Web Analytics Blogs

Eric T. Peterson has been working in web analytics for over ten years and has built up an incredibly rich body of knowledge about the subject, knowledge Mr. Peterson works to share every week here in his Web Analytics Demystified weblog. Whether you're new to the subject or the most experienced practitioner, you should join the thousands of people around the globe already subscribing to Peterson's blog and start reading today.

Subscribe to Eric T. Peterson's weblog

The FTC is being asked to investigate the regulation of data collection via the Internet

I was sifting through my email and I noticed that the Center for Digital Democracy and the US Public Interest Research Group are petitioning the US Federal Trade Commission to stop Microsoft from developing technology for its AdCenter online advertising platform. While the petition largely focuses on Microsoft, a wide variety of technologies are being targeted.

From the petition (PDF, available here, emphasis mine):

The Center for Digital Democracy and the U.S. Public Interest Research Group, two of the leading public-interest advocacy groups working on behalf of a more diverse, open, and competitive online environment, call on the FTC to undertake an immediate, formal investigation of online advertising practices, focusing on five areas of concern:

  • User Tracking/Web Analytics
  • Behavioral Targeting
  • Audience Segmentation
  • Data Gathering/Mining
  • Industry Consolidation

Collectively, these five areas represent the foundations of an entirely new online environment, one in which engagement gives way to entrapment, in which personalization impinges on privacy. It is an online environment, in short, that threatens to turn the traditional media equation on its head–a media that consumes us.

At fifty pages this document requires a pretty deep read to understand exactly what risks this petition creates for the web analytics industry. Several analytics vendors are specifically cited including Clicktracks, Deepmetrics, Unica and Coremetrics, but none appears to bear the brunt of these groups fearmongering more so than Omniture.

From the petition:

The key to Omniture’s data mining lies in its collection of so-called “xographic” data, a scientific-sounding neologism that masks the serious breach of privacy that results when online and offline data are combined. The Omniture blog provides ample evidence of such practices …

The petition then goes on to cite from recent blog posts made by Omniture’s Matt Belkin which describes SiteCatalyst’s ability to incorporate personal information into the Omniture Datawarehouse based on a unique customer ID. To be fair, Omniture is far from alone in their ability to integrate this type of information, nor in their marketing efforts to evangelize multi-channel data integration.

The document then cites a passage from Omniture’s 10-Q filing that describes how governmental regulation could negatively impact the companies ability to collect information, following up with this statement:

Omniture’s corporate self-interest notwithstanding, the kind of privacy environment it fears–one in which consumers must give their permission before surrendering personal data online–is one that FTC policy should mandate.

The document presents the following conclusions (emphasis mine):

The U.S. digital media system is at a crossroads. Over the next few years, as the distinctions between online and “old” media blur still further, there will be a ubiquitous interactive environment. So, too, in this fluid, new environment, with all manner of data compiled and analyzed, will the distinction between anonymous and personally identifiable information disappear. For these reasons it is critical that the FTC act now to protect the interests of the public. The FTC must require notice of all information collected, and full disclosure of how that data will be used. The commission should ask Congress to pass federal legislation requiring affirmative consent for all data used–which must be regularly updated and re-approved by users. An all-embracing opt-in should be the minimum standard. All data collection and e-commerce marketing techniques must be unbundled, disclosed, and given affirmative consent by users. Indeed, the commission should also strive to have industry develop meaningful codes of conduct related to marketing that go beyond these basic principles.

The document’s authors are apparently proposing that web sites explicitly ask visitors for permission to track their activities. The implied alternative is that sites cease using web analytics and behavioral targeting tools.

Obviously this is a really big deal, essentially the moment many of us have been waiting for (and hoping would not arrive.) The regulation proposed in this petition, if adopted, would make all of us long for the good old days where cookie blocking and deletion was the extent of our problems. This regulation is the “scary moment” that Bob Page of Yahoo! hypothesized at Emetrics in Santa Barbara in April of this year.

The Web Analytics Association needs to get involved in this issue right away.

This is not the kind of petition that can be dropped on the world and not addressed by the closest thing the web analytics industry has to a lobby or public voice. Given the companies present in the corporate membership, companies that include Google, Yahoo! and Deepmetrics (the web analytics technology specifically cited in the Microsoft portion of the petition), in my humble opinion, the WAA needs to draft a public response to the assertions and allegations made in this petition.

As has been suggested before, ironically most recently on October 6th in a thread in the Yahoo! group titled “Web Analytics and Data Privacy” started by Jim Newsome of GA-Experts, the WAA needs to move quickly to establish some type of meaningful code of conduct for data collection and data storage. Given that this is something that Bob brought up months ago and that consistently stays on the radar screen (see Avinash’s challenge #5), this is an issue that absolutely needs to be addressed as a community, not as a handful of companies that at times is incapable of seeing beyond the next RFP response.

I welcome your comments and am willing to lend whatever hand and/or voice I can to protect our industry and every companies investment in web analytics technology.

Post Date:
Friday, November 3rd, 2006 at 12:13 am
Categories:
General Web Analytics
Subscribe:
RSS feed for comments on this post
Interact:
7 responses | Add to the conversation | Trackback URI

GA Experts added the following ...

Hi Eric,

As a wise man once said, when dropping small pebble in still pond, watch for big ripples….

Kudos for spotting this and recognising its significance - many thanks for your analysis as well. This is exactly the kind of thing that we all feared happening. The scariest thing I think is the lack of clear thinking in the petition:

“Over the next few years, as the distinctions between online and “old” media blur still further, there will be a ubiquitous interactive environment. So, too, in this fluid, new environment, with all manner of data compiled and analyzed, will the distinction between anonymous and personally identifiable information disappear.”

This is extremely woolly thinking. If we can assert that “the distinction between anonymous and personally identifiable information” will *not* disappear - the two will always and by their very definition be recognisably distinct - then we can move on to a method for reassuring the public of this.

IMHO there are two approaches we should be considering here - the ol’ carrot and stick, if you will. If we (the analytics industry) can be proactive in responding to the concerns in the petition by coming up with our own Code of Conduct that states explicitly the parameters which limit data collection then we have an effective ‘carrot’. And I believe the key element here is personally identifiable information. This is the limit beyond which analytics should not tread without the permission of the user. It’s a simple rule (admittedly with complex repercussions) and as such it can be communicated to the average internet user simply and understandably.

The ’stick’ is to point out that advertising is currently paying for the internet (sweeping statement I know) and the reason is because of the accountability and the call and response of online marketing. If you want to take away the ability to serve up increasingly relevant and targeted data then the benefits of online advertising over traditional media will disappear. All we’ll have then is spam, spam and more spam choking the life and the user experience out of the web.

The question is what to do now? The WAA would certainly seem to be the right people to mount a counter-offensive; a workable, self-administered solution that all vendors & analytics users would be prepared to abide by. But maybe I’m just a naive old idealist.

Jim Newsome
_____________________________________
http://www.ga-experts.co.uk?utm_id=10

Thought added on November 3rd, 2006 at 3:22 am

Eric added the following ...

Jim: Excellent points all. I got extremely busy after the post last night but saw a number of responses in the Yahoo! group so it appears the conversation will continue. Thank you for your comment and contribution to the Yahoo! group.

Thought added on November 3rd, 2006 at 8:18 pm

Anonymous added the following ...

After having skim read the Complaint and Request, this really doesn’t look even remotely worrying to the WA industry. To my eyes anyway.

At worst, on entry to a site, have a JS popup, or similar, put up a small window “This site uses tracking methods … to enhance your experience … please click here or contact…”

As far as I could tell they weren’t asking to stop the collection and so on. Rather, making it more obvious that collection is happening.

How is this any different to the almost countless warning security messages when using MSIE? People switch off to them after a while, and it becomes the norm. Unfortunately.

What surprised me personally was how… “Is that *ALL*????” the Request was. 47 pages of The Sky Is Falling. 3 pages of: But hey, all we ask for is XYZ.

Not that anyone would or should, but if you asked me: I’d be suggesting that the WAA jump in and agree wholeheartedly with the Request and actually work with those groups to address and solve their major concerns.
IMHO one of the worst things the WAA could do is take a contrary or dismissive stance.

my 2c.
Steve

Thought added on November 4th, 2006 at 1:52 am

haduj added the following ...

eric,

say i use web analytics for “strategy” and “operations” and not at all “marketing,” then do I worry?

what’s the impact of P3P on all this?

will IE users start to notice the “red eye?”

Thought added on November 8th, 2006 at 9:12 pm

Jacques Warren added the following ...

Yes, pretty scary stuff. When I think that the people who are petitioning for this most certainly use credit cards… That’d be fun if every time you swipe it, VISA would have to ask you if you want this transaction to be tracked…

True, you can still enter a store and not be tracked, but, for Pete’s sake, the data usage by credit card companies has been way more intrusive from a privacy standpoint for many years now. Last time I checked, the average American household had 7 of them.

So, of course privacy is important; no one is against virtue. What also scares me as a Canadian is that this would be yet another US legislation that would have a big impact on the rest of the planet. Would that law apply on US sites only (probably)? what if the visitor is not a US citizen? what if a US citizen visits a non-US site?

I am certainly biased, since I have been making a living in WA for several years. But I am convinced that this thing has more to do with, dare I say, some bigotry similar to what we see with smoking (note: I myself never smoked), while people relinquish much more very personal information everyday just for the fun of owning something they can’t afford.

Well, I guess it’s time Jim and Bryan at the WAA make a move!

Jacques Warren

Thought added on November 9th, 2006 at 10:10 am

Eric added the following ...

Steve: Good points all, and I agree with you in principle, but let me ask you this:

Can you name the last site you were at that popped up a window that said “This site uses tracking methods … to enhance your experience … please click here or contact…”

I’ve never seen that, and I’ve been online for awhile. I think the fundamental issue is that sites, perhaps many sites, ** are ** integrating anonymous data with known customer data. But I have to just believe that those sites would much prefer to ** not ** have to pop up the window you describe, not because they don’t want their visitors/customers to know, but because of the degradation in the user experience, the potential for backlash, the potential for mis-interpretation, etc.

And I do agree with you that the WAA should not take a dismissive or contrary stance. I’m just saying that they should ** take a stance ** and offer an opinion so that we as an industry don’t appear mute on the subject.

Anyway, great comment and thanks for reading!

Thought added on November 10th, 2006 at 8:19 pm

Eric added the following ...

Haduj: My read is that it doesn’t really matter ** why ** you’re tying (or trying to tie) the data types together, it’s the tying together that the petitioners believe to be the problem.

I could be wrong.

I don’t think the current complaint has anything to do with P3P and the “red eye”, at least for now. That is, unless you’re not offering up an honest P3P compact — telling the reader you’re ** not ** tying anonymous and known data together, when you really are. Then I would offer that there is some problem.

Thanks for writing!

Thought added on November 10th, 2006 at 8:22 pm

Add to the Conversation

Your email (required) will not be published.

Please note that contributions are moderated and may take a little while to appear.