About AEF | Newsletter | Site Map | Legal | Advanced Search
Print Version

Getting Personal
A host of privacy bills are hitting advertisers where it hurts—but will the industry fight back?

The Internet is no longer the wild, wild West. Settlers have arrived and the gentrification process is having a chilling effect on advertisers.

E-commerce sites now face a barrage of proposed bills by lawmakers skeptical of the industry’s ability to police itself when it comes to protecting consumer privacy on the Net. The Federal Trade Commission also is compiling its own report, focusing on how consumers access their personal data collected by commercial Web sites, and how that data is protected.

Advertisers are bracing for the worst possible outcome: a law that will prevent them from using the Web to effectively deliver messages to the most interested customers. “The whole question of target marketing is at risk here,” says Dan Jaffe, executive vice president of the Association of National Advertisers.

Given the stakes, critics argue that the ad industry has been slow to fight back. “This screams for a campaign to tout the benefits of targeted marketing,” says one source who requested anonymity. “The industry is doing nothing to protect that right.”

Advertising lobby groups such as the American Association of Advertising Agencies, the Association of National Advertisers and the Direct Marketing Association have discussed the idea of launching a $15 million to $25 million ad campaign to educate the public about privacy issues. But the groups would have to raise the money first. “We are seriously looking for ways to address consumers directly about privacy,” says John Kamp, a senior vice president for the Four A’s.

So far, only IBM has been willing to offer $1 million toward such a campaign. It’s not the first time the company has been willing to step up to the plate on privacy issues. In an attempt to head off legislation last year, IBM pulled its Internet advertising from any commercial Web site that did not post a clear privacy policy.

What’s driving the public’s fear, and consequently Capitol Hill’s interest, are plans by Web ad networks such as DoubleClick and 24/7Media to link a consumer’s personal identity to the anonymous data it collects from Internet users. The debate has been so heated that DoubleClick announced March 2 that it will halt its plans to merge such data “until there is agreement between government and industry on privacy standards,” said DoubleClick CEO Kevin O’Connor.

Just Ask

Advertisers are particularly worried by a bill introduced Feb. 10 by Sen. Robert Torricelli, D-N.J. The Secure Online Communication Enforcement Act of 2000 would require commercial Web sites to get a consumer’s permission to collect personal information. What that means is Web sites would have to get agreement first before placing a cookie—stored text files that allow e-marketers to view a history of a user’s online behavior—on a browser. Users can already set their browsers to notify them when a cookie is placed, but that can be very disruptive. Cookies are everywhere on the Net, so the warnings would constantly pop up.

“Rather than opting-out of having personal details shared, the burden should be placed on companies to contact consumers so that they have control over whether or not personal information is disclosed,” Torricelli said in a “Dear Colleague” letter sent to other Senators to gather support for his bill. “Consumers have a right to know why Web sites are collecting personal information, the extent to which it will be put to other uses, whether it will be shared with others, and how long they intend to keep it.”

Advertisers counter that users will quickly become frustrated if they have to click on a permission box first before entering any commercial Web site. “You are going to turn a superhighway into a residential street with numerous bumps and stop lights every few feet,” says Jaffe. “You can turn the Internet experience into a nightmare.”

A bill by Torricelli, chairman of the Democratic Senatorial Campaign Committee—the party fundraising arm for the Senate—could signal that the Democrats are interested in making privacy a platform issue in the upcoming election. While Senate Democratic Leader Tom Daschle, D-S.D., has not endorsed any specific privacy bill, he has put together a Senate task force to examine what should be done to protect the public’s privacy.

Meanwhile, in the House, Congressman Asa Hutchinson, R-Ariz., and Jim Moran, D-Va., introduced a bill March 15 to create a 17-member commission to study online privacy, identity theft and the protection of personal health, medical and financial records. “The purpose of this commission is to find solutions that will aggressively protect individuals’ privacy without enacting narrow-focused, helter-skelter laws that could result in unintended harmful consequences,” Hutchinson said.

Two privacy bills were also introduced last year. The Online Privacy Protection Act of 1999, introduced April 15 by Sen. Conrad Burns, R-Mont., would require the FTC to develop regulations to protect an adult’s privacy on the Web. On the House side, Rep. Edward Markey, D-Mass., introduced the Electronic Privacy Bill of Rights Act of 1999 on Nov.10. This bill also would require Web sites to get permission before collecting private data. They must also notify users if their personal information has been sold to another party.

The FTC established an Advisory Committee on Online Access and Security in January. FTC chairman Robert Pitofsky will use the 30-member committee’s final recommendations to determine if industry self-regulation is doing enough to address concerns over privacy. Among the issues being considered: What procedures should Web sites follow to allow users access to personal information collected about them? Should Web sites provide users with a way to correct mistakes in their data? What security measures are being taken to protect confidential data, and what notification is required if a Web site plans to release or sell private data to a third party? The final report is due to Pitofsky May 15.

Pitofsky, who has been supportive of industry self-regulation in the past, is troubled about merging data about a user’s online surfing with information that exists on them in the offline world, such as retail catalogue purchases. What alarms advertisers if Pitofsky’s desire to give offline data collection procedures the same level of scrutiny now being applied to online techniques.

“It is at least worth considering why the same arguments that lend such force to efforts to protect online privacy do not apply with roughly equal weight to information gathering in the offline world,” Pitofsky said in a recent speech. “A recent survey reiterates consumers’ ongoing heightened concerns about online privacy, but makes clear that consumers have high levels of privacy concerns in the offline marketplace, as well. We should not ignore these concerns.”

To make advertising effective on the Web, advertisers need to present messages that consumers are likely to respond to. The average percentage of users who click on single banner ads has been declining. At the end of last year, less than 1 percent of users clicked on an ad compared with 2 percent in 1998.

“Advertisers are saying we are getting less out of it so we should be paying less,” says Nick Nyhan, president of Dynamic Logic, an online research company in New York. And, he notes, as clickthrough rates have fallen, more emphasis has been placed on profiling. The assumption is that the more targeted the ad, the more likely someone will click on it.

Nyhan argues, however, that advertisers have erroneously focused on profiling as the answer to declining clickthrough rates, when they should instead focus on applying some of the traditional ways advertising is measured on the Web. “Clickthrough is the equivalent of seeing the ad on the top of a taxi cab and jumping into the cab and saying to the driver: ‘Take me to the store advertised on top because I’m going to buy something,’” Nyhan says. “How realistic is this?”

Awareness levels, purchase intent, message association and advertising recall are all traditional measurements that advertisers have used for years. To make online advertising effective, Nyhan says the industry has to embrace branding and attitude measurements. Once that happens, he says, the privacy debate will disappear.

“To do attitudinal research, someone has to give us permission to survey their opinion,” Nyhan says. “I can’t force them to do it and I can’t force them to do it without their explicit agreement.”

Nyhan’s company promotes a research tool called AdIndex, which surveys consumer exposure to a banner ad to measure awareness. Clients include Procter & Gamble and MVP.com, the online sporting goods site.

The Cookie Trade

David Moore, CEO of 24/7 Media, an ad network based in New York, maintains that users will accept profiling provided their permission is asked for first. 24/7 has a data-gathering method similar to DoubleClick’s. Through an agreement with Naviant, which handles online product registrations for companies including IBM, 24/7 can place a cookie when a user provides personal information in return for receiving product offers. Moore says the key is a strong privacy policy that fully discloses to consumers how their personal information will be used before they register.

In the end, Moore thinks commercial Web sites have not done a very good job of telling consumers what they are doing with their data. “The philosophy is, you have to be overt, not covert,” he says. “To the extent you are doing things the consumer is unaware of, that is what creates the problems. The solution is, let consumers make the choice.”


Wendy Melillo, March 27, 2000, Adweek

Copyright © 2000 Adweek and BPI Communications Inc. All rights reserved.