W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: Proposed Text for Local Law and Public Purpose

From: Dobbs, Brooks <Brooks.Dobbs@kbmg.com>
Date: Wed, 24 Oct 2012 14:12:46 +0000
To: Chris Mejia <chris.mejia@iab.net>, Walter van Holst <walter.van.holst@xs4all.nl>, "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <2B40EB3A3384EB4CB812241DDDC41D8705EB27@KBMEXMBXPR01.kbm1.loc>
Coming back to the point again for a minuteŠ

The need to keep data for MRC audits has nothing to do with OBA (or rather
nothing specifically to do with Behavioral).  It is about validating the
counting of ALL ad serves.  If behavioral were to cease to exist and there
were only contextual ads sold on sites that had content in demand, then
those impressions would still need to be validated.  And to Ed's earlier
question it isn't that they'd need to be linked to unique individual for
individual purposes, but rather they'd need to be linked to unique
individuals to assure consumption by *an individual* as opposed to any
other "low quality" request.

I am not an MRC expert, but this is certainly what I understand the
process to be - making sure that 1,000 impressions were (to the best of
their auditing ability) seen (or requested) by 1,000 actual human
activated browsing activities.  The lower the confidence in tho, the lower
the accuracy of the "scales", and the less people will pay for pork
bellies.  And again, unlike pork bellies where a visual inspection lets me
estimate "I have at least 10 tons of pork here" - ads may never be seen by
the buyer and confidence in MRC numbers may be all we have.

-Brooks

-- 

Brooks Dobbs, CIPP | Chief Privacy Officer | KBM Group | Part of the
Wunderman Network
(Tel) 678 580 2683 | (Mob) 678 492 1662 | kbmg.com
brooks.dobbs@kbmg.com



This email ­ including attachments ­ may contain confidential information.
If you are not the intended recipient,
 do not copy, distribute or act on it. Instead, notify the sender
immediately and delete the message.



On 10/24/12 9:28 AM, "Chris Mejia" <chris.mejia@iab.net> wrote:

>Walter- your assertion that "online advertising was flourishing before
>behavioral advertising came along" is off base.  First, there are many
>types of "online advertising" and OBA does not apply (or does not apply
>equally) to all forms.  Email marketing for example, saw early success,
>but has been less successful lately-- OBA practices not used widely in
>email marketing.  OBA plays little to no roll in search advertising or
>keyword advertising, both of which have been and continue to be
>successful.  OBA does play a critical role today in online display
>advertising, which was not so successful until OBA.  The reason that OBA
>has elevated online display advertising is because it matches the user's
>interest with ads that may be interesting/relevant to the user.  There is
>no nefarious purpose here, unless of course you think the age-old practice
>of marketing is somehow nefarious?  Maybe that's your point?  That
>marketing itself is bad for the world?
>
>Second, it would be helpful if those chiming in on this forum understood
>how the business on online marketing actually works (vs the
>conspiracy-theory-laden and meritless/fact-less assertions that are often
>propagated here).  OBA and retention of data have a limited relationship,
>but they are not 1-1.  Most companies that practice OBA do not retain
>granular data (in your words: "every little piece of behaviour one can
>exhibit on in the online context for any purpose").  They do not retain
>granular data because, A) it's of no use to them after it's been processed
>for marketing segmentation purposes, and B) because it's very expensive
>and thus not cost effective to just keep around for no business reason--
>no one I know in business (and I know quite a few) do things that cost
>more than they need, as doing so would be fundamentally non-business-like.
> OBA is simply used to segment users into "marketing segments".  Once
>segmentation occurs, retention of url data is not required for OBA, and as
>such, in the vast majority of cases, is deleted or hashed.  Such data may
>be kept for other good reasons (i.e. financial reporting and auditing
>requirements), but to be clear, THOSE THINGS ARE NOT OBA.
>
>Marketers have been segmenting potential consumers into "marketing
>segments" using observed behavior as a tool for doing so, since the
>beginning of consumerism (AD).  If you don't believe me, take trip through
>the Advertising Museum in Tokyo (quite a nice museum and research archive
>I'll add). What we marketers are doing today is no different-- other than
>the scale and speed, which might make it seem scary, but only if you don't
>know what your are looking at.  The vast majority of marketers are not
>interested in keeping detailed "digital dossiers" of absolutely everything
>you do online.  In fact, to me, you are just a number, and quite
>anonymously so.  You are grouped together with millions of other numbers
>in "marketing segments".  And marketing segments (thousands to millions of
>anonymous numbers grouped together) are what marketers buy from publishers
>and ad networks, for the sole purpose of showing their product's ads to
>folks who might be interested in buying.  In fact, this practice which
>pre-dates online, is what fuels modern economy.    So perhaps you have
>issue with the idea of marketing-- to me it sounds that way, given your
>strident rhetoric?  If so, please avail yourself.  But if your issue is
>indeed with the common marketing practice of segmentation, then first take
>some time to understand it (how it actually works), so your comments here
>are informed and productive, rather than misleading.
>
>
>Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
>Interactive Advertising Bureau - IAB
>
>
>
>
>
>On 10/24/12 8:20 AM, "Walter van Holst" <walter.van.holst@xs4all.nl>
>wrote:
>
>>On 10/24/12 1:56 PM, David Wainberg wrote:
>>
>>>>>> the onus is on me to explain privacy risks through examples
>>>>> Please do. There continues to be reluctance to specify the exact
>>>>>risks
>>>>> we're trying to address with this standard. It would be extremely
>>>>>useful
>>>>> for us to finally enumerate the problems we're trying to solve so
>>>>>that
>>>>> we can zero in on the appropriate solutions. Thanks!
>>>> I am sorry David, but we're dealing here with fundamental human
>>>>rights.
>>>> To take a horrible historical analogy: there was much resistance
>>>>against
>>>> abolition of slavery in the Southern US states for economic reasons.
>>> You're comparing online advertising to the enslavement and brutal abuse
>>> of a race of people? With respect, I think hyperbole overshadows your
>>> point, and some may even find it offensive. Perhaps you can think of a
>>> more apt analogy.
>>
>>The core point stands: mere economic interest does not trump fundamental
>>rights. And a society in which every thing you do, read and watch is
>>monitored and registered, be it by private or government entities, is as
>>close to a perfect prison as you can get. And I am not comparing online
>>advertisement with enslavement, I am comparing the collection of every
>>little piece of behaviour one can exhibit on in the online context for
>>any purpose, be it advertising or something else, to enslavement. Online
>>advertising was flourishing before behavioural advertising came along.
>>
>>
>>> Aside from whether this point is hyperbole as well, it is irrelevant.
>>> DNT as conceived by this working group will have little to no impact on
>>> any Orwellian data collection. First parties online, all sorts of
>>> parties offline, and more importantly, governments everywhere will
>>> continue to have the ability to collect large amounts of data about all
>>> of our behavior online and off. If that's the problem we're trying to
>>> solve, we're way off base. Constraining the uses that 3rd parties are
>>> allowed to make of data collected online will give no net benefit to
>>> users in this regard.
>>
>>So you're stating that the whole DNT saga is without merit? If the point
>>is not to allow users to restrict data collection, then what is it?
>>
>>> those, that might be a good route. For example, if access to data and
>>> misuse of it by governments is a particular issue, let's explore that.
>>> It's been mentioned regularly, but has never been approached as a
>>> discrete concern we are trying to address.
>>
>>Governments will (and can in most jurisdictions) access all data
>>gathered. Which in itself is justification for having as little data
>>around as possible. If anything, may I recommend to have a chat with the
>>European telco operators who have been forced to spend vast amounts of
>>money on data retention schemes to satisfy the data hunger of
>>governments? Without any tangible benefit for society whatsoever and all
>>because some of them where keeping that data around anyway for potential
>>marketing reasons.
>>
>>
>>>>
>>>> Do not forget that a lack of privacy also erodes freedom of expression
>>>> by putting barriers to access information.
>>> I'm not entirely sure I understand this point, but I think I see it
>>> completely opposite. Third party online advertising services make
>>> possible a much wider range of content and services than users would
>>> have access to otherwise.
>>
>>Again, you are assuming that I am ranting against any form of third
>>party online advertisement. I am fully aware that advertisement based
>>business models have greatly contributed to the availability of content.
>>What I am opposed to is the correlation of user behaviour over different
>>contexts because it results in a collapse of social context.
>>
>>> This is not how it is in the US. Our law and our culture around these
>>> issues are different. Although we have had many conversations in this
>>> group about how we can try to craft DNT to suit needs in the EU, I'm
>>>not
>>> sure there's an appetite here to import European law to the US via this
>>> standard. This is the justification for my compliance token proposal:
>>> there are significant differences we may not be able to accommodate in
>>>a
>>> monolithic standard.
>>> 
>>
>>Actually, from a EU perspective this standard as a whole is unnecessary
>>because most business practices, at least the one that are publicly
>>known, in this field are in violation of EU-law already. Having a
>>mechanism for consent in the form of DNT is much more significant in the
>>US context than in the EU context. The fact that various EU parties are
>>sitting at the table in this process is in itself a sign that the lack
>>of appetite by the US to import EU concepts (unlike most other
>>democracies on the planet) has been noticed in the EU.
>>
>>Moreover, please be aware that the successor to the Data Protection
>>Directive, the Data Protection Regulation is quite likely to have an
>>extraterritorial scope, the unprecedented lobbying efforts by the US
>>Department of Commerce notwithstanding.
>>
>>Regards,
>>
>> Walter
>>
>>
>
>
Received on Wednesday, 24 October 2012 14:13:14 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:36 UTC