Some notes and links, and a brief history of key UK, EU and US developments over the last few months, in relation to online behavioural advertising (or OBA - variously known as behavioral targeting, behavioural tracking or behavioral marketing).
As online advertising generally grows, OBA will be increasingly important. In September 2009 a study of UK online advertisers including agencies found that 57% had increased their spend on online display advertising over the previous year, with 72% expecting their spending to increase over the next year. (And increase it did.)
Just a couple of days ago, a separate report found that UK online advertising hadn't been affected by the recession as much as other types of media marketing, with UK advertisers spending £3.54 billion online in 2009 (5.7% more than in 2008) even while other types of advertising fell by 16%. The report predicted that although online ad spending would level out in 2011, it would rise again in 2012, the UK Olympics year.
Does behavioural advertising help advertisers or is it counter-productive; what do consumers think of OBA?
Some research indicates OBA actually hurts advertisers, other studies suggest it helps them. It seems the outcome might perhaps depend on who's doing the research, or rather who commissioned it.
Rotman, University of Toronto. A study from this university, released 14 June 2010, said "You could match an ad to a web page’s content – such as putting a car ad on an auto consumer website. Or, you could make it stand out with eye-catching pop-up graphics and video. But don’t waste your marketing budget putting the two strategies together. The first large-scale study looking at thousands of online ad campaigns says that in combination, these approaches make viewers feel like their privacy is being invaded – and turns them off." See "Online Display Advertising: Targeting and Obtrusiveness", Avi Goldfarb and Catherine Tucker, February 2010.
From the abstract (emphasis added):
"We use data from a large-scale field experiment to explore what influences the effectiveness of online advertising. We find that matching an ad to website content and increasing an ad’s obtrusiveness independently increase purchase intent. However, in combination these two strategies are ineffective. Ads that match both website content and are obtrusive do worse at increasing purchase intent than ads that do only one or the other. This failure appears to be related to privacy concerns: The negative effect of combining targeting with obtrusiveness is strongest for people who refuse to give their income, and for categories where privacy matters most. Our results suggest a possible explanation for the growing bifurcation in internet advertising between highly targeted plain text ads and more visually striking but less targeted ads."
This seems to be the "creepy" factor.
University of California, Berkeley and the University of Pennsylvania. A survey by academics (including lawyers), reported on 30 Sept 2009 in the New York Times, showed that 2/3 of Americans object to online tracking by advertisers. See "Contrary to what marketers say, Americans Reject Tailored Advertising and Three Activities that enable it", by Joseph Turow, Jennifer King, Chris Jay Hoofnagle, Amy Bleakley and Michael Hennessy.
In contrast -
NAI. 2010 study of 12 advertising networks, sponsored by US ad networks industry body Network Advertising Initiative (NAI). (An ad network sits between advertisers and publishers, reselling publishers' advertising space to advertisers.)
This study on the effect of behaviorally targeted advertising on advertising rates and revenues, headlined that OBA was "more than twice as valuable, twice as effective". It found that the average CPM (cost per 1000 impressions i.e. page views) for behaviorally targeted advertising was just over twice the average CPM for run-of-network advertising; "On average across participating networks, the price of behaviorally targeted advertising in 2009 was 2.68 times the price of run of network advertising"; advertising using behavioral targeting was "more successful than standard run of network advertising [conversion rate 6.8% compared with 2.8%], creating greater utility for consumers from more relevant advertisements and clear appeal for advertisers from increased ad conversion"; and most network advertising revenue was spent on acquiring inventory from publishers, "making behavioral targeting an important source of revenue for online content and services providers as well as third party ad networks".
IAB. In October 2009 the Internet Advertising Bureau, which is the UK industry body for digital marketing, announced research with UK law firm Olswang showing that "the appeal of behavioral advertising increased from 23% to 75% once consumers were given further information, such as what information is actually collected and used and their right to opt-out… This research highlights the need for further education and supports our approach in providing greater reassurance about behavioural advertising. We know that once internet users are presented with all the facts the appeal of targeting advertising increases…" (See the IAB press release for more findings on consumers' attitudes to online privacy.)
Wilkinson Plus. One concrete example at least of where OBA seems to have helped a company is the case of Wilkinson Plus which used an "intelligent recommendations engine" "to generate, in real-time, individual recommendations relevant to that person. These are based on data including where visitors have come from, where they go, what they add to the basket as well as what they buy." They said in November 2009 that after introducing this system, online conversion rates increased by 22.9% while average order values rose by 16%.
Privacy and behavioral economics
"Nudging Privacy - The Behavioral Economics of Personal Information", Nov/Dec 2009, by Alessandro Acquisti of Carnegie Mellon University, may also be of interest generally -
"individuals are less likely to provide personal information to professional-looking sites than unprofessional ones, or when they receive strong assurances that their data will be kept confidential (see http://ssrn.com/abstract=1430482). We’ve found that individuals assign radically different values to their personal information depending on whether they’re focusing on protecting data from exposure or selling away data that would be otherwise protected. We’ve found that they might also suffer from an illusion of control bias that make them unable to distinguish publication control from control of access to personal information…"
Regulation - and self-regulation?
Good Practice Principles. In March 2009, the IAB had launched their publication Good Practice Principles for Online Behavioural Advertising (PDF download), "the UK’s first self-regulatory guidelines to set good practice for companies that collect and use data for online behavioural advertising purposes." There have since been audited certifications of compliance with these principles by 7 organisations including some AOL, Google, Microsoft and Yahoo entities.
"Your online choices" site. In March 2009 the IAB also launched "Your online choices - a guide to online behavioural advertising", a website targeting consumers, billed as "guide to online behavioural advertising and online privacy."
Opt out. The site provides a page to opt out of behavioural advertising, but there are only 6 participating companies including MSN and Yahoo at the date of this blog. The page also links to NAI's own opt out page whose participating companies include Google and Microsoft. (See also NAI's opt out protector, an add on for the Firefox browser).
Guide to OBA. Soon after their consumer study, mentioned above, in November 2009 the IAB launched "A guide to online behavioural advertising" (PDF download), saying "The guide demystifies the technique and explains how behavioural advertising works, how it differs to other types of targeted advertising on the internet, its benefits to web publishers and advertisers, consumer attitudes as well as an introduction to online privacy and industry good practice."
Children? The DCSF's "The Impact of the Commercial World on Children’s Wellbeing Report of an Independent Assessment For the Department for Children, Schools and Families and the Department for Culture, Media and Sport" published in December 2009 and mentioned by the IAB, noted -
"There have been a number of best practice guides (e.g. Network Advertising Initiative) which agree that it should be very clear to consumers what data is being collected about them, where it goes, and how they can opt out of data collection. There have also been some guidelines (e.g. Internet Advertising Bureau) for behavioural targeting which state that it must be clear to consumers that they are being tracked for the purposes of advertising and that they are given the choice to opt out of being tracked. However, none of these guidelines takes children into consideration or make provision for age-appropriate information on children’s sites."
Internet Advertising Bureau Europe (IABE)
UK MPs and Lords - ApComms
In October 2009, ApComms (formerly known as the All Party Internet Group or APIG, so the name change wasn't a bad idea) published “Can we keep our hands off the net?” Report of an Inquiry by the All Party Parliamentary Communications Group, following a 6 month inquiry. There's a summary of the report too.
One question they asked was "Should the Government be intervening over behavioural advertising services, either to encourage or discourage their deployment; or is this entirely a matter for individual users, ISPs and websites?"
Their report contains a substantial section discussing the pros and cons of regulating behavioural advertising, and OBA to children. Their conclusions on OBA:
"115. We were deeply disappointed that Google, the clear market leader in online advertising, and the operator of a rather different type of behavioural advertising system, did not submit any evidence to this inquiry, despite a specific request from us to do so.
116. We do not believe that it is at all appropriate to consider the deployment of any type of behavioural advertising system without explicit, informed, “opt-in” by everyone whose data is to be processed, and whose behaviour is to be monitored and whose interests are to be deduced. We do not believe that “opt-out”, however commercially convenient, is the way that these systems should be run. To that extent, the Good Practice Principles promoted by the Internet Advertising Bureau are insufficient to protect people.
117. We recommend that the Government review the existing legislation applying to behavioural advertising, and bring forward new rules as needed, to ensure that these systems are only operated on an explicit, informed, opt-in basis.
118. We are particularly concerned that behavioural advertising systems may be being deployed without sufficient consideration being given to protecting the interests of children and young people. We did not receive sufficient evidence to form a view as to the way forward, but it is a matter that requires urgent consideration. We recommend the UK Council for Child Internet Safety (UKCCIS) consider how behavioural advertising that is aimed at children and young people should be regulated."
Office of Fair Trading
On 25 May 2010, UK regulator OFT, which has some responsibility for consumer issues, published a market study setting out its current views on behavioural advertising and targeted pricing practices. They announced the commencement of their study in October 2009, just before the IAB published the results of their own consumer study.
The OFT report found that (emphasis added) -
"although industry self-regulation addresses some concerns about behavioural advertising, more could be done to provide consumers with better information about how personal information is collected and used. It also sets out how regulation might apply to these new and emerging practices… while behavioural advertising may offer benefits to consumers such as, for example, free access to content, there are objections to the practice which centre around privacy issues and the possibility for the misuse of personal data.
To address these concerns, the OFT will encourage the IAB, the trade association for online advertising, to work with the industry to provide clear notices alongside behavioural adverts and information about opting out…
…the Consumer Protection from Unfair Trading Regulations 2008 (CPRs) could also apply to business practices in this area, for example misleading consumers about the collection of information where this would lead consumers to alter their 'transactional decision'. This would include, in the OFT's view, a decision on whether or not to visit a website.
Should industry action prove ineffective, the OFT and the ICO [UK data protection regulator] are strengthening the effectiveness of regulation by seeking to agree a Memorandum of Understanding to establish in which circumstances the ICO, or the OFT, would take enforcement action… [the possible overlap with the Information Commissioner is because of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (Privacy Regulations) implementing the EU Directive, and see the ICO's draft Personal Information Online Code of Practice which is to be published shortly, in July 2010.]
The study also examines the prospects for the online targeting of pricing based on previous purchases, browsing behaviour or geographic location. Research suggests that consumer opposition to such practices would be very strong. This has led the OFT to conclude that consumers who knew that targeted prices were being applied would change their behaviour, meaning that failure to inform consumers about the practice could breach the CPRs and in such an event the OFT would consider enforcement action."
And there's a short article on the UK law on OBA generally by Nigel Williams of law firm Fox Williams in Computing, May 2010.
Article 29 Working Party
The Article 29 Working Party's opinion on OBA, "Opinion 2/2010 on online behavioural advertising" WP171 22 June 2010, was recently published, as presaged in their work programme for 2010-2011. (A fuller report will follow in due course.)
The EU data protection regulators have interpreted Directive 2002/58/EC (Directive on privacy and electronic communications aka e-Privacy Directive), amended by the telecoms reform package last year, as requiring explicit consent to be positively given before advertisers can plant a cookie on website visitors' computers - it's not enough to say there must have been implicit consent because the consumer's browser was set up to accept cookies automatically (which is the default setting on all major browsers). In other words, it's an opt in rather than opt out approach. And OBA is forbidden in relation to children.
Advertisers have protested strongly that it's "an overly strict interpretation", is "out of step with the relationships that businesses and consumers are building online and flies in the face of the reality of the Internet."
Other EU pronouncements
Commissioner Reding in a speech of 6 October 2009 said "European privacy rules are crystal clear: a person's information can only be used with their prior consent. Transparency and choice are key words in this debate. The Commission is closely monitoring the use of behavioural advertising to ensure respect for our privacy rights. I will not shy away from taking action where an EU country falls short of this duty. A first example is the infringement action the Commission has taken with regard to the United Kingdom in the Phorm case [see more on Phorm's "industrial scale snooping", the EU Phorm action and other EU action against the UK on data protection in June 2010 and October 2009]." Much of this echoed her earlier speech in March 2009.
Subsequently, in a speech on 5 November 2009 consumer Commissioner Kuneva (as she then was) announced "a Stakeholder Forum on Fair Data Collection that will meet several times next year", in relation to "online collection of personal and behaviour data. This is currently being done on an unprecedented scale on a massive scale and mostly without any user awareness at all." (See also a previous speech by her in this regard in March 2009; and see generally COMMISSION STAFF WORKING DOCUMENT - Report on cross-border e-commerce in the EU, March 2009.)
And in January 2010 and March 2010 Commissioner Reding again reiterated that behavioural advertising is very much on the EU's radar, along with RFIDs, social networking, video surveillance etc, as they produce proposals to update the EU Data Protection Directive, due to be published by end 2010.
Her latest pronouncement on the issue, just last week on 22 June 2010 - "online operators use behavioural advertising to create profiles of users' online activities to better target them with advertising. There are estimates that this market will grow to over €3 billion in 2012, eight times as much as in 2007. Advertising pays for a large part of the services that makes the internet world turn. But our data protection principles say that peoples' emails and online activity can only be used this way if individuals are fully aware of the use and they do not object. So we need rules that make the obligations for respecting privacy rights very clear."
Reding's March 2009 speech talked about use of personal information only "with their prior consent", but interestingly last week (as quoted above) she used the phrase "do not object". Although Commissioner Reding seemed to be against an opt out approach generally, might this phraseology signal some degree of softening in the Commission's stance? In an even more recent speech earlier this month, she said "Internet users must have effective control of what they put online and be able to correct, withdraw or delete it at will… I see the need for having more clarity about what "users' consent" means in practice. This is one of the essential steps if we are to build a firm basis of trust. Users must have informed consent to use of their personal data. In practice, that means working to avoid ambiguous and confusing information or the absence of any real information. More trust also means more legal certainty for the "merchants of data."
There will undoubtedly be lots of lobbying in the EU on OBA over the next few months or years.
Impact of advertising on consumer behaviour - resolution adopted by European Parliament, 15 Dec 2010
In February 2009 the US Federal Trade Commission, which like the UK OFT has some consumer responsibilities, issued an FTC Staff Report: Self-Regulatory Principles For Online Behavioral Advertising (which NAI summarised). Their 4 principles were -
- Transparency and Consumer Control
- Reasonable Security, and Limited Data Retention, for Consumer
- Affirmative Express Consent for Material Changes to Existing Privacy Promises, and
- Affirmative Express Consent to (or Prohibition Against) Using Sensitive Data for Behavioral Advertising.
In July 2009, a coalition of ad industry bodies including the IAB (a separate US organisation, not the UK one) then released "Self-Regulatory Principles for Online Behavioral Advertising" (PDF) comprising principles intended to correspond with the FTC's principles (with the addition of Education and Accountability), including the requirement for "enhanced notices" to consumers on websites collecting their data, with common wording and a prominent link or icon.
On 1 September 2009, a coalition of several consumer and privacy groups, unhappy with self-regulation which they felt was inadequate to protect consumers, urged the US Congress to enact legislation to protect consumer privacy "in response to threats from the growing practices of online behavioral tracking and targeting."
See the CDT press release for the principles espoused by the coalition, including their Online Behavioral Tracking and Targeting: Legislative Primer of September 2009 and short overview. (The Electronic Freedom Foundation's 3-part series on how tracking can be carried out is very instructive, and explains the technical aspects well for non-computer scientists.)
In April 2010, NAI and US IAB released "CLEAR (Control Links for Education and Advertising Responsibly) Ad Notice Technical Specifications, to enable implementation of the July 2009 "enhanced consumer notice" approach on third party websites carrying advertising. CLEAR comprised -
"a set of common technical standards enabling enhanced notice in online ads. These technical specifications will allow advertisers and ad networks to begin offering a clickable icon in or near online ads that directs users to additional information about online behavioral advertising and choices about such ads…
…The CLEAR Ad Notice Technical Specifications detail how third-party media companies, such as advertising networks, can provide enhanced notice to consumers through an industry standard set of metadata tags that are delivered along with behaviorally targeted advertisements. Those metadata tags include information on which organization(s) served the ad, where to find their advertising policies and how to opt-out of such targeting in the future…."
Later in April 2010, the FTC decided to review the Children’s Online Privacy Protection Rule (COPPA Rule) to make sure that it is still adequately protecting children’s privacy, including "Whether Web site operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected from children online in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly". And they're consulting on iSAFE proposed guidelines to help website operators comply with COPPA.
So in the USA too, things are still in a state of flux on OBA.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.