When you ‘like’ something on Facebook or read an online newspaper, perhaps a dozen or more companies are squirrelling away data on your tastes, your habits, whether you’re male or female, old or young, gay or straight.
They mean no harm. They just want to give you, the customer, exactly what you want – it’s the grandfather of all business slogans. Their dilemma, now regulators’ noses are twitching, is how to serve you, and serve themselves, when what you want is to be left alone.
There are thousands of analytics companies, audience targeters, ad brokers, ad exchanges and the like that can collect and sell data-based services on internet users for 5,000 euros a time to big brands, which then buy ad space where their potential customers might be lurking.
You only know these trackers are at work if you read the fine print. The New York Times has a disclaimer saying it hires WebTrends and Audience Science to interpret its readers’ interests, and Britain’s Guardian newspaper says it pays Criteo and Quantcast, among others, to do the same.
Sometimes a website can sell ad space to, for example, a luxury hotel, within three seconds of knowing a person with a penchant for spa breaks is on their site. The website running the ad earns money when people click on it. It is their lifeblood.
“There is no way websites will survive without targeting,” said Kimon Zorbas from the Internet Advertising Bureau, an online ad lobby in Brussels.
Analysts estimate that targeting has almost tripled what brands pay websites to run their ads. In the United States, online ad revenue was just shy of $15-billion in the first half of 2011, 23 per cent higher than the previous year. Figures for the European Union are harder to come by.
In Europe, outfits like Nugg.ad, which serve big brands such as L’Oreal and Eastman Kodak Co., place small parcels of code, or “cookies”, on a site visitor’s computer so they can see what kind of content a person clicks on. Then they write algorithms that make assumptions about what people might buy online.
L’Oreal thus increased its ability to reach their ideal buyer by 168 per cent, according to figures from Nugg.ad.
Now regulators want to put the brakes on tracking.
The United States and the European Union both say they want people to choose whether ad firms can collect their data or not, but disagree over how much choice readers should have.
European regulators want companies to seek explicit consent for tracking, while the United States is happy to leave the initiative with the web user.
The EU agreed new rules on internet privacy in May last year, putting the onus on member states to ensure that companies store user data only if the user is provided with “clear and comprehensive information” about the purposes of and access to that data and has given their consent.
The ePrivacy Directive does not give any guidelines as to what constitutes user consent, but says that cookies, unless “strictly necessary for the delivery of a service requested by the user”, can not be placed without it.
Many countries are struggling to put the rules into effect. In Britain, the regulations allow for consent to be signified by future browser settings that have yet to be introduced, and companies have been given until May 28 this year to comply. In Germany, regulators are not that far along. They are trying to please the EU without turning the Internet into a jungle of pop-ups.
“We have a big problem matching regulatory demands with technical practicalities,” said Ninja Marnau, a lawyer from the data protection commissioner’s office in Schleswig-Holstein.
“This is operationally and technically a nightmare,” said Phil Lee, a lawyer from Field Fisher Waterhouse.
Based in London, Mr. Lee is advising companies in the United States and EU on how to walk the tightrope of satisfying EU requirements without going much further than the U.S. standard.
Given the choice, nearly half of web users in the United States and Britain want some distance between their data and ad companies, surveys by analytics firms show.
And the job of developing a tool to give users cover from prying ad firms has fallen to the companies that benefit from the services of the ad firms. The poachers are now guarding the grouse.
Up to 50 blue-chip companies from Facebook to Walt Disney Co. are holding weekly conference calls with a handful of data privacy experts on how users can turn off targeting and how companies can get the regulators off their backs.
Collectively, they are part of the World Wide Web Consortium (W3C), and European regulators have given them until June to deliver something called Do Not Track, a tool first developed by Mozilla’s Firefox, one of the world’s leading web browsers.
Aleecia McDonald from Mozilla, who co-chairs the W3C’s tracking group, said she does not know if they will have the application nailed down by June.
The group is trying to invent a tool that covers all kinds of tracking “to end the arms race” between tracking developers and regulators.
In the meantime, companies who depend on the Web for a significant portion of their business are left wondering how painful Do Not Track will be.
Nugg.ad said it was impossible to say how much revenue would be lost if some regulators get their way and people are forced to choose whether a website can track them or not, “but it could definitely hurt our business”.
European regulators’ insistence on explicit consent to tracking could mean that those who simply forget to switch it on are out of companies’ targeting reach for good, Ms. McDonald said.
Until now retailers have enjoyed almost unfettered access to the 75 per cent of European consumers that have Internet access, and they fear an effective shrinking of the market.
In 2012, online sales in Europe are forecast by the British-based Centre for Retail Research to grow by 16.1 per cent to €233-billion.
Ms. McDonald said it was likely that the overall rate of using Do Not Track would be higher in the European Union than in the United States.
There are already products to shield consumers from trackers, some as standalone software or as add-ons to browsers, and Nugg.ad’s Chief Executive Stephan Noller said the firm had already noticed a slightly higher likelihood among European users to switch some tracking off.
Ironically, there is one form of tracking, geolocation – perhaps the most invasive of all, since it knows where you live, work, eat and play – that could come through the tighter regulation relatively unscathed.
“Because where someone is located may affect how they are treated under law,” said Mozilla’s Ms. McDonald.