Last Friday, I had the pleasure of attending the Law and Business of Online Advertising, a conference co-sponsored by the Berkeley Center for Law & Technology and University of Santa Clara’s High Tech Law Institute.
It was a Who's Who of online marketing super stars, including Eric Goldman (my hero), Kim Howell (poor thing had to explain online marketing to liberal, non-technology academics), Hal Varian (kind of a big deal), John Horrigan, Oren Bracha (looks a little like Clark Kent), Peter Swire (looks a little like Greg Kinnear), Rebecca Tushnet, Jeffrey Rohrs (lives and breathes the law AND the business), and Alissa Cooper (heading up technology at the Center for Democracy & Technology). There were lots of other very nerdy folks too. I felt right at home!
Here are the highlights:
The morning started with a couple tutorials explaining how online advertising works. (I know. Adorable, right?) They brought in the big guns, Hal Varian, to explain how behavioral targeting allows sites to create a unique page for each of the user's visits. It was a little like using a nuclear bomb to kill a fly, but I suppose it's always good to go back to basics. (And Hal, if you read this, thumbs up on your nifty graphics. Shoot me a copy of your deck, would you?)
I don't know for certain, but the audience seemed to be primarily lawyers and academics from nearby universities, with some students thrown in here and there. And there was one table right in the mid-center who looked to be composed of people who actually do technology. (It was awfully nice of them to come.)
For the most part, the morning sessions focused on search engines and large companies with corresponding behemoth, complex ad campaigns.
Varian did give a brief shout-out to SEOs and SEMs. Google's Chief Economist described SEOs as "highly skilled online marketers." He compared SEOs to lawyers in the amount of training and specialization required. He also speculated that in the future, SEOs will be built into the ad agencies themselves. No more rogue independent elements. On the whole, it was a favorable endorsement of the profession from one of Google’s most brilliant minds.
Interestingly, the hottest issue was behavioral targeting and its impact on consumer privacy. The audience seemed pretty hostile to behavioral targeting. However, everyone on the panels agreed that behavioral targeting was a good and useful thing, but only if consumers are given a knowing choice to participate.
The audience was extremely interested in cookies and how they work. (Awwww...) People were surprised and confused to learn that the NAI’s opt-out program doesn’t prevent advertisers from collecting information about you; it only prevents advertisers from serving you targeted ads. The companies still get to benefit from your information, you still have to see ads, but the ads aren’t targeted towards your preferences. Somehow, I have a feeling that most consumers who bother to use the NAI's opt-out program don't realize this. After all, I have to imagine that it is the tracking itself that bothers privacy-sensitive people, not the targeted ads.
The Unanswered Question: What Level of Disclosure Is Necessary in Privacy Statements?
So everyone agrees that privacy statements must reveal what information is collected and how it is used. But in practice, privacy statements aren’t really helping to make behavioral targeting more transparent. Why? (1) Because no one understands privacy statements. (2) Further, many sites claim that they will not sell your information, but then they change their minds and fail to notify the users.
An interesting issue that was left out of the discussion is the impact of jurisdiction and the global reach of the internet. There was no discussion on harmonizing U.S. privacy laws with other nations. There was also no discussion of methods to enforce privacy or security concerns in a global marketplace. I hope the next conference spends more time on international issues.
Orem Bracha Started an Interesting Discussion of Search Engine Bias and the Challenges to Regulating the Net.
If you've ever felt that search engines should be held responsible when your client's rank seems to drop inexplicably, or if you've ever wondered whether search engines steer users towards sites with more SE-served advertisements, then you should take a look at the article Bracha co-authored with Frank A. Pasqualle, "Federal Search Commission? Access, Fairness and Accountability in the Law of Search." Rather than do a terrible job trying to summarize the article, I'll quote you the Abstract.
It was a Who's Who of online marketing super stars, including Eric Goldman (my hero), Kim Howell (poor thing had to explain online marketing to liberal, non-technology academics), Hal Varian (kind of a big deal), John Horrigan, Oren Bracha (looks a little like Clark Kent), Peter Swire (looks a little like Greg Kinnear), Rebecca Tushnet, Jeffrey Rohrs (lives and breathes the law AND the business), and Alissa Cooper (heading up technology at the Center for Democracy & Technology). There were lots of other very nerdy folks too. I felt right at home!
Here are the highlights:
The morning started with a couple tutorials explaining how online advertising works. (I know. Adorable, right?) They brought in the big guns, Hal Varian, to explain how behavioral targeting allows sites to create a unique page for each of the user's visits. It was a little like using a nuclear bomb to kill a fly, but I suppose it's always good to go back to basics. (And Hal, if you read this, thumbs up on your nifty graphics. Shoot me a copy of your deck, would you?)
I don't know for certain, but the audience seemed to be primarily lawyers and academics from nearby universities, with some students thrown in here and there. And there was one table right in the mid-center who looked to be composed of people who actually do technology. (It was awfully nice of them to come.)
For the most part, the morning sessions focused on search engines and large companies with corresponding behemoth, complex ad campaigns.
Varian did give a brief shout-out to SEOs and SEMs. Google's Chief Economist described SEOs as "highly skilled online marketers." He compared SEOs to lawyers in the amount of training and specialization required. He also speculated that in the future, SEOs will be built into the ad agencies themselves. No more rogue independent elements. On the whole, it was a favorable endorsement of the profession from one of Google’s most brilliant minds.
Interestingly, the hottest issue was behavioral targeting and its impact on consumer privacy. The audience seemed pretty hostile to behavioral targeting. However, everyone on the panels agreed that behavioral targeting was a good and useful thing, but only if consumers are given a knowing choice to participate.
The audience was extremely interested in cookies and how they work. (Awwww...) People were surprised and confused to learn that the NAI’s opt-out program doesn’t prevent advertisers from collecting information about you; it only prevents advertisers from serving you targeted ads. The companies still get to benefit from your information, you still have to see ads, but the ads aren’t targeted towards your preferences. Somehow, I have a feeling that most consumers who bother to use the NAI's opt-out program don't realize this. After all, I have to imagine that it is the tracking itself that bothers privacy-sensitive people, not the targeted ads.
The Unanswered Question: What Level of Disclosure Is Necessary in Privacy Statements?
So everyone agrees that privacy statements must reveal what information is collected and how it is used. But in practice, privacy statements aren’t really helping to make behavioral targeting more transparent. Why? (1) Because no one understands privacy statements. (2) Further, many sites claim that they will not sell your information, but then they change their minds and fail to notify the users.
An interesting issue that was left out of the discussion is the impact of jurisdiction and the global reach of the internet. There was no discussion on harmonizing U.S. privacy laws with other nations. There was also no discussion of methods to enforce privacy or security concerns in a global marketplace. I hope the next conference spends more time on international issues.
Orem Bracha Started an Interesting Discussion of Search Engine Bias and the Challenges to Regulating the Net.
If you've ever felt that search engines should be held responsible when your client's rank seems to drop inexplicably, or if you've ever wondered whether search engines steer users towards sites with more SE-served advertisements, then you should take a look at the article Bracha co-authored with Frank A. Pasqualle, "Federal Search Commission? Access, Fairness and Accountability in the Law of Search." Rather than do a terrible job trying to summarize the article, I'll quote you the Abstract.
Should search engines be subject to the types of regulation now applied to personal data collectors, cable networks, or phone books? In this article, we make the case for some regulation of the ability of search engines to manipulate and structure their results. We demonstrate that the First Amendment, properly understood, does not prohibit such regulation. Nor will such interventions inevitably lead to the disclosure of important trade secrets.
After setting forth normative foundations for evaluating search engine manipulation, we explain how neither market discipline nor technological advance is likely to stop it. Though savvy users and personalized search may constrain abusive companies to some extent, they have little chance of checking untoward behavior by the oligopolists who now dominate the search market. Against the trend of courts that would declare search results unregulable speech, this article makes a case for an ongoing conversation on search engine regulation.
At this point, I'm not willing to agree that the establishment of a Federal Search Commission is a good idea. However, I do think this is very important work. It may be a dead end, but the road should be mapped. The questions asked by Bracha are important for at least two reasons: (1) Politically conscientious people must never assume that organizations are looking out for their best interests. You have to study the organization before you can draw any conclusions about whether your interests are aligned. (2) The internet increasing permeates our living, practical lives; as the on and off-line worlds blend, there may be a time where regulation is necessary. It would be a mistake to wait until it is clear regulation is necessary to start looking at whether regulation is legally and practically feasible.
Potential Privacy Harms Should Be Considered in Anti-Trust Analysis When Behavioral Marketing Companies Seek Merger Approval.
Peter Swire is a privacy guru. He gave some very interesting testimony to the FTC about how the Google/DoubleClick merger could be viewed as anti-competitive because of the aggregation of consumer information and other privacy harms. Everyone is intuitively familiar with the idea that corporate mergers should be prohibited where the new company would be large enough to engage in harmful anti-competitive behavior. Typically, the harms include price fixing or a reduction in the quality of available goods. If you think of privacy policies as part of the search engine's "product," then you can start to guess where this is going. Well, Swire seems to have two points: (1) The sheer aggregation of consumer information of both broad and deep searches would result in harm to the privacy-sensitive consumer; (2) The aggregation of so much consumer information in the behavioral profiling industries may effectively block or prevent others from fairly competing in the marketplace.
Potential Privacy Harms Should Be Considered in Anti-Trust Analysis When Behavioral Marketing Companies Seek Merger Approval.
Peter Swire is a privacy guru. He gave some very interesting testimony to the FTC about how the Google/DoubleClick merger could be viewed as anti-competitive because of the aggregation of consumer information and other privacy harms. Everyone is intuitively familiar with the idea that corporate mergers should be prohibited where the new company would be large enough to engage in harmful anti-competitive behavior. Typically, the harms include price fixing or a reduction in the quality of available goods. If you think of privacy policies as part of the search engine's "product," then you can start to guess where this is going. Well, Swire seems to have two points: (1) The sheer aggregation of consumer information of both broad and deep searches would result in harm to the privacy-sensitive consumer; (2) The aggregation of so much consumer information in the behavioral profiling industries may effectively block or prevent others from fairly competing in the marketplace.
Traditional antitrust analysis examines a proposed merger and often sets conditions on approval—the merger can proceed for aspects that create consumer welfare, but cannot proceed for aspects where harms outweigh the benefits. Where consumers suffer from lower product quality and reduction of consumer welfare, such as through privacy harms, it thus is logically consistent to consider merger conditions that address privacy harms.
Swire's presentation is powerful. It breaks new ground by identifying the unique intangible assets, barriers to entry, and competitive challenges for the behavioral marketing industry.
Regardless, I don't think Varian was pleased by the argument. He squirmed and objected to Swire, making a slippery slope argument that if you consider consumer information to be potentially anti-comptetive, where will it end? What wouldn't become a reason to prevent a merger? Swire responded that the question shouldn't really be "what kind of thing should be taken into consideration"? Rather, the question should be "what effect does it have on the consumer and the market"? If the net result is positive for consumer, the merger should go forward. If the net result is bad for consumers, then the merger should be blocked.
Here's a short article by Swire in which he speculates that privacy as a form of non-price competition will play out in any yahoo/microsoft merger as well.
Holding Intermediaries Liable For Online Conduct: Re-imagining the CDA
Tushnet had a lot of interesting things to say, but I was most interested in something she said in passing about re-working the CDA ("The Communications Decency Act").
If you read my posts regularly, you may know I have a special interest in the CDA. Despite my unceasing feeling that we have failed to achieve an adequate balance between e-commerce, the First Amendment, anonymous speech, web 2.0, privacy, and reputational interests, I have been unable to reformulate the law in a way that will adequately reconcile these opposing interests.
After arguing that there has been some push-back from the broad immunity granted by the CDA, Tushnet brainstormed the possibility of developing a new regime to combat business torts. What if we created a special administrative body to hold hearings on an expedited basis, similar to UDRP? Or an expedited court proceeding? Some mechanism where websites and search engines wouldn't be tasked with resolving disputes regarding user-generated content? Some neutral organization could hear the matter quickly and efficiently and then issue a ruling that the website must follow.
I was momentarily excited, but then the realities start setting in...The websites don't have the access to evidence or the incentive to fight for the user generated content. Thus, you would really end up with a de-facto DMCA regime with significant chilling effects on free speech. Perhaps most importantly, the jurisdiction and enforcement issues quickly make such schemes impractical. I guess I'll just have to continue to worry and ponder about the far-reaching effects of the CDA.
Finally, The Advertiser's Perspective
It was great to have Jeffrey Rohrs on this panel because he is an actual advertiser (there weren't very many of those at the conference) and has legal knowledge to boot! Finally we were talking about trademark, Can-Spam, affiliate marketing, and the potential ROIs and risks involved.
In sum, the advertiser panel agreed that there will probably be a lot more trademark litigation in the future as affiliates and technology get more creative at marketing products. Thus, the sellers' ads are likely to end up all over the virtual world (videos, twitter, FB, blogs, sms, social media sites), making it more difficult to identify the parties involved and the chain of liability. The panel agreed that it was important to manage risk by using both (1) a solid contract with your advertisers as well as (2) an affiliate manager to follow up and track how your advertisers are exploiting your brand.
All in all, it was a very enjoyable conference. I was surprised at how little time was spent on SEO, trademark, copyright, and international issues. Also, I think more participation by actual marketers would help keep the discussions academically honest and relevant.
That wraps it up. If you want to read more about the conference, check out Rebecca Tushnet's blow by blow.
Best Regards,
Sarah
Regardless, I don't think Varian was pleased by the argument. He squirmed and objected to Swire, making a slippery slope argument that if you consider consumer information to be potentially anti-comptetive, where will it end? What wouldn't become a reason to prevent a merger? Swire responded that the question shouldn't really be "what kind of thing should be taken into consideration"? Rather, the question should be "what effect does it have on the consumer and the market"? If the net result is positive for consumer, the merger should go forward. If the net result is bad for consumers, then the merger should be blocked.
Here's a short article by Swire in which he speculates that privacy as a form of non-price competition will play out in any yahoo/microsoft merger as well.
Holding Intermediaries Liable For Online Conduct: Re-imagining the CDA
Tushnet had a lot of interesting things to say, but I was most interested in something she said in passing about re-working the CDA ("The Communications Decency Act").
If you read my posts regularly, you may know I have a special interest in the CDA. Despite my unceasing feeling that we have failed to achieve an adequate balance between e-commerce, the First Amendment, anonymous speech, web 2.0, privacy, and reputational interests, I have been unable to reformulate the law in a way that will adequately reconcile these opposing interests.
After arguing that there has been some push-back from the broad immunity granted by the CDA, Tushnet brainstormed the possibility of developing a new regime to combat business torts. What if we created a special administrative body to hold hearings on an expedited basis, similar to UDRP? Or an expedited court proceeding? Some mechanism where websites and search engines wouldn't be tasked with resolving disputes regarding user-generated content? Some neutral organization could hear the matter quickly and efficiently and then issue a ruling that the website must follow.
I was momentarily excited, but then the realities start setting in...The websites don't have the access to evidence or the incentive to fight for the user generated content. Thus, you would really end up with a de-facto DMCA regime with significant chilling effects on free speech. Perhaps most importantly, the jurisdiction and enforcement issues quickly make such schemes impractical. I guess I'll just have to continue to worry and ponder about the far-reaching effects of the CDA.
Finally, The Advertiser's Perspective
It was great to have Jeffrey Rohrs on this panel because he is an actual advertiser (there weren't very many of those at the conference) and has legal knowledge to boot! Finally we were talking about trademark, Can-Spam, affiliate marketing, and the potential ROIs and risks involved.
In sum, the advertiser panel agreed that there will probably be a lot more trademark litigation in the future as affiliates and technology get more creative at marketing products. Thus, the sellers' ads are likely to end up all over the virtual world (videos, twitter, FB, blogs, sms, social media sites), making it more difficult to identify the parties involved and the chain of liability. The panel agreed that it was important to manage risk by using both (1) a solid contract with your advertisers as well as (2) an affiliate manager to follow up and track how your advertisers are exploiting your brand.
All in all, it was a very enjoyable conference. I was surprised at how little time was spent on SEO, trademark, copyright, and international issues. Also, I think more participation by actual marketers would help keep the discussions academically honest and relevant.
That wraps it up. If you want to read more about the conference, check out Rebecca Tushnet's blow by blow.
Best Regards,
Sarah
Thanks for the legal info and the endurance to follow through.
I would never go to one of these things I am sure glad you do and are willing to share.
Great presentation from SEOmoz at SMX Social Long Beach.
I'd go if there was one near Detroit, but then again, I'm a glutton for punishment.
I agree with you in regards to regulation. What would the motivation be for a group to oversee this segment? Would they mostly be attempting to support the paying advertisers to see that their dollar is spent fairly? Or would they be attempting to oversee the product (i.e. organic results) that the advertising is located on? Who determines relevance? Each search engine has a different formula and methodology for what THEY feel is the most relevant data that will support their users and data. I don't see how a neutral party could relegate relevance broadly. What about non-search entities with small pieces of search ability? Does Digg, Del.icio.us, technorati, reddit, twitter, facebook, etc etc all fall under the same watchful eyes?
I also agree with having a solid contract with your advertising partners. When Clark Walton spoke at Affiliate Summit, he really drove the point home that you can help define who is liable for what through your own advertising agreement. I've always believed in having strong contracts in place to protect a business, but I didn't realize that we didn't have to rely solely on CAN-SPAM (which, let's face it, isn't the most solid piece of legislation out there) and could take it up a step in our own agreements.
Would they mostly be attempting to support the paying advertisers to see that their dollar is spent fairly? Or would they be attempting to oversee the product (i.e. organic results) that the advertising is located on? Who determines relevance? Each search engine has a different formula and methodology for what THEY feel is the most relevant data that will support their users and data. I don't see how a neutral party could relegate relevance broadly.How can find right or wrong paying company. -------------------------------------- Melinda Storer
Great article!!! You'll find very interesting articles like this here https://www.unn.edu.ng/ or portal.unn.edu.ng
I personally have no problem with my search behaviour being tracked. Because of the nature of our industry I avoid having my work searches recorded, but the truth is that the more an engine knows about us, the better our results will be.
Yes, it is very easy to find out a lot about individuals, but then who really cares? I'll give you my address if you ask. To paraphrase the late, great DNA: I am just this guy, you know?
That said, integrity is very important to me, as is the right to choose. If an individual does not want their behaviour recorded or monitored, for whatever reason, and a site states that they will be holding only X amount of private data, then there is no real excuse for storing more than they have advertised, nor for selling that which they have declared they will not sell.
I'm just starting to read through Rebecca's posts now, but I would be interested to attend a similar seminar over her, where we have somewhat different attitudes to privacy, data protection and free speech.
Having read the bulk of Rebecca's posts now, my initial reaction is that John Horrigan might find that advertisers who are heavily involved in the marketing of aluminium foil may be targeting him quite heavily.
Count me among those who would like to know more about the Network Advertising Initiative’s Opt Out in light of comments made at this conference. A consumer’s purported ability to opt out of tracking by third-party ad networks appears to go to the heart of the case for self-regulation.
Here is the NAI’s answer to the question “How does the NAI Opt-out Tool work?”:
The NAI Opt-out Tool replaces a network advertiser's unique online preference marketing cookie on your browser with a general opt-out cookie. It does not delete individual cookies nor does it necessarily replace other cookies delivered by network advertisers, such as those that are used for aggregate ad reporting or mere ad serving purposes. Such cookies allow network advertisers to change the sequence of ad banners, as well as track the aggregate number of ads delivered (impressions).
https://www.networkadvertising.org/managing/faqs.asp.
If the Tool “replaces a … online preference marketing cookie on your browser with a general opt-out cookies,” how can it not “delete individual cookies”? Again, I’d like some clarity on the issue if anyone can offer it.
Ryan,
There are many people on this site who know more about cookies than I do. However, I think I might be able to offer some clarity.
First, it is important to understand that NAI only affects the targeting behavior of its member companies. It does not have any effect on the many many advertising companies that are not members of NAI.
Second, each individual can have a number of different cookies. Each cookie can have a different role. One cookie may collect certain kind of information. Another cookie may determine which advertisement to offer the user. These different cookies are automatically uploaded to your browser when you visit a site used by the advertiser.
NAI's opt-out program does not delete cookies. Instead, it puts a new cookie in your browser that communicates to member sites "Don't put the targeting cookie here. You can put other kinds of information-gathering cookies here, but do not put the cookie that targets ads here." In this way, the opt-out cookie acts as a filter to member sites.
It does seem counter-intuitive to use a cookie to block a cookie, but there are some good reasons for this. First, cookies provide the most scalable solution for creating highly functional and personal web experiences. For example, your one-click Amazon shopping cart experience is facilitated by the use of cookies. Most consumers want the functionality that cookies provide.
The problem is that many many consumers are concerned about having their information tracked and aggregated. Some consumers attempt to mitigate this risk by erasing all cookies. Of course, this erases your "good" cookies, including any opt-out cookies.
Highly advanced users who place a premium on privacy manually select certain cookies for erasure and preserve others. They also make sure they have a dynamic IP address to make it more difficult to track and aggregate their internet behavior.
I hope that this helps clarify the many different roles that cookies play and the different strategies for managing them.
I agree that NAI's opt-out cookie doesn't seem to address consumer's real concerns. I think the real benefit that NAI provides is the promulgation of standards for information use and sharing that its members must abide by. I'm more impressed by the members' commitment not to collect personally identifying information than I am by the misguided "opt-out" cookie.
Thanks for your comment!
Thank you, Sarah, for your thoughtful and thorough reply.
My understanding is that cookies store no real information about users. Rather, a cookie fixes a particular computer with an ID, allowing the entity that set the cookie to associate activity -- including websites visited within a particular ad serving network -- with a specific computer on its back end (e.g., in a log on its server). In other words, a cookie is like a marker that says "This is user 123456 again."
If the NAI opt out cookie does not delete or "replace" an exisiting cookie, the entity that placed the cookie will still be in a position to associated web surfing activity with the particular computer. Thus, the "opted out" consumer would have two cookies on their computer -- one that fixes their ID so that his or her activities can be tracked and a second that says "Don't use the information you gather about this user to target ads." If this is right, I think this would surprise consumers and I welcome additional clarity on this issue.
As to your point about the benefits of the NAI and its members: I agree. The harms of associating activity with non-PII are far fewer and, accordingly, the NAI's is the more responsible way to approach online preference marketing.
Thanks again for your excellent post.
You are right when you say that the hot topic was behavioral targeting, it seems that is a hot topic community wide. I'm interested in why you say the audience seemed hostile? Was it just the general atmosphere of the session(s), or were there people heckling the speakers? Just trying to get a visual on that...
Also the Federal Search Commission theory is interesting, I have a feeling any kind of standards imposed on search engines would also directly impact SEO's greatly...but I also wonder what kind of resources it would take to get this going as far as time, money and people. Even if there was something established today...the earliest they could hope to have something implemented would be years from now....
The audience seemed hostile to having their information tracked and logged without their knowledge. People are certainly concerned about both privacy and identity theft risks.
I gauged hostility based upon both the general atmosphere and the number of questions from the audience about consumer control. There seemed to be a general murmur rumbling through the audience about the possibility that their viewing and purchasing history could be linked with their personal identifying information, and also made available to the government or anyone with a subpoena.
Thanks for your questions Calamier!
Thanks for clarifying Sarah, I wasn't doubt the validity of their fears...I was just trying to visualize like 20 of these lawyer type people standing up and saying "F*** YOU PEEPING-TOM" to Hal Varian and storming out...
Apparently though I have a very over-active imagination ;)
I am an Assistant Editor at PR Newswire and spend most of my day processing and editing information before it is delivered to the wire services, the Internet and the media. I have become very interested in social media and the intersection of marketing/communications as well as the hard details of online advertising. This post was a very helpful starting point for someone relatively new to the field. Thanks.