Online Publishers, Advertising and Privacy Considerations

By Eric Goldman

I recently spoke at OMMA Global on a panel entitled “Can Publishers Take Ownership of Privacy?” This panel focused on the role of online publishers in the marketing-and-privacy discussions. Most of the privacy angst has focused on other intermediaries in the advertising ecosystem, such as ad networks. However, online publishers play a crucial but under-discussed role in privacy considerations as well.

I made the following three points in my brief introductory remarks:

1) Our privacy regulatory architecture of “notice and choice” requires that publishers actually give their consumers notice and choice, but I’m routinely flummoxed by publishers who balk at doing both. Publishers often rely on dense obfuscating language to mask their true behavior–eviscerating the notice part of “notice and choice”–and will broadly interpret user consent or opt-in beyond the consumer’s clear consent. If publishers want to enjoy the benefits of a “notice and choice” regulatory regime, then they have to deliver accordingly. No excuses, no corner-cutting, no BS.

2) I am also amazed at how often publishers let third party vendors place web beacons on their pages or otherwise let third parties have access to their server logs. Routinely consumers are “informed” in obscure or vague privacy policy references that third party vendors might have access to logs (i.e., “we might use third party vendors, so trust us”). At best, the privacy policy links the consumer to the vendor’s own privacy policy, at which point the publisher pats itself on the back and feels like it has checked off the “notice and choice” box. But this isn’t notice or choice; 99% of consumers won’t even look at the privacy policy, and exactly what choice do they have…to follow the daisy-chain of privacy policies to try to assemble the overall picture of what is happening to the consumer and his/her data?

More importantly, I think publishers underestimate the competitive risks of letting other vendors put web beacons on their pages. Every vendor who’s listening in via the web beacon knows pretty much everything about the publisher’s online business. The publisher can try to handcuff the vendor’s enjoyment of that data in the contract; but as we know, too many contracts are not worth the piece of paper they’re written on.

As a result, I think publishers need to think long and hard about letting vendors put beacons on their pages or otherwise granting vendor access to the publisher’s server logs. Publishers need to evaluate it from a competitive standpoint, and publishers need to act as a proxy for their consumers’ interests given that consumers don’t have any meaningful notice or choice in the situation. After all, if something blows up, it’s the publisher’s trust relationship with its consumers that will suffer.

3) Personally, I don’t have any problem with providing publishers with more information about me–even PII–so long as they actually provide enhanced value to me. However, in far too many situations, I don’t see any extra value from the publisher despite the information I provide. I keep getting the same crappy ads I’d get if they knew nothing about me. So, publishers: if you want better info about me, deliver better value to me. On the flip side, when publishers keep doing a crummy job after asking me to personalize my experience, I will absolutely hold it against them.