Achieving & Maintaining Privacy on Your Website
An interview with Keynote Director of Privacy Services Ray Everett
Few assets are as valuable to business brands today as their online presence. Fortunes rise and fall with website reputation, and news of even minor missteps can rocket across social networks and dull a brand's luster. And as this year's Google-gate proves out (see accompanying story), running afoul of user privacy is guaranteed to generate bad headlines and user ire. Benchmark recently sat down with Keynote Director of Privacy Services Ray Everett, author and long a leader in online privacy matters, to talk about how website owners can balance the competing priorities of protecting user privacy and maximizing monetization of their sites.
Benchmark: If website owners have privacy policies in place, why do they need to be concerned about tracking?
So if you don't discuss tracking, then you haven't given folks appropriate notice. And if you have a policy that is 'no holds barred, abandon all hope ye who enter here,' that's not going to be very well received by consumers either.
Consumers are increasingly using these tools, whether they are features built into browsers or plug-ins and add-ons that monitor and give consumers a real-time score about the nature and quality of the sites they're visiting. Those are having a real impact on how consumers are becoming aware of privacy practices.
Benchmark: So websites have an interest in protecting privacy. But the flip side of the coin is that advertisers want more specific targeting than just putting an ad on a site because of its content or general user profile. They want behavioral advertising. How are those competing interests reconciled?
Ray Everett: Certainly, website publishers have choices to make about how they monetize their site, and to what lengths they're willing to go to increase that revenue. Having a no-holds-barred approach with regard to tracking and advertising can be more profitable, but it can also leave a bad taste in consumers' mouths.
There's an infamous video online of the CEO of Zynga, Mark Pincus, giving a speech at a conference. And he was basically explaining how, in the early days of Zynga, they drove users to advertisements and forced them into downloads of all sorts of junk – spyware and tracking software, and just shoving all sorts of ads at every opportunity – to the point where he actually had to have them wipe his laptop. He had so many of these things stuck on there that he couldn't use his laptop.
This sort of thing has a real consequence for consumers' experiences. And hopefully the lesson is learned that if you burn consumers, they will burn you, too.
Hopefully companies are making choices that trend towards sustainable relationships with their consumers. And part of that is going to be making choices about how to monetize the site in a way that is consistent with consumers' desires and expectations.
The balance that must be struck is how aggressive you get with your marketing and your revenue choices versus how smooth and unimposing you want your consumer's Web experience to be.
Ray Everett: Sure. The answer is to build strong partner relationships with reliable advertising networks and all parts of the ad ecosystem that you have a connection with. If you reach out and build strong relationships with reputable ad networks, that can be a way to help deliver on the expectations that you set. But you also must understand that the advertising ecosystem is very large and sprawling and chaotic.
And as hard as the ad networks may try to police, there's just so much traffic and so much ad content being drawn from so many sources that the websites themselves will have to monitor the networks for compliance.
It falls to you as a website publisher to keep an eye on your site and understand what's going on. Just as you might, on the operations side, have service level agreements with your website hosting company or bandwidth provider or content distribution network. You have to be able to actually monitor their performance so that you are assured that you're getting what you've paid for.
The same holds true with advertising networks and making sure that they are delivering the content as promised.
Ray Everett: The short answer is yes. A consumer really only has the tools they have. The newest versions of the browsers have more privacy controls, more capability to block or delete cookies as they come in. There's the capability of using private browsing sessions or anonymous browsing sessions that essentially dissociates your browsing during that session from your normal day-to-day browsing.
So if you are going to visit a site that you're not sure of or have some reason to distrust, you can switch on these settings in your browser that will give you a heightened level of anonymity.
But all the websites out there don't always respect those technological measures. There are sites that use, for example, the Flash player to circumvent in-browser cookie blocking. There's a bit of a continuous arms race here with new aggressive advertising techniques and then tools developed to help consumers regain some level of control.
Unfortunately, that arms race continues and at the end of the day, consumers have to take responsibility for their own online experience and do the best they can.
Certainly the industry is working to help make it easier and more reliable for consumers who are going to popular sites from trustworthy sources. But the trustworthy guys tend to be trustworthy, or at least make an attempt at it. The bad guys aren't going to be premier members of industry self-regulatory organizations. They're going to be off in their own little world doing their own thing and try and take advantage of as many people as they can.
Benchmark: How does a website owner know they’re dealing with the good guys?
Ray Everett: The advertising networks have been affiliating themselves for a number of years with various industry organizations such as IAB, the Interactive Advertising Bureau, and industry initiatives such as the Network Advertising Initiative or the Digital Advertising Alliance.
Those organizations have tried to create more opportunities for good guys to demonstrate just how good they are – to develop policies and practices that are geared towards making their activities more transparent to consumers, to make privacy policies more easily understood, to take advantage of the new technologies, and to encourage coding websites so that they respect the signals that those browsers give off when people are trying to block cookies.
Those organizations that are trying to be responsible tend to self-identify by organizing themselves into these industry trade groups. That's a very good place to start.
The reality, though, is that you look at these organizations and they have dozens, or in some cases, 100 members or more. But we've identified over 600 individual advertising networks. A lot of them are not affiliated with any of these organizations. They do not have very transparent policies. They are sometimes very difficult to track down and figure out who exactly the organization is.
Ray Everett: This happens because the ad ecosystem is so huge and the demand for advertising space, for high quality ad placement, is high. As a result, the number of ad networks competing to get their content slotted into your site is also very high.
There's a reason why there are 600-plus ad networks out there. It's because there's demand and money to be made in serving up those ads. So while you may have partnered with some good advertising networks, they are part of an ecosystem that is still a bit of the Wild West. At the end of the day, these ad networks are driven by the need to put an ad into a slot on a website. So they will search out new content providers that can fill that need.
New ad networks are coming up constantly. And ad networks are changing.
One day they may be great, but the next day they may have a new ad in circulation that violates your policies – that places tracking cookies in violation of your policy, for example. So your ad partners themselves, as hard as they may try, cannot guarantee that things will always be sweetness and light.
You as a good manager of your site have to continually go through that due diligence process to not just investigate and partner with good companies, but to continually ensure that those companies are delivering on their promise.
Benchmark: So we see a lot of the downside to taking privacy lightly. But what’s the upside? What’s the opportunity that is presented by good privacy practices?
Ray Everett: Good privacy practices are a definite brand builder. There is an aspect of privacy that is hard to quantify, in that privacy is most noted in its absence. So typically when a privacy problem arises, at that point your brand suffers.
There is a perspective on protection that good practices give you. Building strong privacy policies, and systems for reviewing and ensuring compliance, helps prevent the negative consequences – damage to brand, damage to reputation, breach of consumer trust.
So you'll see few consumers dancing in the streets about how wonderful the privacy protections are at a particular site. But you will see them riot in the streets when their privacy is breached.
Benchmark: What is your advice to website owners? How do they keep from getting stung by this whole issue?
Ray Everett: First of all, they should not fear monetization of their website. They should not fear advertising because there is great value to be had. And good targeted advertising can be not only a value to the website publisher, but also to the visitors of the site.
If ads are delivered in intelligent context and at appropriate times, they can be very well-received and highly effective. So do not fear advertising. But do understand that it is in some sense playing with a bear trap. And if you make a wrong move, that trap can spring shut.
While you have to go boldly forward and seek to monetize your site in a responsible way, you have to be aware that things can go wrong. And you have to plan accordingly.
About Ray Everett
Ray Everett is director of privacy services at Keynote. He’s been called the “dean of corporate privacy officers” byInter@ctive Week magazine for his role in establishing one of the world’s first corporate chief privacy officer roles and helping to create the first professional certification organization for the privacy industry. Ray has more than 15 years of consulting experience working with more than a dozen Fortune 500 companies, as well as extensive experience working with start-up companies creating privacy-related products and services. He is a co-author of Internet Privacy for Dummiesand Fighting Spam for Dummies, has testified before Congress, and has worked as an expert witness in several groundbreaking Internet privacy lawsuits. A native of the Washington D.C. area, Ray holds a law degree from George Washington University.