Most of you are familiar by now with the Wall Street Journal’s “What They Know” series of articles, focused on privacy, data collection and the techniques used to deliver relevant online advertisements to consumers. At Epic Media Group, we applaud all efforts to have an open and thorough review of these critical issues. As one of the few Better Business Bureau accredited digital marketing companies, we have been vocal advocates for protecting consumer data, and for providing education about what we and our industry do, as well as the measures we take to address consumer protection and privacy issues.
The reason we are addressing this topic again is because of the 13th article in the WSJ’s ongoing series, titled “Your Apps Are Watching You”, published December 18th. In that article, a (former) employee of ours’ is quoted, and we’d like to correct the record. More importantly, we’d also like to share our perspective on the mobile advertising ecosystem overall.
Correcting Several Misstatements
Before we get into the topic of mobile device (smartphone) advertising, we need to correct a few misstatements that were made in the article about our Traffic Marketplace unit:
- We do not receive or otherwise have access to smartphone Unique Device Identifiers (UDIDs) in the course of our advertising operations. Instead, we rely on mobile exchange service providers to place our advertiser’s messages on mobile devices. Our service providers deploy the technology and capability to target UDIDs … in other words, Traffic Marketplace does not engage in any UDID targeting ourselves.
- Our mobile exchange providers have relationships with mobile applications, and the mobile exchange providers may be supplied with anonymous smartphone app data along with the UDID by the applications. The providers then further anonymize this non-personally identifiable data and aggregate it into high-level marketing segments based on implied consumer interests, e.g., “soccer moms”. Note that our primary mobile exchange service provider uses ten (10), very general, segments.
- Traffic Marketplace provides our clients’ ads to our mobile exchange providers, who then serve the ads on mobile applications to the relevant marketing segment. For example, we would rely on a mobile exchange service to show a diaper ad to their “soccer mom” marketing segment.
- Traffic Marketplace does not have the ability to identify any UDID, and certainly no personally identifiable information, within that high-level mobile marketing segment.
So again, and to be perfectly clear: notwithstanding the comments in the WSJ article, Traffic Marketplace does not see the UDID, does not monitor smartphone users at all (anonymously or otherwise), and does not monitor what a given anonymous smartphone user does with their app.
Traffic Markeplace does benefit from the fact that our mobile exchange service providers have UDIDs passed to them from 3rd party apps. As mentioned above, we rely on the high-level marketing segments that our service providers create, much like a traditional advertising agency would rely on a television station to tell it what demographic segment watches its channel.
But What About Mobile Device Advertising and Privacy?
So much for our role in the mobile advertising ecosystem. Limited as it is, though, we’d still like to address two major questions which were raised by the WSJ article:
Is the Unique Device ID (UDID) personally identifiable information? The answer is an emphatic NO in the case of any 3rd party entity that receives it, like an app developer, or a mobile exchange service provider. The WSJ article acknowledges this, although the overall sense of the article seems to imply otherwise. For a UDID to be connected to a consumer’s actual identity would require a connecting piece of information that links the actual person to the UDID. No company in the mobile advertising ecosystem does – or even can – do this today outside of the major smartphone and smartphone operating system providers themselves (who vigorously protect and do not release such data). This merits repeating: the UDID itself does not lead back to personally identifiable information.
Can a smartphone consumer opt out of advertising targeting? The answer is YES. While it is true that the anonymous UDID cannot itself be “turned off”, an increasing number of mobile exchange service providers – including those that we work with – provide an opt-out provision from targeting. This is not yet pervasive in the ecosystem, but proactive efforts by a number of responsible companies (including our partners) are driving towards enhanced adoption of such standard practices. Moreover, consumers can also opt out of location-based targeting directly on their device in many cases.
Responsible Digital Marketing: It Exists
Along with other responsible members of the mobile advertising ecosystem, and digital marketing overall, we believe strongly that consumer trust and a set of robust standards (and standards enforcement) around the safeguarding of consumer privacy are crucial to the long-term viability and health of our industry. The fundamental covenant of online advertising is that Data, whether collected in the form of UDIDs or in the form of browser cookies and/or pixels, is and must remain anonymous and not tied to any one individual. To be abundantly transparent on this point: we serve ads to devices (a computer, a mobile phone, etc.), but in the process of doing so, we cannot connect such a device to, nor do we know the identity of, any actual person. Period.
Like advertising service companies have done for their clients long before the Internet or the smartphone existed, our job is to help advertisers reach their best potential customers, and to do so responsibly and with a strong duty of care. In digital marketing, we do this by focusing on anonymous and non-personally identifiable data, using pattern / statistical analysis on billions of pieces of anonymous data (or in the case of mobile, relying on a separate company to do such analysis for us). This data analysis on enormously large data sets allows us to reach a more narrow target audience on behalf of an advertiser than, say, is possible on television, or on radio. Indeed, the promise of the digital sector is to enable an advertiser to offer a message to a consumer which is more relevant – and thus less annoying or superfluous – than what she or he might be exposed to in a mass market medium.
As the world becomes increasingly digital, we at Epic Media Group are playing a leadership role in the self-regulation efforts and the standards of conduct promulgated by the industry governing organizations of our sector. We are one of the leading companies pressing for heightened industry-wide compliance efforts. Moreover, as a company, Epic Media Group has invested substantial amounts in our own internal and external compliance and privacy protection efforts. We, along with many other companies in our industry, work hard to do the right thing, because being responsible stewards of digital marketing is the only viable answer for sustainable commercial success.
– Don Mathis is the President & Co-CEO of Epic Media Group, and is also a ranking Naval Officer currently on reserve duty and with anti-terrorism – including cyber protection – qualification and experience. He is an honors graduate of Harvard Business School, where he was a principal organizer of the Harvard University Leadership & Ethics Forum. While COO at Epic, he founded the company’s forensic compliance and privacy unit, now a full subsidiary (Online Intelligence) led by a former FBI Special Agent and cyberfraud expert.
1 Response to “Setting the Record Straight (Again) on Privacy”