The world of Internet data is complex, fast-moving, and mostly opaque, which makes it easy to game by sophisticated players. Headlines from the past few months have shown that this is not only a concern for consumers who want their privacy respected.
It also is an issue for the trusted brands that these consumers knowingly interact with. Having third parties lurking in the background eavesdropping on audience interactions could divert revenue as well as risk reputational damage. An example would be a publisher with premium audience that advertisers covet. If another company surreptitiously could identify these visitors and capture proprietary data about their relationship with the publisher, it could lure advertisers away from the publisher. An e-commerce site could have its customers ID’ed and marketed to by a competitor working through one of these third parties.
Among the instances that have recently come to light:
- After a wave of negative publicity, Verizon began allowing consumers to opt of its “supercookie” that permitted the company to track browser behavior of users on mobile Internet connections. Verizon’s “Unique Identifier Header” (UIDH) allows the company to enrich programmatic advertising transactions with more specific consumer information, generating revenue by providing better targeting information. The companies whose websites Verizon customers visit also end up losing control of their data, with an increased risk of unauthorized retargeting or remarketing. This program, which has resulted in several lawsuits and an FTC investigation, also lets third party companies access Verizon data to defeat browser cookie deletion.
- Security researchers discovered that sensitive personally identifiable information (PII) was being sent by the federal government’s Healthcare.gov website to more than a dozen online analytics and advertising companies. This included legally protected information such as health conditions, as well as other data such as income, age, and parental status.
- For payments of $250,000, the computer maker Lenovo bundled software from Superfish that analyzed users’ web browsing behavior and injected ads into search engine results and other pages without their knowledge. The manner in which Superfish operates threatens the integrity of all user web browsing because it defeats the system of security certificates that provide consumers peace of mind about the sites their visiting. So when the consumer visited a reputable and trusted publisher or e-commerce site, Superfish could inject content into the user’s browser, making her think that the content was actually coming from the website.
Consumers, digital enterprises and third parties have all benefited from the collection and use of Internet data. It has fueled the innovation of the digital age and funds an array of free services used happily by billions of consumers. But the continued health of this ecosystem demands that the companies doing the data collection are transparent in their operations, not just with the public but with their business partners.