A brief refresher on privacy and behavioral advertising

Few areas of online advertising have caused as much confusion lately as issues of privacy; specifically with regard to online behavioral advertising. Given this is such an important subject to Collective, and our premium, brand advertisers, we thought it would be beneficial to review some of the most commonly asked questions.

What is behavioral advertising?

Online behavioral advertising (‘OBA’), sometimes called “interest-based advertising,” is a method by which advertising can be targeted to audiences based on their preferences, or interests inferred from Web viewing behaviors.

The purpose of OBA is to deliver relevant advertising to specific computers or devices in ways that enrich the consumer online experience and provide advertisers with the ability to reach desired audiences at scale.

OBA is made possible through the use of small text files stored in a person’s web browser, called cookies.

What are cookies?

Cookies are a website’s way of remembering browsing preferences. It allows the site to provide a customized experience, such as displaying personalized news, local weather, enable email. Only the website or ad company that sets a cookie can read it later, and just like real cookies, Internet cookies expire. Collective’s cookies expire after 90 days, for example.

Cookies are also used by online advertising companies to help track performance, provide information about how many times an advertisement has been seen and what sites were being visited when it appeared.

Cookies contain only non-personally identifiable information.

What is PII?

A fundamental tenet of reputable online advertising companies is to collect and manage only non-personally identifiable information (non-PII) from web users.

Advertising networks such as Collective go out of their way to avoid linking to any personally identifiable information such a name, address, phone number, email address, or credit card number to the cookies used for targeting. Rather, ads are targeted based on the computer’s browsing history – not an individual’s personal information.

Collective will only work with data partners who respect individual privacy and use non-PII. We require our data partners to complete our privacy questionnaire – so we obtain complete transparency regarding partner privacy and data transparency practice and ensure that they are a ‘safe’ partner.
 

What is the Digital Advertising Alliance and the NAI?

The Digital Advertising Alliance (DAA) is a joint effort of the nation’s largest media and marketing organizations that has been established to create and govern the industry’s Self-Regulatory Program for Online Behavioral Advertising.

Collective is a member of the DAA, as well as its member organizations the IAB, DMA, 4As and the NAI.

Collective is fully compliant with the DAA’s self-regulatory program, meaning we provide an opt-out to OBA, adhere to certain data, privacy and vendor standards.

Collective has undergone two NAI privacy audits (2009 & 2010) and passed both times.

Collective has some of the industry’s highest privacy standards, including conducting audits of our vendors and partners, and employing recognized leaders in the digital privacy arena.

What is the “OBA Enhanced Notice Icon?”

A prominent feature of the Self-Regulatory Program for Online Behavioral Advertising is the call for entities engaged in online behavioral advertising (including agencies, ad networks, publishers and DSPs) to clearly inform consumers about data collection and use practices through enhanced notice provided via an icon (illustrated right).

Because Collective is a member of NAI and the Digital Advertising Alliance and is actively engaged in the industry’s self-regulatory program for online behavioral advertising, we will be serving the Enhanced Notice icon on all behaviorally targeted advertising we serve beginning in March.

You can find very detailed information on the program here.

Collective has partnered with Evidon (formerly known as The Better Advertising Project) to enable OBA notification on all ads placed through Collective's network. The first approved platform for managing OBA compliance, Evidon has been in market at scale since July 2010, empowering consumers with a robust notice experience on billions of monthly impressions.

Collective also will enable the 28 publishers that use our AMP platform -- including EverydayHealth.com, AARP, and Internet Broadcasting -- to easily serve ads with icons powered by Evidon.

The icon gets served in a layer over the ad, so agencies do not have to design the icon into their creative.

How does the icon get on the ads?

The industry has agreed on a standard set of specifications for how the OBA notification icon appears in ads. When the notification icon is being served by Collective, through our integration with Evidon, the icon will appear over the ad unit in the upper, right-hand corner (see image on left).

Since the icon can be served by multiple parties, including ad agencies, the technology addresses what is called “collision,” when more than one party attempts to serve the icon on the same ad. This gets handled automatically, so the advertiser does not need to worry about implementation.

What are "Flash cookies?"

Flash cookies differ from browser-based HTML cookies in a number of respects, including their ability to re-install previously deleted HTML cookies, making it difficult for users to opt-out of behavioral targeting.

Some networks have used Flash cookies to artificially inflate their performance figures to advertisers. In August, 2010, it was reported that one large network was being sued for violating user privacy through the use of Flash cookies. Several major web publishers were also named in Flash cookie suits.

Collective does not, nor have we ever used Flash cookies.

The use of Flash cookies was first reported by researchers from the University of California at Berkley in a study published in August 2009. The Federal Trade Commission (“FTC”) has yet to formally weigh in on the use of Flash cookies, but the NAI forbids their use.

What is "browser history sniffing?"

This past December, another ad network and its clients found themselves being sued for using a technique called “browser sniffing."

This technique takes advantage of a vulnerability in Web browsers to read a user’s history file. It is an unfortunate attempt to thwart a user’s ability to exercise Choice when it comes to online behavioral advertising, which falls well outside of current industry standards.

Be assured that Collective has never deployed, nor will we ever use, such techniques.

Advertisers and agencies should be wary of unusually strong ad performance metrics. That could be a sign of falsely measuring attribution.

What is Do Not Track, and how are Web Browsers involved?

On December 1, 2010, the FTC issued a paper “Protecting Consumer Privacy in an Era of Rapid Change,” which hinted at possible future government regulation, including a “do not track list.”

Nothing specific has been proposed and it’s difficult to assess how significant these statements are, however, industry trade organizations have said that they do expect to see congress move towards some type of additional legislation, possibly including some type of ‘do not track.’

For now, it’s wait and see. But its clear that additional privacy legislation would be driven by a perceived lack of support of self-regulation within our industry.

This is why collective has worked so hard to ensure that we support the industry self-regulation efforts – and why we strongly urge our clients to do the same.

Taking a cue from recent FTC statements, Mozilla (Firefox) and Google (Chrome) then announced that they are releasing browser-enabled privacy functions.

Both the Chrome and Firefox functions make consumer opt-outs persistent, preventing the accidental deletion of standard opt-out cookies. These features are aligned with the current NAI-endorsed privacy program.

There is a good summary of the different browser privacy features here.

Microsoft also announced a “privacy” feature that goes much further than either Firefox or Chrome.

The new release of Internet Explorer (IE9) contains functionality that blocks all third-party-served content that appears on user-generated block lists. This could have profound implications to the online ecosystem as third-party-served content includes more than just advertising, but audience measurement, video, and any content that comes from another server.

Also, it is feared that block lists could be created to sabotage competitors; for example, AT&T could add ‘Verizon’ to a block list.

Time will tell if this feature is widely adopted, and to what degree it affects the serving and measurement of online advertising. For now, the NAI is working to produce an “allow list” of its members, including Collective.