In December, 2010, the US Federal Trade Commission (FTC) issued a preliminary staff report entitled Protecting Consumer Privacy in an Era of Rapid Change. Widely seen as a response to pressure from consumer advocacy groups, this document contained a recommendation that the FTC work with private industry to set up the equivalent of the “Do Not Call List1” for the online world, called “Do Not Track.” Similar to Do Not Call, the idea behind Do Not Track is to set up a mechanism where consumers can state their wishes not to have their online browsing activity tracked by Internet marketers. Since that time, the FTC has held several workshops discussing Do Not Track, it has been featured in at least one bill placed in Congress and actually been implemented by several browser manufacturers. However, at the time of the writing of this article, Do Not Track continues to be controversial and has not been implemented into law but it is being used on a voluntary basis.
In the beginning of 2013, Intertrust’s Personagraph division has begun to discuss another technological approach to protecting consumer privacy in the digital world. While Personagraph is not a direct competitor to Do Not Track and could easily coexist with it should Do Not Track ever be fully implemented, it is interesting to compare and contrast the approaches of both of these initiatives.
The Problem: Creepy Ads
One of the major problems that Do Not Track is trying to address is the perceived invasion of privacy by online marketers as they try to analyze consumers’ Internet browsing in order to more effectively target advertisements and offers to same consumers. Anyone who has browsed the Internet has probably seen a version of this following issue. Go to the website of a product to learn more about it and all of a sudden it seems like every other website you visit is sporting advertisements for the same product. These sorts of visible effects, along with articles appearing in media outlets such as the Wall Street Journal about how users’ browsing patterns are tracked by a wide variety of third-party companies, has led to an increasing perception by consumers that unknown companies and organizations are tracking and analyzing the minutiae of their Internet browsing without their permission or control.
One thing to note is at this point, Do Not Track is primarily focused on web browsing on a personal computer. More and more, consumers are using mobile devices such as smartphones and apps rather than a browser to access Internet content. With many mobile and other connected devices, such as connected cars, increasingly being equipped with GPS and other sensors, it’s possible for organizations that track these sorts of devices to get very detailed and sensitive information about consumers, such as a consumers’ physical location. The FTC, US Congress and consumer advocates are certainly aware of the privacy implications of these devices, but whether or not they will fall under Do Not Track is not clear.
Do Not Track, Easy to Understand, Difficult Business Model
The concept behind Do Not Track is easy to understand. Once a consumer decides that they do not want to be tracked by online marketers, they would place their name on a list and marketers and other online organizations have to respect the consumer’s wish to not have their browsing tracked. The technology to make this happen has already been implemented by browser manufacturers such as Microsoft and Mozilla, so technology is not a barrier.
Most of the controversy around Do Not Track comes from potential effect it could have on current Internet media business models. Much of the media on the Internet is free to the consumer, usually supported by advertising. Many advertisers value Internet advertising for its ability to be able to target ads at a much finer grained level than is possible with traditional media. The concern is should Do Not Track become law, large numbers of consumers will naturally sign up for it. This could potentially reduce the amount of revenue that websites can collect for advertisements, endangering their ability to remain economically viable.
Do Not Track also has another major issue. Should it become law, it would rely upon the government for enforcement. While it is expected the vast majority of Internet advertisers and related organizations would follow the law, there will always be a number will flout the law. The US government has already implemented laws against unsolicited e-mail, often known as spam, however, spam continues to be a problem aggravating consumers and corporations alike.
Personagraph: A Different Approach
The concept behind Personagraph lies in the same concerns driving Do Not Track, namely how to ensure a consumer’s reasonable expectations of privacy in a world of ubiquitous networks and devices. However, the approach is very different. One key difference is Personagraph, at its core, envisions that a consumer’s data about their location, browsing habits, social networks, etc. should remain on the consumer’s device and any access to that data should be easily controlled and managed by consumer. Another key point is Personagraph understands the need for advertising supported business models and the fact that many ads, if presented to the consumer in the proper context, can actually be welcome. One example could be a consumer being delighted to receive a discount offer from a restaurant featuring one of their favorite types of food just as they are deciding where to go for lunch in a new town.
Currently, Personagraph is aimed at smartphones and tablets. With much of the Internet media on these devices consumed in the form of apps, many app developers wish to provide targeted ads and offers to a consumer based on behavioral derived from data collected by the smartphone. These app developers would integrate with Personagraph by using Personagraph’s SDK (software development kit). One of the features this integration would bring is a personal agent within the app. This agent centralizes all the data collected by the app on the device without sending it to any third parties. This agent also has a user interface making it easy for a consumer to decide which data they would be willing to share with marketers for targeted offers. The data chosen to be shared by a consumer would be sent to Personagraph’s cloud based service will only be sent on an anonymous basis, without personally identifying the user. Personagraph would then aggregate behavioral profiles and work with online marketers to deliver targeted ads and offers using these. Again, these profiles are anonymous with no identifiable personal information.
With Personagraph, we can get the best of both worlds. The consumer gets the benefit of keeping sensitive personal information directly on their device, and controlling what they share for hopefully beneficial offers. A consumer also really only has to worry about trusting one organization, Personagraph. For marketers, they can access what they really want, behavioral profiles from consumers who state an interest in receiving related ads and offers. What they don’t get is any personally identifiable information, which they really don’t want due to potential liabilities associated with keeping that information secure. Internet media outlets also benefit by being able to continue providing free to consumer apps and supporting them through advertising.
While Personagraph doesn’t claim to be the end-all service for protecting privacy on the Internet, we believe that Personagraph can help consumers feel better about receiving targeted offers as well as providing Internet marketers with new and potentially lucrative business models to support the emerging mobile media environment which should be a win-win for all.
1) Do Not Call is a program created by US Federal law which allows consumers to voluntarily register their phone numbers with a central registry and prohibits most telemarketers from calling those numbers.