Setting the Record Straight (Again) on Privacy

Most of you are familiar by now with the Wall Street Journal’s “What They Know” series of articles, focused on privacy, data collection and the techniques used to deliver relevant online advertisements to consumers. At Epic Media Group, we applaud all efforts to have an open and thorough review of these critical issues. As one of the few Better Business Bureau accredited digital marketing companies, we have been vocal advocates for protecting consumer data, and for providing education about what we and our industry do, as well as the measures we take to address consumer protection and privacy issues.

The reason we are addressing this topic again is because of the 13^th article in the WSJ’s ongoing series, titled “Your Apps Are Watching You”, published December 18^th. In that article, a (former) employee of ours’ is quoted, and we’d like to correct the record. More importantly, we’d also like to share our perspective on the mobile advertising ecosystem overall.

Correcting Several Misstatements

Before we get into the topic of mobile device (smartphone) advertising, we need to correct a few misstatements that were made in the article about our Traffic Marketplace unit:

• We do not receive or otherwise have access to smartphone Unique Device Identifiers (UDIDs) in the course of our advertising operations. Instead, we rely on mobile exchange service providers to place our advertiser’s messages on mobile devices. Our service providers deploy the technology and capability to target UDIDs … in other words, Traffic Marketplace does not engage in any UDID targeting ourselves.
• Our mobile exchange providers have relationships with mobile applications, and the mobile exchange providers may be supplied with anonymous smartphone app data along with the UDID by the applications.  The providers then further anonymize this non-personally identifiable data and aggregate it into high-level marketing segments based on implied consumer interests, e.g., “soccer moms”.  Note that our primary mobile exchange service provider uses ten (10), very general, segments.
• Traffic Marketplace provides our clients’ ads to our mobile exchange providers, who then serve the ads on mobile applications to the relevant marketing segment.  For example, we would rely on a mobile exchange service to show a diaper ad to their “soccer mom” marketing segment.
• Traffic Marketplace does not have the ability to identify any UDID, and certainly no personally identifiable information, within that high-level mobile marketing segment.

So again, and to be perfectly clear: notwithstanding the comments in the WSJ article, Traffic Marketplace does not see the UDID, does not monitor smartphone users at all (anonymously or otherwise), and does not monitor what a given anonymous smartphone user does with their app.

Traffic Markeplace does benefit from the fact that our mobile exchange service providers have UDIDs passed to them from 3^rd party apps. As mentioned above, we rely on the high-level marketing segments that our service providers create, much like a traditional advertising agency would rely on a television station to tell it what demographic segment watches its channel.

But What About Mobile Device Advertising and Privacy?

So much for our role in the mobile advertising ecosystem. Limited as it is, though, we’d still like to address two major questions which were raised by the WSJ article:

Is the Unique Device ID (UDID) personally identifiable information? The answer is an emphatic NO in the case of any 3^rd party entity that receives it, like an app developer, or a mobile exchange service provider. The WSJ article acknowledges this, although the overall sense of the article seems to imply otherwise. For a UDID to be connected to a consumer’s actual identity would require a connecting piece of information that links the actual person to the UDID. No company in the mobile advertising ecosystem does – or even can – do this today outside of the major smartphone and smartphone operating system providers themselves (who vigorously protect and do not release such data). This merits repeating: the UDID itself does not lead back to personally identifiable information.

Can a smartphone consumer opt out of advertising targeting? The answer is YES. While it is true that the anonymous UDID cannot itself be “turned off”, an increasing number of mobile exchange service providers – including those that we work with – provide an opt-out provision from targeting. This is not yet pervasive in the ecosystem, but proactive efforts by a number of responsible companies (including our partners) are driving towards enhanced adoption of such standard practices. Moreover, consumers can also opt out of location-based targeting directly on their device in many cases.

Responsible Digital Marketing: It Exists

Along with other responsible members of the mobile advertising ecosystem, and digital marketing overall, we believe strongly that consumer trust and a set of robust standards (and standards enforcement) around the safeguarding of consumer privacy are crucial to the long-term viability and health of our industry.  The fundamental covenant of online advertising is that Data, whether collected in the form of UDIDs or in the form of browser cookies and/or pixels, is and must remain anonymous and not tied to any one individual. To be abundantly transparent on this point: we serve ads to devices (a computer, a mobile phone, etc.), but in the process of doing so, we cannot connect such a device to, nor do we know the identity of, any actual person. Period.

Like advertising service companies have done for their clients long before the Internet or the smartphone existed, our job is to help advertisers reach their best potential customers, and to do so responsibly and with a strong duty of care. In digital marketing, we do this by focusing on anonymous and non-personally identifiable data, using pattern / statistical analysis on billions of pieces of anonymous data (or in the case of mobile, relying on a separate company to do such analysis for us). This data analysis on enormously large data sets allows us to reach a more narrow target audience on behalf of an advertiser than, say, is possible on television, or on radio. Indeed, the promise of the digital sector is to enable an advertiser to offer a message to a consumer which is more relevant – and thus less annoying or superfluous – than what she or he might be exposed to in a mass market medium.

As the world becomes increasingly digital, we at Epic Media Group are playing a leadership role in the self-regulation efforts and the standards of conduct promulgated by the industry governing organizations of our sector. We are one of the leading companies pressing for heightened industry-wide compliance efforts.  Moreover, as a company, Epic Media Group has invested substantial amounts in our own internal and external compliance and privacy protection efforts. We, along with many other companies in our industry, work hard to do the right thing, because being responsible stewards of digital marketing is the only viable answer for sustainable commercial success.

– Don Mathis is the President & Co-CEO of Epic Media Group, and is also a ranking Naval Officer currently on reserve duty and with anti-terrorism –  including cyber protection – qualification and experience. He is an honors graduate of Harvard Business School, where he was a principal organizer of the Harvard University Leadership & Ethics Forum. While COO at Epic, he founded the company’s forensic compliance and privacy unit, now a full subsidiary (Online Intelligence) led by a former FBI Special Agent and cyberfraud expert.

Online Privacy: What’s At the Heart of the Recent Debate

Perhaps the hottest topic in the interactive marketing industry over the last several months is online privacy. A few fairly major developments that have occurred were led by our industry’s foremost trade organizations, and the news media has spent a hefty portion of time and resources covering best (and some say worst) practices relating to data collection, targeting, privacy protection and self-regulation. I wanted to take this opportunity to set the record straight about what Epic Media Group stands for, believes in, and aims to practice in the coming months and years.

The first thing to know is that we take online privacy very seriously. Anyone in the business of serving targeted ads to users must put personal privacy issues at the forefront.  Moreover, we are all consumers and most of us spend increasing amounts of time using the internet. As a consumer, I know I certainly don’t want to have my privacy put in jeopardy or have certain types of data used nefariously, and I wouldn’t put others in that position either.

Our major governing trade bodies including the IAB, NAI, DMA recently announced a sweeping self-regulatory program aimed at providing consumers greater education and control over the collection and use of non-personally identifiable data for online behavioral targeting purposes. Our company supports this effort because we believe it is important for consumers to have transparency about what data is being collected, when and how it is used.  Nowadays, while most consumers understand that there is a lot of information on the internet that can be collected, programs like this provide important transparency. Further, we do not believe that government intervention or regulation is necessary as this would stifle burgeoning interactive businesses and creativity and reduce ad-subsidized free content on the Web, which would lead to unfortunate outcomes such as higher unemployment and stagnant economic growth.

The bottom line is that we as an industry are fully capable of marketing responsibly and transparently to consumers.  In most cases this is exactly what occurs, though this behavior doesn’t make big headlines so it’s generally not the angle covered in the news.

The issue of online privacy is complex and may be confusing when analyzing exactly how information is collected, transmitted and used.  Use of terms such as apps (applications), IP addresses, user IDs, and “PII” are foreign to many consumers, but we believe they shouldn’t be. We believe clarity, transparency, and education of end users is in everyone’s best interest. We think the “what, when and how” are extremely important to consumers – in other words, “what” is being collected about them, “when” it is being collected, and “how” it is being collected. Though well-meaning, articles that concentrate only on problems rather than explaining standard, carefully deployed industry practices act as a scare tactic rather than facilitating a constructive conversation that people can understand.

It is helpful to break down the issues. As consumers, you are all familiar with advertisers. You come into contact with hundreds of companies every day trying to sell you products or services through commercials, billboards, subway ads, etc.  How many of them are directly relevant to your lifestyle and interests?  Very few, right?  This is because in most offline advertising there is no way to direct the most relevant and customized ads to an individual consumer. Most aim to cast a wide net over the most people possible hoping to find the right audience for their products and services.

There is where online marketing can be different and specialized. We have the tools necessary to understand people’s interests and purchase intent by anonymously recording interaction with an advertisement or website, the click of a mouse, or an e-commerce purchase, etc. Internet users, by and large, expect to see ads as they consume free content, and generally prefer customized ads that match their interests and lifestyles.  Would a 25 year old single male prefer to receive untargeted ads about diapers, or targeted ads for outdoor clothing based on their history of visiting hiking websites?  Advertising companies seek anonymous data to serve ads that are relevant, and this must be balanced against the concern that personalized data might fall into the wrong hands creating a “creepy” factor – like where “big brother” knows too much about them.

The crux of the issues covered lately in the media point to the important question: “How much data should the advertising community have about me, and what types of data are acceptable?” On the one hand there are plenty of scary stories about privacy issues, and on the other articles about the importance of customized and effective advertising to support the incredible value of free internet content.

It is abundantly clear that our entire industry has a ways to go in educating the media and general public about the core issues of what, when and how information is collected. This responsibility falls to companies and market leaders in the interactive industry. I think we all agree that online advertisers and their partners need to be responsible about disclosing how data is collected and what it is used for.  As long as consumers are properly educated and are given appropriate controls, then the industry will progress on its’ own and some of the ill-conceived articles will dissipate.

And here’s an important point: self-regulating organizations in the industry really do want consumers to be comfortable.  That work is being completed by  industry groups such as the NAI and IAB, but it also must come from nearly all of the companies in our space that want to grow by serving consumers who enjoy the benefits of the internet.  We all have self-interest, as well as human interest, in establishing appropriate norms to alleviate privacy concerns.  We want consumers to have more control in the process. The internet itself, as well as the technology on which it is built, affords consumers such control, the key is in educating people what those controls are.

The movement made by our leading trade organizations serves to illuminate these controls, and the advertising community and membership companies are supportive of it too. Look no further than here to learn more about behavioral advertising, cookies, and browser controls: http://www.aboutads.info/consumers.

We require our advertising and website partners to clearly indicate what data is collected and how it is used.  As a member of the NAI and IAB, we offer consumers the ability to opt-out from receiving customized ads.  We also look forward to supporting our advertising clients and helping the industry evolve by providing consumers with the tools they need to manage their own privacy concerns in the months and years ahead, and continuing to play an active role in the growth of our industry.

Art Shaw, CEO, Epic Media Group