Privacy, or rather, privacy violations, have been much in the news this past summer. By far the biggest event was AOL’s data breach, which made the search queries of 650,000 AOL users public without their consent.
 |
| Remembering All Your Secrets |
But the AOL data breach was just the beginning. Last week, a crop of new and troubling privacy incidents swept across the newswires. Facebook users woke up to the unpleasant realization that the site’s new RSS feed managed to broadcast personal events (such as breaking up a relationship) to people they didn’t know. More than half a million players of Second Life, a popular online virtual reality game, had their personal data, including real names and addresses, stolen by a hacker. Computer giant HP became embroiled in a lurid privacy scandal involving “pretexting” that caused its chairwoman to step down and may land some of the participants in jail. And in a truly bizarre incident on Craigslist, a self-described “prankster” impersonated a woman seeking sexual partners. After receiving more than 150 e-mail responses, he “outed” the responders, some of whose messages contained revealing photos and personal identification details, by posting all the e-mails on a public Web site.
Every day, it seems, there’s a new data leak or privacy breach. Each time this happens, users’ trust in the institution we call the Internet drops a notch, and when marketers are implicated in these breaches, trust in online marketing takes a hit. Users are increasingly seeking to guard personal data, including search query data. A new breed of tools such as TrackMeNot and Lost in the Crowd, which mask user queries from search engines by firing out “junk queries,” are one approach. Other users delete their cookies, or otherwise seek to cloak their identities using various anonymizing programs. These reactions are not only understandable, they’re rational, given how insecure personal information is on the Net.
Marketers walk a fine line through this mined jungle. Search marketers, being in the vanguard of the targeting revolution, need to pay special attention to the privacy issue. Search engines, SEM agencies, and BT technology researchers and vendors all have access to extensive query and user databases which enable us to create efficient, ROI-positive and market share building search campaigns. We all seek competitive advantage, which means knowing more about users and prospects than the next guy. We all welcome the new generation of targeting technologies that lets us analyze the clickstream and historical user behavior to present the best, most relevant ad at the most opportune time. But we also know that if these technologies become overly obtrusive, or if data is shared or released in a way that allows individuals to be identified, we risk causing a user backlash that can set our industry back, either by making it less efficient or, worse, subject to government regulations.
At the same time, users have shown a remarkable willingness to let marketers know quite a bit about them, so long as the line isn’t crossed between “marketing intelligence” and actual “spying.” They want to experience free, ad-supported content and services, and are willing to divulge personal information to get it. Yet none of them want personal data aggregated in a way that encourages spamming, stalking, or in wholesale data releases such as the AOL fiasco which make their most intimate query data public information. These concerns are not idle ones; just this week, Arizona authorities busted Heather Kane, a woman who ordered a murder hit on a woman who became a “Myspace Friend” of her boyfriend’s.
So far, the search engines have brushed aside suggestions that the fact that they retain user query data indefinitely mean that each is sitting on top of a privacy time bomb. Each has provided multiple assurances that this data is secure, but each refuses to discuss the steps it takes to make sure that releases of this data are impossible (in a peculiar way, their stances reflect the posture of the U.S. government, which has admitted that it has multiple electronic surveillance programs in place, but cannot discuss them because to do so would tip off our enemies). Google has taken a tough stance against sharing this data with the U.S. government, but in early September, agreed to share data about its Orkut users with Brazilian authorities. It remains to be seen whether Google will be able to withstand similar inquiries from the U.S. government, especially where national security is implicated by a particular user’s search behavior.
The interactive advertising industry has known about the fine line between marketing intelligence and spying, and has taken what steps it can: the IAB publishes privacy guidelines which all members must adhere to. http://www.iab.net/standards/privacy.asp. Most reputable commercial sites have privacy policies, but having a policy isn’t the real issue (after all, AOL has a privacy policy and so, I’m sure, does Second Life). The real issue isn’t policy, it’s execution, and this is where we have to do a much better job. According to a survey
How do you handle the data flowing through your servers? How tightly do you control its dissemination? What policies are in place to prevent its distribution, inadvertent or intentional, to 3rd parties? What policies do your third-party contractors abide by? All of these questions need to be answered now, while you can safeguard this data, not after an unauthorized data release, by which time it will be too late to shield your organization from civil, and perhaps even criminal liability.
And if you have any doubt that Uncle Sam doesn’t intend to have a vote in how our new era of targeting turns out, take note of the FTC’s recent $1,000,000 fine against social networking site Xanga, which improperly handled personal information about its users.
Ironically in the zeal to protect the privacy of individuals, the government and even the industry may sacrifice the improved ad targeting and user experience that comes from the retention of anonymous data (non Personally Identifiable data). Let’s hope that the right balance is found.
Tag: privacy
Add to 
Del.icio.us | 
Digg | 
Yahoo! My Web | 
Furl
Bookmark WebProNews: 
]]>
Leave a Reply