Behavioral Targeting May Be Illegal

from the smells-like-wiretapping dept

A bunch of ISPs have been experimenting with systems such as Phorm and NebuAd that monitor their users' online behavior and create profiles that help third parties create more targeted advertisements. Back in March we noted that behavioral advertising may be illegal under UK law. And last week we reported that Congress was asking some tough questions about the plans. CNet's Declan Declan McCullagh has an in-depth look at American law, and concludes that such systems are probably illegal here too. The problem is that what Phorm and NebuAd do sounds a lot like wiretapping, and wiretapping is illegal under several federal laws. At least three federal laws govern when electronic communications providers can disclose their customers' communications to third parties. One of the key questions Declan looks at is consent: the law generally allows eavesdropping with customer consent, but the exact nature of the consent isn't clear. ISPs have tended to be very secretive about their use of these systems, so at the very least, privacy laws would require that ISPs disclose what they're doing and give consumers a way to opt out. But Declan suggests that this might not be sufficient. Some of the legal experts he talked to think the law would require the ISPs to obtain the affirmative consent of customers before commencing the use of these programs. Since it's hard to imagine customers being enthusiastic about having their ISPs eavesdrop on them, such a requirement might make these programs non-starters.

Timothy Lee is an expert at the Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

15 Comments | Leave a Comment..

Should Facebook Users Worry About Ad Snooping?

from the probably-not dept

The New York Times's Bits blog points us to an interview with Esther Dyson in which she raises questions about the way social networking sites (especially Facebook) are planning use customers' data. She seems like she might be lumping together two different issues that ought to be kept separate. If she's simply saying that Facebook should get permission before sharing private user data with advertisers, it's hard to argue with that. But she seems to be making the broader claim that Facebook shouldn't even use private information to choose ads on its own site without getting the user's permission first. That doesn't make a whole lot of sense to me. The information is already on Facebook's servers, so it's not likely to create new security risks to have the advertising algorithm take the information into account. Moreover, targeted ads can be chosen without ever giving advertisers access to anybody's private information. A shoe store might, for example, ask to have its advertising displayed to every Facebook user who's under 35, female, and within 50 miles of the 63105 area code. The shoe store would never get a list of Facebook users who met that criteria, nor would they be given the specific age or zip code of people who click on the ad. Rather, Facebook's own software would automatically display those ads and then bill the shoe store based on the number of impressions or clicks that were generated.

Timothy Lee is an expert at the Insight Community. To get insight and analysis from Timothy Lee and other experts on challenges your company faces, click here.

11 Comments | Leave a Comment..

Do Not Track List Won't Make Advertisers Happy

from the resistance-is-futile dept

Just as Facebook is looking to launch its own behavioral advertising network, AOL and some privacy groups are pitching the idea of a "Do Not Track" list that would effectively let people opt-out of behavioral advertising tracking. It's a challenging issue to deal with. Advertisers, obviously, want more data and information about who is viewing their ads, as well as having the ability to better target those ads. At the same time, the theory is that people are much more receptive to highly targeted, relevant ads. The problem, though, is that many internet surfers have no idea how much information they're handing over and how it's being used (and many would argue that the more relevant ads aren't actually appearing). If they knew how much data was being collected, however, many would probably be quite upset. The purpose of the Do Not Track list would be to give them back some control. Advertisers, of course, won't like this idea at all, as they often feel it's their divine right to have as much information as possible. They'll also complain that without this data, advertisements will actually be less relevant and less useful -- which might actually be true. In the end, though, it seems like while a "Do Not Track" may get lots of publicity, but how many people will actually sign up? Certainly I'd expect techies who are more concerned about this kind of thing to sign up -- but the average consumer? Unlike the "Do Not Call" list, most people don't even realize that they're being tracked, and so are much less likely to have the incentive to opt out of being tracked.

40 Comments | Leave a Comment..