Business Case #7 Internet Marketing The Internet has b.docx
John Locke Essay Prize 2014
1. John Locke Essay Prize 2014
Does digital marketing through behavioural advertising invade our
privacy?
Marco Bertone
Introduction
In the 21st Century the nature of advertising has evolved incredibly, advertising in
magazines and on television has by no means been extinguished but big companies
are nowadays paying around £250,000 for a billboard on YouTube’s home page,
where around 35 million unique viewers visit each day. The creation of the internet
and its popularity have made it the most efficient advertising platform in terms of
audience and relevance. In the first half of 2013 US internet advertisement revenue
reached $20.1 billion, up by 18% on 20121. The nature of the game has changed and
the internet is now at the forefront of advertising. Further strides in technology have
led to behavioural targeting which “uses information collected from an individual’s
web-browsing behaviour.”2 It has led in some cases to revenue doubling since any
advertisement shown is relevant to the person it is being shown to and this person, has
in the past, shown an interest in the product thus increasing the likelihood of them
clicking on the ad and eventually buying a product. However, in order to target
consumers, advertisers need to track consumers’ individual activity in order to create
a profile for them; this often occurs without permission from consumers or through
“cookies” whereby users have to allow it in order to access a webpage.
Whilst the collection of behavioural data allows companies to increase the
effectiveness and relevance of their online advertising arguably improving the
consumer experience, it is essential that consumer personal information is used
without breaching people’s right to their privacy.
The open distribution and sharing of information across the web and the increasingly
sophisticated technology used to track collect data on consumer’s habits and clicks
and the ability to analyse the sheer amount of data has created an ecosystem where
there is an increasingly fine line between improving online experience and breaching
consumer privacy.
1 “IAB Internet advertising revenue report 2013 first six months’ results” Internet
Advertising Bureau, October 2013.
2 Chen, Jianqing and Stallaert, Jan, An economic analysis of online advertising using
Behavioural Targeting. Page 3.
2. Data from online users can be collected in two ways: ‘actively’ and ‘passively’; these
two terms refer to the level of participation that that a consumer has in the harvesting
of information. Active online collection refers to the voluntary and manual filling of
forms with information whereas passive collection is a potentially dangerous notion.
Passive methods of collection range from standard cookies and spyware to the most
dangerous invasions of privacy by flash cookies just to name a few; these will be
explained further on in the essay.
Having introduced some of the dangers of behavioural targeting it is important to
highlight some of the new regulations introduced in the past years; these will be
outlined in more detail in the latter parts of the essay but include the cookie policy
registration whereby websites must inform consumers about the use of cookies
through the concepts of ‘opt in’ and in some cases such as in Germany ‘double opt
in’. The concept of ‘opt in’ is relatively simple; before capturing users’ information
the website needs to explicitly ask for permission and requires the user to opt in.
The Dangers of Online Advertising through Behavioural Targeting
As stated in the introduction behavioural targeting has become the primary way
through which companies advertise online and as the Internet Advertising Bureau
define it: “it is the growing way of making the advertising you see on websites more
relevant to your interests and preferences” by using information from web browsing
activity3. The fundamental problem is how this information is accessed and how
much explicit permission is given to allow access to this private information?
The answer is not clear and cannot be determined easily, however, much of the
information collected is passively collected through cookies and more dangerously,
flash cookies.
Standard cookies are files of code which gather information about a consumer after
the consumer visits a website and having manually consented to cookies being used.
They then track the consumer’s online activity “to compile a profile of the consumer’s
online behaviours”4 so as to advertise more relevant products.
3 Internet Advertising Bureau: Behavioural Targeting
http://www.iabuk.net/disciplines/behavioural-targeting
4 Foxes Guarding the Henhouse: An Assessment of Current Self-Regulatory
Approaches to Protecting Consumer Privacy Interests in Online Behavioural
Advertising, Madolyn Orr. Page 9.
3. Flash cookies pose much more significant threats to privacy; unlike regular cookies
that store up to 4KB of data, flash cookies have the ability to store up to 100KB of
consumer data5. Why 100KB? Certainly not because of it being the technological
maximum but because it “is the default setting for the amount of personal information
about a consumer that a website’s flash cookie can store without the explicit consent
of the user”6. Therefore, flash cookies store 25 times the data of standard cookies
without even gaining explicit permission from the online user. 54 of the top 100 most
popular websites already used flash cookies in 2009 and according to Ashkan Soltani
this yielded “a total of 281 individual flash cookies”7.
However, of even more concern is the fact that flash cookies can thwart online users’
attempts to delete regular cookies “meaning a regular HTTP cookie is recreated after
the consumer has used the browser based mechanism to proactively remove it”.8
Thus, any explicit attempts to manage one’s own privacy settings through the deletion
of cookies is prevented and invaded through the use of flash cookies.
In a speech entitled: “Roundtable on Online Data Collection, Targeting and Profiling”
in 2009, the European Consumer Commissioner Meglena Kuneva raised major
privacy concerns to do with the fact that despite personally identifiable information
being eliminated, users still have profiles created of them and are “commercially
targeted based on that profile, even if no one knows their actual name”9. She goes on
to bring up a shocking figure: 4 out of 5 internet users’ information is used without
their knowledge and shared with a third party without their permission10. Rightly, she
concludes with the need to adapt the principles of consumer policy to the new
technological world that exists to maintain the traditional and correct boundaries of
consumer and business relationships.
5 Adobe, What are local shared objects?
http://helpx.adobe.com/flash-player/kb/disable-third-party-local-shared.html
6 Foxes Guarding the Henhouse: An Assessment of Current Self-Regulatory
Approaches to Protecting Consumer Privacy Interests in Online Behavioural
Advertising, Madolyn Orr. Page 10.
7 Ashkan Soltani, Shannon Canty, Quentin Mayo, Lauren Thomas and Chris Jay
Hoofnagle, Flash Cookies and Privacy. (August 10, 2009)
8 Foxes Guarding the Henhouse: An Assessment of Current Self-Regulatory
Approaches to Protecting Consumer Privacy Interests in Online Behavioural
Advertising, Madolyn Orr. Page 10.
9 Meglena Kuneva, Roundtable on Online Data Collection, Targeting and Profiling,
Brussels, 31 March 2009.
10 “ “
4. Collecting information about the online users’ every click is an invasion of privacy;
however, one might argue that only if the information is utilised for a purpose that is
of benefit to the consumer then it could be seen as acceptable.
The fundamental problem is what companies and third parties do with this
information; companies can take advantage of vulnerable consumers’ information for
example to advertise life saving lung treatment to a user suffering from lung cancer.
Furthermore this information is used for purposes beyond advertising without
permission; in August 2013 an internal audit led to the National Security Agency in
America being exposed for having breached online privacy rules “thousands of times
every year” through “unauthorised surveillance”.11
The online world is still a new one, therefore, there is a vast amount of asymmetric
information where companies and advertisers know more than consumers about a
certain topic and fail to inform the population. To use Google as an example, Gmail is
free to everyone, however, “When a user opens an email message, computers scan the
text and then instantaneously display relevant information that is matched to the text
of the message” through advertising.12 Gmail users can’t opt out of receiving these
ads since these sponsored links provide the funding to enable Gmail to remain free.
We trade the benefit of using Google’s email service by giving up the right to keep
our email content private.
This trade off is accepted, however we consumers have more to lose as our emails are
read, private conversations seen by any third party who pays enough and perhaps it
won’t have the name Marco Bertone on the profile created but it will still have all of
my information.
I decided to carry out my own bit of research using Google Consumer Surveys and
the question I asked to the public was: How safely guarded do you think your
information is online?
11 Washington Post article, August 15th 2013 entitled: “NSA broke privacy rules
thousands of times per year, audit finds”
http://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-
thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-
49ddc7417125_story.html
12 Google Privacy Center, Privacy FAQ,
http://www.google.com/privacy_faq.html#toc-mail-ads.
5. People chose one of five options and the results are on the next page.
There are two key pieces of data in my opinion here; the first is that 33.3% of people
said they thought their information was guarded in a satisfactory manner but that this
issue wasn’t of great importance to them. This ignorance and asymmetric information
is the very reason for which advertisers can so easily gain access to much of our
information by almost hiding small phrases which allow it to happen within a thirty
page ‘terms and conditions’ document.
13
31.4% of people thought their information was not safely guarded; this highlights a
key issue within this debate and it is that people feel uneasy and uncomfortable
because they don’t have enough information to know what cookies are and how they
may help them. This figure is the most significant in emphasising how people are
unhappy and fear theft of their personal information online and is what Commissioner
Kuneva brought up and has attempted to solve.
What are the benefits of Data Collection for Digital Marketing?
Having discussed the dangers of data collection and advertising through behavioural
targeting there is still an important question to ask: Why do consumers acquiesce?
There are various answers which will be outlined, but the first and most important is
what keeps the market for online advertising alive: The quality of the service provided
by websites such as Facebook and YouTube is valued greatly as well as being free but
in exchange, consumers accept advertising for the free use of these services.
13 Google Consumer Survey Results carried out 14th August 2014.
Satisfactory and doesn't bother me 33.3%
Not safely guarded 31.4%
Safely guarded 19.6%
Very unguarded
Very unguarded and given to third parties
15.7%
6. Data collection provides a range of benefits from “automatically filling in web forms
to remembering bookmarked websites” which consumers arguably value more than
concerns about their privacy.14
Furthermore, online profiles can be used for great things; for example receiving an
interesting job advertisement that is suited to you can be very beneficial thus
aggregating information is only dangerous in certain circumstances.
However, many consumers acquiesce because they are oblivious to data collection
practices, this is understandable since it is largely collected passively thus, without
explicit permission. 59% of Americans wrongly believe that if a website has a privacy
policy then their personal information cannot be sold without their consent.15
Therefore lack of transparency has led to consumers having imperfect information
about what occurs with their data hence, without knowing that their information could
be sold to a third party, consumers comply.
The third and final reason for consumers acquiescing to data collection in digital
marketing is that their alternatives are very limited. Generally on websites, cookies
are either accepted or you cannot access the webpage. This occurs similarly for free
products such as email, there is no monetary exchange for the product but a quid pro
quo occurs whereby consumers have access to a ‘free’ product in return for the
collection and use of their data for targeted advertising.
Changes in Regulation
Having discussed both the dangers and benefits of advertising through behavioural
targeting it is important to now see the recent changes in regulations so as to protect
consumers more.
These include the relatively recent Cookie Policy registration brought in around two
years ago whereby an ‘opt in’ mechanism is used and users must consent to the use of
cookies on all websites. This means consumers have the choice as to whether accept
14 Foxes Guarding the Henhouse: An Assessment of Current Self-Regulatory
Approaches to Protecting Consumer Privacy Interests in Online Behavioural
Advertising, Madolyn Orr. Page 33.
15 Joseph Turow, Lauren Feldman, & Kimberly Meltzer, Open to Exploitation:
American Shoppers Online and Offline, ANNENBERG PUBLIC POLICY CENTER
OF THE UNIVERSITY OF PENNSYLVANIA (2005) available at
http://www.annenbergpublicpolicycenter.org/NewsDetails.aspx?myId=31.
7. cookies and continue or leave the webpage. In countries such as Germany with
stricter regulation ‘double opt in’ occurs thus, users have to consent twice to the use
of cookies or other codes which might access their data to be used for advertising so
as to be certain that users have consented and read their cookie policy.
Conclusion
A recent study by the Pew Research Center discovered that an “overwhelming
majority of Internet users (84%) are concerned about businesses or people they don’t
know getting personal information about themselves or their families. Some 54% say
they are ‘very concerned.’”16 Having carried out my own research this supports the
idea that lack of trust online is becoming an issue due to lack of transparency by
advertisers.
With groundbreaking strides in technology and huge competition between companies,
they have had to maximise the efficiency of all their investments through behavioural
advertising so as to target a potential customer. The problem arises with how personal
information is collected using flash cookies and various other files of code but
perhaps more significantly is what happens with this information. Many people are
aware of this and are concerned as gives the figure above however, not everyone.
Symmetric information does not currently exist in this industry; most online users
don’t have two hours to read the terms and conditions or privacy regulations of every
webpage they visit which has cookies. Lack of information is in my opinion the
greatest problem within this controversial issue; once fully informed, people can
make their own decisions about whether or not to accept data collection however,
everyone has the right to learn the information and it is this lack of transparency,
which puts users in danger of information theft.
Now more than ever, there is a need to regulate this data collection to control how
much software mechanisms like flash cookies can actually achieve and as Meglena
Kuneva said “consumer rights must adapt to technology, not be crushed by it.”17
16 American Association of Advertising Agencies, et al., Self-Regulatory Principles
for Online Behavioral Advertising 1 (July 2009), http://www.iab.net/media/file/ven-
principles-07-01-09.pdf.
17 Meglena Kuneva, Roundtable on Online Data Collection, Targeting and Profiling,
Brussels, 31 March 2009.
8. Ultimately behavioural targeting in online advertising doesn’t automatically breach
consumer privacy but there is a risk that this can occur when information is collected
with user consent and without respecting their right to be informed.
In my week of work experience at Google I asked Matt Brocklehurst who works in
Marketing what he thought the future of online advertising would be and he said
“where adverts are so specific to the online user that they are enjoyed and not even
noticed in stark contrast to the way nowadays they are seen as a nuisance.” 18
Nevertheless it is important to know great strides have been made through opt in
cookie regulations and ultimately the user always has the power since with a click of a
button, they can leave.
The future of marketing is bright with an ever-increasing number of platforms to
advertise products but online user protection must be at the forefront of any
technological advance so as to reap the benefits without feeling that your privacy has
been violated.
18 In my week of Work Experience at Google, July 14th-18th. Matt Brocklehurst,
Marketing for Google.
9. Bibliography
Documents:
“IAB Internet advertising revenue report 2013 first six months’ results”
Internet Advertising Bureau, October 2013.
Chen, Jianqing and Stallaert, Jan, An economic analysis of online advertising
using Behavioural Targeting.
Madolyn Orr, Foxes Guarding the Henhouse: An Assessment of Current Self-
Regulatory Approaches to Protecting Consumer Privacy Interests in Online
Behavioural Advertising.
Ashkan Soltani, Shannon Canty, Quentin Mayo, Lauren Thomas and Chris Jay
Hoofnagle, Flash Cookies and Privacy. (August 10, 2009)
Meglena Kuneva, Roundtable on Online Data Collection, Targeting and
Profiling, Brussels, 31 March 2009.
Joseph Turow, Lauren Feldman, & Kimberly Meltzer, Open to Exploitation:
American Shoppers Online and Offline, ANNENBERG PUBLIC POLICY
CENTER OF THE UNIVERSITY OF PENNSYLVANIA (2005)
American Association of Advertising Agencies, et al., Self-Regulatory
Principles for Online Behavioral Advertising 1 (July 2009).
The Value of Behavioural Advertising by Howard Beales.
Articles:
Washington Post article, August 15th 2013 entitled: “NSA broke privacy rules
thousands of times per year, audit finds”
http://www.washingtonpost.com/world/national-security/nsa-broke-privacy-rules-
thousands-of-times-per-year-audit-finds/2013/08/15/3310e554-05ca-11e3-a07f-
49ddc7417125_story.html
Websites:
http://www.consumerfed.org/elements/www.consumerfed.org/file/Online_Beh
avioral_Advertising_fact_sheet(1).pdf
Consumer Federation of America: Behavioural Advertising
http://en.wikipedia.org/wiki/Behavioral_targeting
Wikipedia Page: Behavioural Targeting and Wikipedia Page: Digital
Marketing http://en.wikipedia.org/wiki/Digital_marketing