future of privacy forum christopher wolf jules polonetsky future of privacy forum
TRANSCRIPT
Future of Privacy Forum
Christopher Wolf
Jules Polonetsky
Future of Privacy Forum
Future of Privacy Forum2
Recent Developments
Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, unique IDs (through cookies or otherwise) or IP addresses.
Notices about ad-serving and behavioral targeting being provided in banner ads or on home pages, in addition to within a privacy policy.
Future of Privacy Forum4
Choice being provided not only as to the sharing of ad-serving data, but with regard to data use by a single company to tailor ads on its own sites.
Future of Privacy Forum5
Figure 1 YAHOO Portal Opt-Out
Future of Privacy Forum6
The establishment of specific data retention policies and anonymization techniques for log-file data.
Access, by consumers, to their profile data.
Examples: http://bluekai.com/consumers.html and http://www.safecount.net/cookies.htm
Future of Privacy Forum7
Figure 2 SafeCount Cookie Information
Future of Privacy Forum8
Data Use: Transparency & Control
If you are tailoring advertising on your Web site using only information related to the user’s activity at your site, is it possible to explain the activity to the user in an obvious manner at the point data is collected or the point it is used? (For example: ‘These links have been selected for you based on your past browsing at this site’)
If not, can a link at the point of collection or use be provided? (For example: ‘Why this ad? Or “about”’)
Future of Privacy Forum9
Figure 3 eBay Examples
Future of Privacy Forum10
If advertising is being tailored across sites owned by one company, is there any common branding such that the user would expect the data to be available at other commonly owned sites?
When assumptions have been made about a user’s interests, can users access information about the data categories that may influence the ads they see?
Examples: http://bluekai.com/consumers.html and http://www.safecount.net/cookies.htm
Future of Privacy Forum11
Data Sharing and User Choice
If data is being shared with an ad network for use on unrelated sites, at a minimum, does the privacy policy explain the sharing of data with an ad network? Does the privacy policy provide a link to allow the user to exercise choice about this sharing of the use of behavioral targeting?
Is the type of targeting and data appending done by the network, its partners and advertisers accurately explained?
If a link is provided to a third party’s choice mechanism, is that mechanism working?
If the user is promised that exercising choice will end any tracking, does the user continue to be assigned a unique Cookie ID that may indicate continued tracking?
Future of Privacy Forum12
Data Sharing and User Choice (cont’d)
Does the ad network resell your ad inventory and user data to other networks?
Does it allow advertisers to pixel the ads delivered to correlate additional data from third parties?
Does it allow advertisers to personally recognize their registered users who view banners at your site?
Are advertisers permitted to create profiles of users based on the locations on your site where ads on their behalf were delivered?
Future of Privacy Forum13
Data Sharing and User Choice (cont’d)
Is this sharing consistent with your site’s privacy policy?
If the data is not being provided to an ad network for behavioral advertising, is data being provided to an ad-server so that you can re-target a user after they have visited your site? Or are you allowing advertisers to use web beacons in the ads they deliver on your site and thus track and/or retarget your users elsewhere? Does your policy reflect this and provide any choice?
Future of Privacy Forum14
Personal Information
If the policy represents that personal information is not being shared:— Is an account ID being provided? — Have steps been taken to ensure this ID isn’t linked to identified
users? — Are efforts being made to link the anonymous ID to third party
data which identifies the user? — Is data being linked to purchase information, online or offline
that identifies users or may identify users if shared further? — Are anonymization processes in place to support this activity?
Future of Privacy Forum15
Personal Information (cont’d)
— Is later off-line purchase activity by a user being tied back to the ad impressions a user viewed at your site?
— If your policy doesn’t allow the sharing of personal data, is there an adequate anonymization in place to support this process?
— Does your P3P policy or your vendors or partners’ policy allow for the type of information being used or shared?
— What categories of user profiles are being created? Is any potentially sensitive, specific health, sexuality, race, religion, ethnicity, children’s data involved?
Future of Privacy Forum16
Data Retention/Security
How long will user level clickstream data be kept by you or your vendors? Is it segregated or mixed with other client log-files?
Are IP addresses logged?
If so, can only a portion of the IP address be logged?
Does the logged IP address have a shorter retention period than other data?
Can they be obscured or deleted after the period they are needed? (Note that some vendors provide such capabilities without any impact to their services.)
Future of Privacy Forum17
Cookies
Is the expiration date of cookies that are used set at the default 30 year expiration date? Is this necessary for the purposes of the data use?
Can it be set much shorter for the period needed for the expressed use?
Is data stored in the cookie?
If personal data is stored in the cookie is it encrypted?
Are flash cookies being used? Do you provide specific guidance about how users can control flash cookies? Note that since standard browser controls do not relate to flash cookies, using flash cookies for robust purposes, such as behavioral advertising, will raise concerns about consumer control and choice. See www.ge.com/privacy.html for a privacy policy explaining how to control flash cookies.
Future of Privacy Forum18
Cookies (cont’d)
Can a cookie and domain unique to your site be used instead of one which potentially links to user activity across sites served by your vendor? Is a “white label” version of the service feasible for your needs?
Can the profile be made available to the user by you or by the vendor? Can the user edit or delete the profile?
Can a user who looks up the name of a particular cookie identify the company that set it and find the privacy policy and practices related to use of the cookie?
Can the list of profile categories that are created generally be made available to provide some transparency?
If an ad network is selling your inventory to other ad networks or via an ad exchange, what steps is it taking to ensure the purchaser respects the commitments made in your privacy policy?
Future of Privacy Forum19
Adware Concerns
If you are purchasing ads on an ad network, does your contract address whether your banners may be delivered into adware programs?
Does your ad network employ any measures to screen and reject adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download program, or by using scanning and spidering techniques to bar rogue programs that put you at legal risk in joining the network?)
Do you participate in an affiliate marketing program, offering commissions to affiliates that generate sales?
Future of Privacy Forum20
Adware Concerns (cont’d)
What steps does your affiliate manager take to ensure your offers do not appear in adware that is installed deceptively? (For example, requiring that any downloadable programs in their network are certified by the TRUSTe Trusted Download, or by using scanning and spidering techniques to bar rogue programs from joining the network?)
Are you paying commissions to rogue affiliates who are “cookie stuffing” or triggering invisible pop-ups at your site to illegitimately claim commissions they are not entitled to??
Seehttp://www.informationweek.com/news/management/show Article.jhtml?articleID=197001757 regarding advertisers being held responsible when their ads inadvertently show up in adware pop-ups.
Future of Privacy Forum21
Malvertising
If you accept advertising directly or allow ads uploaded by third parties, what policy or technical steps are taken to screen out banners placed by criminal “malvertising”companies?
Future of Privacy Forum22
Malvertising (cont’d)
Future of Privacy Forum23
Malvertising (cont’d)
Future of Privacy Forum24
Malvertising (cont’d)
(Screen grabs courtesy of MikeOnAds.com)
Future of Privacy Forum25
Mobile Advertising
Tracking mobile users- is it déjà vu all over again? Companies criticized about not offering a mobile cookie opt-out.
Beware of representations about personal information given the type of identifiers used.
High profile of issue draws advocacy focus despite limited market at present. See January “petition” to the FTC from USPIRG and CDD
IE 8 InPrivate™ Filtering Settings
Third Party.html
Future of Privacy Forum
Resources
Feature Overview - www.microsoft.com/ie8
Safety and Privacy Features - www.microsoft.com/windows/internet-explorer/beta/features/browse-privately.aspx
User Control and Privacy Feature Guide - https://aotalliance.org/resources/index.html
Authentication and Online Trust Alliance (AOTA) - https://aotalliance.org
Future of Privacy ForumCopyright © 2009
29
References and Additional Resources
Behavioral Advertising— TRUSTe.org— Network Advertising Self Regulatory Code— Center for Democracy and Technology Threshold Analysis for
Advertising Practices— Federal Trade Commission Proposal
Adware Concerns— www.BenEdelman.org
Malvertising— http://www.deloitte.co.uk/TMTPredictions/media/Rise-of-
malvertising-threat-to-brands.cfm