Opting out of targeted ads too hard, privacy advocates say

But online vendors say opt-in mechanisms wouldn't work

The online advertising industry and U.S. policy makers need to give online users more control over the collection of personal data and surfing habits beyond the traditional opt-out approach, some privacy advocates said Wednesday.

Dozens of online ad networks allow users to opt out of being tracked as a way to deliver behavioral advertising, and in most cases, the opt-out is stored in a cookie that goes away every time the users clear their browser cookies, privacy advocates said during a discussion of online advertising at the Computers, Freedom and Privacy Conference in Washington, D.C.

Some advertisers require that people opt out of targeted advertising every month, and some advertisers make the opt-out link difficult to find, said Christopher Soghoian, a fellow at the Berkman Center for Internet & Society at Harvard University. Some opt-out mechanisms aren't even functional, he said.

Soghoian, while creating a single opt-out mechanism for the Firefox browser, found more than 40 advertising networks, he said. "How can we expect consumers to visit 40 or 50 different online advertisers, opt out, then revisit these sites every six months or every year, and then, when they delete their cookies, go back again?" he asked.

Representatives of Google, Microsoft and the Interactive Advertising Bureau (IAB) all agreed that current opt-out mechanisms can be confusing. "You can't have 50 opt-out pages, we understand that," said Mike Zaneis, vice president for public policy at the IAB.

But about 30 ad networks, delivering around 90 percent of all online ads, are members of the Network Advertising Initiative, which offers a single opt-out cookie, Zaneis said.

Some audience members called on the U.S. government to require that advertising networks get opt-in approval before tracking Web behavior. One audience member suggested opt-out requirements are unfair business practices that should be investigated by the U.S. Federal Trade Commission.

But opt-in approval would require advertising networks to authenticate users, thus requiring ad vendors to collect more personal data, said Jane Horvath, Google's chief privacy counsel.

Only a small percentage of consumers will opt in to behavioral advertising, but such ads are a valuable tool, added Michael Hintze, associate general counsel at Microsoft. Targeted ads bring in four to 10 times the revenue of untargeted ads, he said.

Many ads aren't behavioral; some online advertising works with contextual ads based on the content of the Web page, Hintze said. An airline advertising on a travel Web site would be a contextual ad.

"If behavioral ads went away, there would still be ads online," Hintze said. "But in light of the fact that offline newspapers are going out of business left and right, when you think about content online like in-depth reporting on foreign policy issues or really important public policy issues, there's no product associated with that. What is the ad model that's going to support the development of that kind of content?"

Behavioral advertising is the only model that can support that kind of journalism, Hintze said. "Really, the only [model] I'm aware of is that in some cases, we can know that the person reading this in-depth article about our relationship with North Korea has an interest in sports," he said.

But Hintze and Horvath both said they'd support legislation from the U.S. Congress that clarified online privacy rules. More industry self-regulation and legislation are both needed, Hintze said.

He may get his wish. Representative Rick Boucher, a Virginia Democrat, has said he will push for legislation requiring opt-in approval for online tracking, and new FTC Chairman Jon Leibowitz has said he prefers an opt-in approach.

Privacy advocate Jeffrey Chester, executive director of the Center for Digital Democracy, called on the FTC and Congress to take action to protect U.S. consumers. Online ad companies are now researching neuroscience as a way to target users' on a subconscious level, he said.

"Individuals need to understand, in a concise way, the full range of data collection and analytical tools [online companies] are using," he said. "We're not having a debate here solely about data collection. We're having a fundamental debate about human dignity and civil liberties and political freedom."

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata collectionprivacy

More about Federal Trade CommissionFTCGoogleHarvard UniversityInteractive Advertising BureauMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts