Data Centers

Behavioral targeting: FTC still prefers self-regulation

Just last week the Federal Trade Commission released new guidelines specifically aimed at behavioral targeting and online privacy. The FTC still wants the advertising industry to make the policies, but warn that they better do it right. Is that enough?

When I first read about behavioral targeting last July, it struck me as being rather invasive, capable of tracking my every move on the Internet. That compelled me to do some in-depth research about behavioral targeting, ending up in an informal series about deep packet inspection, behavioral targeting, and the advertising industry's plans.

Big brother techniques

While writing the series, I couldn't stop associating behavioral targeting with George Orwell's novel 1984 and Big Brother. Many of the members agreed with me. Others aptly pointed out that it totally depended on whether we, as individuals, have the choice of opting in or not. Realistically, that makes sense; besides, being subjected to ads that are relevant is certainly more appealing.

Behavioral targeting revival

As months passed, issues surrounding behavioral targeting seemed to fade away. When I penned "Google G1 Phone: Does It Know Too Much?" I had a hunch that I was going to revive some interest in behavioral targeting. There was a noticeable difference in the ensuing discussion this time though. Many observant readers pointed out that Google's G1 EULA is dramatically different from what was proposed by pioneering behavioral targeting companies such as Phorm and consenting ISPs.

Quite simply, Google requires users to opt in, and you, the members, agreed that was the appropriate process. Besides, no one is being forced to buy the phone. All said and done, my only issue was the lack of details being provided by Google. Also I sensed some confusion as to what behavioral targeting actually entailed, so I thought it might be a good idea to review the process.

Quick review

Behavioral targeting consists of four steps, each required to provide what ad agencies refer to as targeted advertisements:

  • Uniquely identify every user, creating a searchable database for each individual.
  • Track everyone's Internet activities and record all pertinent information in each individual's unique database.
  • Create a user profile using a sophisticated algorithm and the individual's database.
  • Send advertisements that are best suited to be viewed by a particular individual based on prior surfing.

So, the pristine view of behavioral targeting is that it will make the user, Web-host company, and ad agency all happy by providing the user with appropriate advertisements.

So what's the problem?

The area of concern seems to have shifted from the actual behavioral process to what happens to the information that has been gathered, especially when it comes to protecting individual privacy. The Federal Trade Commission (FTC) is the U.S. government organization that's responsible for consumer protection, and it appears that they are very concerned about behavioral targeting and the abuse of personal privacy.

I started to get clued in to the FTC's concern when I read an article by David Kaplan of the Washington Post titled "FTC Issues 'Last Chance' to Ad Industry on Behavioral Targeting." The article made mention of the just-released FTC report titled "Staff Report on Behavioral Advertising" (pdf), which included major revisions. The following four principles are those major changes:

  • Transparency and Consumer Control: Every Web site that uses behavioral targeting should clearly and concisely spell out what they're doing.
  • Reasonable Security, and Limited Data Retention, for Consumer Data: The document states that "Companies should also retain data only as long as is necessary to fulfill a legitimate business or law enforcement need."
  • Affirmative Express Consent for Material Changes to Existing Privacy Promises: In other words, a company must keep its promises that it makes with consumers when it comes to protecting their data. If they get bought or merged with another company, those pledges still hold, unless consumers agree to the changes. If the company revises its policies on privacy, they must receive users' consent before implementing the new rules.
  • Affirmative Express Consent to (or Prohibition against) Using Sensitive Data for Behavioral Advertising: If companies want to collect "sensitive" personal data, it must get users' permission before, not after, it starts collecting.
Far enough?

The new FTC principles seem to eliminate many concerns about how companies using behavioral targeting need to proceed. Still, several of the articles I've read strongly point out that they're only guidelines. That has privacy experts in a pensive state and wondering what will actually be put in place to protect individual privacy.

Final thoughts

It's a start; we all know the wheels of commerce and government turn slowly when it comes to regulation and added cost. So, I'm glad to see movement. We must remain vigilant, though, as these are not enforceable regulations. Each company will have a privacy policy based on their interpretation of the guidelines, so beware and read what it says.

Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic's Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!

About Michael Kassner

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox