Last week, Facebook announced changes that expanded the sharing of consumer data with a select set of third-party partners, and it only took a matter of days for lawmakers to press Facebook for changes and government agencies for more oversight. The fact Washington took note of Facebook’s changes isn’t at all surprising; in fact, it was inevitable. But what happens next—and what this means to marketers—is not inevitable and depends a great deal on how proactive Facebook becomes on education, transparency and cooperation with lawmakers and privacy watchdogs.
Frank Gertsenberger, VP of Product Marketing for Audience Science wrapped up day one with an excellent update on privacy concerns and expected changes due to FTC and congressional work on behavioral advertising policy.
The concern is that even though data is being collected anonymously, when enough anonymous data points are collected, is an individual still anonymous?
Four entities are running concurrently to tackle this challenge:
The FTC began investigating data practices about two years ago and determined that the risk with behavioral marketing is that consumers are not aware of what data is being collected; current privacy policies are insufficient at explaining how consumer data is employed with behavioral marketing.
Congress – A subcommittee was convened last year to quantify the value of behavioral marketing in order to determine its value in the online economy. Through studies supported by the NAI (the network advertising initiative), Congress now understands this and is outlining a policy outlining what the baseline protections should be for consumers.
NAI– A membership organization which now represents more than 80% of all online ad spend, and created studies focused on answering Congress' need to value behavioral marketing. Also helps audit member sites to aid compliance efforts.
The Associations – This is a collection of online advertising associations like the DMA (direct marketing association), the IAB (interactive advertising bureau) and the ANA (association of national advertisers). This group is taking a pass at developing requirements for providing enhanced notice to consumers.
On March 30, 2010, Yale University placed a migration to Google Apps for its email services on hold over privacy and security concerns, especially regarding a lack of transparency about in what country its data would be stored in.
Michael Fisher, a computer science professor involved in the decision, said that “People were mainly interested in technical questions like the mechanics of moving, wondering ‘Could we do it?’ ,but nobody asked the question of ‘Should we do it?’” and went on to say that the migration would “also makes the data subject to the vagaries of foreign laws and governments, and “that Google was not willing to provide ITS with a list of countries to which the University’s data could be sent, but only a list of about 15 countries to which the data would not be sent.”
This closely aligns with our January report, “As IaaS Cloud Adoption Goes Global, Tech Vendors Must Address Local Concerns” which examined security and privacy issues involved in moving data to the cloud, especially when it’s no longer clear what country your data will reside in. In this report, we offered that IaaS providers should give “guidance on where data is located and location guarantees if necessary. Rather than merely claiming that data is in the cloud, tech vendors must be prepared to identify the location of data and provide location guarantees (at a premium) if required.”