Early last month I wrote a piece entitled Do Not Track Is An Opportunity, Not a Threat. In it I covered Microsoft’s controversial decision to incorporate a presumptive “opt out of tracking” flag in the next release of its browser, which many in the ad industry see as a major blow to the future of our business.
In the piece, I argued that Microsoft’s move may well force independent publishers (you know, like Searchblog, as well as larger sites like CNN or the New York Times) to engage in a years-overdue dialog with their readers about the value exchange between publisher, reader, and marketer. I laid out a scenario and proposed some language to kick that dialog off, but I gave short shrift to a problematic and critical framing concept. In this post, I hope to lay that concept out and offer, by way of example, a way forward. (Caveat: I am not an expert in policy or tech. I’ll probably get some things wrong, and hope readers will correct me if and when I do.)
The “concept” has to do with the idea of a first-party relationship – a difficult to define phrase that, for purposes of this post, means the direct relationship a publisher or a service has with its consumer. This matters, a lot, because in the FTC’s recently released privacy framework, “first-party marketing” has been excluded from proposed future regulation around digital privacy and the use of data. However, “third-party” marketing, the framework suggests, will be subject to regulation that could require “consumer choice.”
OK, so in that last sentence alone are three terms, which I’ve put in quotes, that need definition if we are going to understand some pretty important issues. The most important is “first-party marketing,” and it’s damn hard to find a definition of that in the FTC document. But if you go back to the FTC’s *preliminary* report, issued in December of 2010, you can find this:
First-party marketing: Online retailers recommend products and services based upon consumers’ prior purchases on the website.
Later in the report, the term is further defined:
Staff proposes that first-party marketing include only the collection of data from a consumer with whom the company interacts directly for purposes of marketing to that consumer.
And in a footnote:
Staff also believes that online contextual advertising should fall within the “commonly accepted practices” category (Ed. note: Treated as OK, like first party marketing). Contextual advertising involves the delivery of advertisements based upon a consumer’s current visit to a web page or a single search query, without the collection and retention of data about the consumer’s online activities over time. As staff concluded in its 2009 online behavioral advertising report, contextual advertising is more transparent to consumers and presents minimal privacy intrusion as compared to other forms of online advertising. See OBA Report, supra note 37, at 26-27 (where a consumer has a direct interface with a particular company, the consumer is likely to understand, and to be in a position to control, the company’s practice of collecting and using the consumer’s data).
The key issue here for publishers, as far as I can tell, is this: “the delivery of advertisements based upon a consumer’s current visit to a web page or a single search query, without the collection and retention of data about the consumer’s online activities over time…where a consumer has a direct interface with a particular company, the consumer is likely to understand, and to be in a position to control, the company’s practice of collecting and using the consumer’s data.”
Whew. OK. We’re getting somewhere. Now, when that 2010 report came out, many in our industry freaked out, because of the next sentence, one which refers to – wait for it – third party marketing:
If a company shares data with a third party other than a service provider acting on the company’s behalf – including a business affiliate unless the affiliate relationship is clear to consumers through common branding or similar means – the company’s practices would not be considered first-party marketing and thus they would fall outside of “commonly accepted practices” … Similarly, if a website publisher allows a third party, other than a service provider, to collect data about consumers visiting the site, the practice would not be “commonly accepted.”
Now, this was a preliminary report, and the final report, which as I said earlier came out this past Spring, incorporates a lot of input from companies engaged in what the FTC described as “third party” marketing – companies like Google that were very concerned that the FTC was about to wipe out entire swathes of their business. And the fact is, it’s still not clear what’s going to be OK, and what isn’t. For now, my best summary is this: it’s OK for websites that have a “first party” relationship to use data collected on the site to market to consumers. If, however, those sites was to let “third parties” market to consumers, then, at some point soon, the sites need to figure out a way to give “consumers a choice” to opt out. If they don’t, they may be subject to regulation down the road.
Which brings us back to “Do Not Track,” or DNT. Now DNT has been held up as the easiest way to give consumer a choice about this issue – if a consumer has DNT enabled on their browser, then that consumer has very clearly made a choice – they don’t want third-party advertisements or data collection, thank you very much. See how easy that was?
Wrong, wrong, wrong!!! As implemented by Microsoft in IE 10, DNT is an extremely blunt instrument, one that, in fact, does *not* constitute a choice. It’s defaulted to “on,” which means that a consumer is not ever given a choice one way or the other. And once it’s on, it’s the same for every single site – which means you can’t say that you’re fine with third-party ads on a site you love (say, Searchblog, naturally), but not fine with a site you don’t like so much (say, I dunno, You Got Rick Rolled).
That’s pretty lame. Shouldn’t we, as consumers, be able to chose which sites we trust, and which we don’t? That’s pretty much the point of my post on DNT last month.
Fact is, we don’t really have a way to demonstrate that trust. Many in the industry – including the IAB, where I am a board member – are working to clarify all this with the FTC. The working assumption is that it’s far too much to ask of most publishing sites to give consumers a choice, much less give them access to the data used to “target” them.
Well, I’m not so sure about that.
Check out this screen shot from independent site GigaOm (yes, FM works with GigaOm):
A few other sites are starting to do similar notices – and I applaud them (this is already becoming standard practice in the UK, due to strict regulations around cookies). GigOm is saying, in essence, that by simply continuing to read the site, you agree to their privacy policies. Now, take a look at what GigaOm’s policy has to say about “third party advertising:”
GigaOM may allow third party advertising serving companies, including ad networks (“Advertisers”), to display advertisements or provide other advertising services on GigaOM. These third party Advertisers may use techniques other than HTTP cookies to recognize your computer or device and/or to collect and record demographic and other Information about you, including your activities on or off GigaOM. These techniques may be used directly on GigaOM….Advertisers may use the information collected to display advertisements that are tailored to your interests or background and/or associate such information with your subsequent visits, purchases or other activities on other websites. Advertisers may also share this information with their clients or other third parties.
To summarize: By reading GigaOm, you’ve made a choice, and that choice is to let GigaOm use third-party advertising. It’s a nifty move, and one I applaud: GigaOm has just established you as a first party to its content and services just like….
….Facebook, which just announced revenue of more than a billion dollars last quarter. Facebook, of course, has a first-party relationship with 955 million or so of us – we’ve already “opted in” to its service, through the Terms of Service we’ve all agreed to (and probably not read.) We’ve made a choice as consumers, and we’ve chosen to be marketed to on Facebook’s terms.
The same is true of Apple, Amazon, eBay, Yahoo, and any number of other large services which require registration and acceptance of Terms of Service in order for us to gain any value from their platforms. Google and Microsoft have been frantically catching up, getting as many of us as they can to register our identity and agree to a unified TOS in some way.
But what about independent publishers? You know, the rest of the web? Well, save folks like GigaOm (and AllThingsD, which warns its audience about cookies), we’ve never really paid attention to this issue. In the past, publishers have avoided doing anything that might get in the way of an audience consuming their content – it’s a death sentence if you’re engaged in the high holy art of Increasing Page Views. And bigger publishers like Time or Conde Nast don’t want to rock the boat, they’ll wait till a consensus forms, and then follow it.
But I like what GigaOm has done. It’s a very clear notice, it goes away after the first visit, and it reappears only if you’ve cleared your cookies (which happens a lot if you run an anti-virus program).
I think it’s time the “rest of the web” follows their lead. We rely on third-party advertising services (like FM) to power our sites. We live in uncertain times as it relates to regulation. And certainly we have direct relationships of trust with our audiences – or you wouldn’t be reading this far down the page. It’s time the independent web declares the value of our first-party relationships with audiences, and show the government – and our readers – that we have nothing to hide.
I plan to look into ways we might make easily available the code and language necessary to enact these policies. I’ll be back with more as I have it….
*Now, the other two terms bear some definition as well. I think it’s fair to say “consumer choice” means “give the consumer the ability to decide if they want their data used, and for what purposes,” and “third party marketing” means the use of data and display of commercial messages on a first party site by third-party companies – companies that are not the owner of the site or service you are using.