Advertisers want to reach a highly-targeted audience at scale. Effective targeting outside of search requires tracking consumer behavior and carries serious privacy concerns. With mobile devices, consumers feel more violated when bad things happen, and the limitations of such devices further complicate the situation.
Why should you care? Because this is going to get worse before it gets better. Consumers are having an unprecedentedly personal relationship with devices, from PCs to iPhones. The technologies for targeting and tracking of consumers are getting more sophisticated. The advertising value chain across all channels is getting longer and more complex.
As data collecting grows, privacy erodes. Consumer privacy groups are (rightfully) increasingly more vigilant. When greed or poor judgment cause something to go wrong in such a tense and complex setup, it has the potential to go wrong in a catastrophic way, with FTC hearings, high-profile resignations, lawsuits and the real threat of knee-jerk regulation.
The Federal Trade Commission staff released a report recently revising its online behavioral targeting principles. While this particular report focused on behavioral targeting, the general topic of targeting across channels is rising in importance for the regulatory body. In recent weeks, the FTC has received complaints from privacy groups about mobile marketers’ “sophisticated practices that allow them to track, analyze, and target millions of Americans who increasingly rely on their phones for information.”
Last fall, the FTC held hearings on the practices of NebuAd, a deep packet inspection company whose technology allows it to understand consumers’ online behavior by looking at the traffic that passes through their ISP. Last May, the then Commissioner Jon Leibowitz went on the record saying “We’re also going to police the wireless space.”
The FTC’s four principles of behavioral targeting come with good intentions but are unlikely to have a major effect. The first is transparency and consumer control. The second principle proposes reasonable security and limited data retention. The third governs material changes to privacy policies, and the fourth states that companies should obtain affirmative express consent before they use sensitive data.
While they make sense at a high level, the principles are vague to the point of being unenforceable, especially in a large industry such as online advertising where there are literally hundreds of companies engaged in behavioral and other advanced forms of targeting. For better or worse, this game will play out on the Internet as a roller-coaster of businesses playing fast and loose, privacy groups outing bad behavior, threatened or actual regulation and showcase hearings such as NebuAd’s.
The efforts of industry groups such as the Mobile Marketing Association’s mobile advertising guidelines and CTIA – The Wireless Association’s location-based services guidelines as well as mobile operators’ policing of services on their networks are praiseworthy but like the FTC’s principles they are unenforceable at national, let alone global scale. This has led to a bifurcated culture of privacy paranoia or cowboy behavior. As an example of the latter, note the many SMS marketing lawsuits around the country.
There is hope, however, that we can learn from what’s happened on the Internet and other industries that deal with volumes of highly sensitive consumer information and do a better job of developing the mobile advertising and marketing ecosystem. Well-targeted, helpful advertising to the device in your pocket can be invaluable. I use multiple forms of search, mapping and several free/ad-supported applications on my Blackberry every day. They make my life easier. iPhone and, increasingly, Android phone users have an even larger choice of services. (I’d tell you how many apps are on my iPhone but my battery is dead, again.)
While it is easy to imagine a whole slew of Big Brother scenarios when you combine the personal nature of mobile communications with geo-tracking, it is important to acknowledge that the mobile industry has the deck stacked in its favor as far as getting privacy right. A lot of power is in the hands of mobile operators who care about customer satisfaction and privacy.
In order to grow quickly, the mobile advertising industry has to aggressively innovate while addressing privacy concerns up front. This requires a new, market-based paradigm.
First, the industry must develop simple, clear and, most importantly, testable guidelines for acceptable privacy architectures and tracking/targeting behavior. Testable in this context means that it must be possible to certify within reason, on an ongoing basis, whether a vendor is or is not following the guidelines. For example, this approach works very well for the SMS ecosystem where actions leave a trail that can be tested for compliance with industry guidelines. It is possible to determine whether a mobile marketer respects a STOP message from a consumer or whether a premium SMS is sent without a prior confirmation, etc.
There will be cases, however, where it is very difficult to determine what has happened in the past or even to enforce guidelines in real-time. The prime example is behavioral targeting across a network of dynamic mobile Web sites. Nothing stays the same: the ads change and the sites’ pages change all the time. To handle unenforceable guidelines the industry needs a second strategy of containment. Collecting and aggregating consumer information across sites for the purposes of ad targeting carries significant privacy risks but it can also be done thoughtfully, with due consumer protections and in dialog with privacy advocates. If the mobile industry allows hundreds of vendors to do this, it will lead to the impossible to police situation on Internet but with much higher risk of regulation and consumer backlash.
The second strategy involves allowing one or more industry-wide tracking and targeting services to emerge which act as containers for sensitive consumer information. These services will have to sign up to stringent policies of transparency and disclosure, deploy sophisticated security and data anonymization technologies as well as offer simple, centralized consumer services for privacy disclosure, review and deletion of collected profile information, opt-in, opt-out, etc. In exchange, advertisers, ad networks, publishers, aggregators and mobile operators will receive “clean”, i.e., privacy-safe, targeting services without ever having to touch sensitive information and without having to endure the scrutiny of privacy watchdogs. This is an important value proposition.
Both the testable certification and the privacy-safe targeting services must be provided by independent, third party, for-profit entities whose business models are tied to the overall growth of the mobile advertising market and not any individual participant’s success. This is the only way to bring in the investment necessary to make this work safely and effectively at network scale yet at the same time ensure good behavior that is in the interest of the whole industry as opposed to any single player. That’s why this cannot be done by operators or ad networks or mobile publishers or industry associations whose data aggregation efforts typically lack the sophistication and protections necessary to reduce privacy and embarrassment risks.
The good news is that the technology to deliver massively-scalable, privacy-safe targeted advertising across the mobile Web, SMS/MMS and applications is within reach. I know entrepreneurs who are working in this space and am hearing encouraging feedback about their work from privacy professionals, operators, publishers and advertisers. The more interesting question is whether the mobile industry will grasp the crossroad it is at, realize the time-sensitive nature of the opportunity and act quickly.
— Express your opinion, comment below.