Privacy debate continues to rage

By Published on .

Most Popular
Doubleclick has become the main target of online privacy advocates, but the practices of other ad servers and online profilers could soon come under scrutiny.

Consumer groups, which plan to file a Federal Trade Commission complaint against DoubleClick, increased the pressure last week.

All the major ad networks state their case through the non-profit group Network Advertising Initiative (AA, Nov. 8) and its site (

The Center for Democracy & Technology last week launched a site aimed at "exposing" DoubleClick and helping consumers opt out of personal information collection (see sidebar, page 46). The site asks consumers to flood marketers on whose sites DoubleClick serves ads with e-mails urging they not allow DoubleClick to share personally identifiable information.


DoubleClick has long tracked the Web cruising done on PCs by placing "cookies" on hard drives, but couldn't identify users. Now, it has the systems to profile a user based on name, address, demographics and online/offline purchasing data by combining data from Abacus Direct, a direct-mail company it bought in November; Abacus Online Alliance, a new group of sites that pass along personal data provided by consumers; DoubleClick's sweepstakes and online directory sites; and the giant DoubleClick Network, whose "non-personally-identifiable" information becomes identifiable when it is added to a user's profile.

DoubleClick's privacy statement states: "Unless specifically disclosed to the contrary in a Web site's privacy policy, most non-personally-identifiable information collected by DoubleClick from Web sites on the DoubleClick Network is included in the Abacus Online database."

DoubleClick's offline/online data could be attractive to marketers and sites. But its moves are creating a firestorm around it and its repped sites, particularly over the mass of data that now can be identified.


Ari Schwartz, a Center for Democracy & Technology policy analyst, contends DoubleClick doesn't clearly enough disclose that it combines the data.

"DoubleClick is engaging in surreptitious collection of data, and consumers need to opt in, not opt out," he said.

DoubleClick last week issued a statement regarding the controversy: "In the last week, some inaccurate articles have appeared in the press about DoubleClick's business. Those articles have conveyed the false impression that DoubleClick links personally identifiable information without giving consumers notice and choice. Those articles are simply wrong. Furthermore, DoubleClick does not use individual health information, detailed financial information, information of sexual nature and information on children for profiling."

Jonathan Shapiro, senior VP at DoubleClick, earlier said data collection practices adhere to four basic principles: "Value, notice, choice and respect [for the consumer]."

Mr. Schwartz said his group targeted DoubleClick "because it is the largest and has the opportunity to collect vast amounts of information." But he said other companies also combine the data.

For example, Naviant, which bought online registration provider in September, provides outsourced electronic registration services online. The company processes consumers' online registration of computers, software and peripherals for more than 60 software and hardware vendors.

In doing so, the company gains "detailed customer and product information, such as user tracking and product-line branching," according to the company's Web site.

Naviant delivers the data to clients to help them "analyze sales trends, measure marketing campaigns and to generally understand more about your customers."

The problem with this practice, said Chris Hansen, senior equity analyst at Banc of America Securities, is that although consumers submit registration data voluntarily, they think the computer manufacturer is collecting the data, not Naviant.

"Naviant has one of the most complete pictures of you out there," Mr. Hansen said. Through the online registration, "they've got everything at that point," including name, address, e-mail and a cookied browser, which they use to target consumers with online ads, he said.

Naviant ads declare, "New e-Targeting from Naviant combines physical-world data with online identity -- for the very first time. . . . With the acquisition of, we're taking Internet targeting to a new level by integrating actual online and offline identity, demographics and behavior."

Naviant VP-Marketing Jeff Rochester did not return phone calls by press time. Ad network 24/7 Media is a strategic partner of and investor in Naviant.

Meanwhile, CMGI's Engage Technologies, which is buying ad networks AdForce and Flycast Communications Corp., touts its online profiling technology as the best in the business. Engage Knowledge has user profiles based on demographic and geographic data and interest categories.

All user information is kept anonymous, rendering privacy concerns moot, said Dan Kaye, Engage chief technology officer.

"Because it is anonymous, it is innocuous," Mr. Kaye said. "We can't figure out who a consumer is in the real world. Our belief is that the standards and practices we follow are so strong, the privacy advocates recognize that Engage is at a different level of privacy protection than other ad servers and profiling technology," he said, adding, "We do not intend to merge our data with offline behavior and real-world identities until we see overwhelming evidence that consumers will accept this."

But some said even with Engage, online users are cookied on an opt-out, rather than opt-in, basis.

"This is clickstream data, not demographic and not personal [data], but [Engage] didn't get permission to get it," Mr. Hansen said.


Real Media, which represents a network of newspaper and vertical Web sites, sells ads on sites that also collect user data. Real Media said it does not receive any data regarding individuals from the sites, nor does it get information from sites using its Open AdStream ad server.

Real Media does collect certain anonymous user information via cookies "for the purpose of targeting ads and measuring ad effectiveness on behalf of Real Media's advertisers," according to Real Media's privacy statement.

"Real Media can and will develop a successful representation and technology that takes advantage of the one-to-one marketing capabilities of the Internet without violating people's privacy," said Chris Neimeth, president-CEO.

The privacy debate is escalating, with FTC hearings Feb. 4 and a cyberprivacy symposium today at Stanford University.

Congress is watching closely. Sen. Robert Torricelli (D., N.J.) is seeking Senate sponsors for legislation to force Web sites to seek consumers' approval before sharing personal information.

"Rather than opting-out of having personal details shared, the burden should be placed on companies to contact consumers," Sen. Torricelli wrote other senators. "My legislation would require Web sites and Internet service providers to acquire their customer's consent before they release records of his or her personal information to others such as direct marketers."

All companies post lengthy privacy policies on their sites, but the debate rages about whether they are clear and accessible.

"We believe it is not that obvious," attorney Ira Rothken said of DoubleClick's privacy policy. Mr. Rothken represents a California woman who last month sued DoubleClick for unlawfully collecting and selling private information.

In this article: