or search terms. Everyone has heard about the AOL case where a New York Times journalist traced an AOL user from their published search queries. This was only possible because AOL stored actual search terms and these were specific enough to enable the individual to be identified. But other OBA companies don’t ask for or store any personal data to start with and Crimtan, like many other OBA companies, just stores inferred interests. Site URLs and search terms simply indicate an interest, and it is this interest that is stored alongside the cookie ID – never the URLs or search terms themselves.

But what about Flash cookies?!

Flash cookies and Behavioural Advertising are getting a lot of attention at the moment, as some people have suggested that they somehow have a greater ‘impact on consumer privacy’ than regular cookies. Of course, Flash cookies behave exactly the same way as browser cookies – they are just stored on the PC rather than the browser and can hold more information if need be. So there are no greater privacy implications than with browser cookies. Despite this, Members of the GPP for OBA (see next paragraph) have agreed not to use Flash cookies to help collect data for Behavioural Advertising.

Reassuring concerned users.

So what is the industry doing about reassuring people who are still nervous about Behavioural Advertising - and what else could we be doing? Well it’s important to remember that even web users who have no idea about Behavioural Advertising and do nothing are at no risk whatsoever. The worst that can happen is that they start getting useful advertising not rubbish! However, for whatever reason, there are some web users (a tiny minority) who actively oppose the idea of Behavioural Advertising, cookies and even advertising – and it is reasonable that they should be able to opt-out if they wish to. That’s why the IAB has established the Good Practice Principles for Online Behavioural Advertising (GPP for OBA – see here for more) and member companies are audited to ensure they comply.

The key Principles cover Transparency, Notice and Choice. Transparency means that the company has to declare on their own site and partner’s sites that they are involved in Behavioural Advertising. Notice means that users should be clearly informed about what data is collected, how it is collected and how it is used. Choice means that users are given the opportunity to opt-out via a simple link. In an ideal world this should be something you only have to do once but, unfortunately, most companies use an opt-out cookie that needs to be replaced (by repeating the opt-out process) if a web user deletes all their cookies.

Respecting consumer choice.
Crimtan has led the industry by implementing a unique opt-out that respects user choice in the long term by ensuring they remain opted-out even when they delete their browser cookies – a first among Behavioural Advertising companies.

For users who aren’t prepared to trust that they have actually have been opted-out by the Behavioural Advertising company they can, of course, opt themselves out by altering their PCs browser settings to reject third party cookies. Any users who are also concerned about Flash cookies can go here to delete and reject these as well.

Summary.
So there you have it - in a nutshell, Behavioural Advertising:

• doesn’t use personal data ( unless you gave it to a company and agreed they could use it).
• is totally anonymous for users who have not offered their personal data.
• has a set of Good Practice Principles that leading practitioners of Behavioural Advertising comply with.
• can easily be opted out of – permanently in Crimtan’s case.

Anyone worried about privacy online could spend their time more profitably examining the privacy policies of social networking sites and free webmail suppliers, or anywhere else that has your personal information – both online and offline.

We're interested to hear the views of other people in the industry. Are people wrong to be concerned about Behavioural Advertising – or should the industry be even more pro-active in reassuring web users? Let's hear your view.