Two of the biggest publishers on the web don't use the advertising industry's standardized ad-privacy program, and it's a problem for even the largest digital-media buyers.
Facebook and Amazon both offer targeted display advertising that can sometimes incorporate behavioral data from third parties. However, while nearly every other relevant media firm, ad network and ad-data firm either uses the industry's self-regulatory Ad Choices program or operates one that can be easily integrated with it, Facebook and Amazon do not.
Regardless, Publicis-owned Vivaki is still required to keep records of the ad campaigns that run on the two sites. It costs extra time and money, and perhaps most important, creates additional privacy concerns.
For its other digital ad buys, Vivaki uses centralized systems from Evidon or TrustE that help advertisers and agencies manage compliance with the Ad Choices privacy program, which is overseen by the Digital Advertising Alliance.
Depending on the size of the ad campaign, it can take anywhere from five to 20 hours of work to produce a required compliance report if the agency doesn't use a centralized system, said Grace Liau, senior VP for Vivaki, which encompasses Digitas, Razorfish, Starcom MediaVest and Zenith Optimedia.
"We need the publishers to adopt the industry standard," said Ms. Liau. "We cannot have everyone embrace it in their own flavor," she said.
Lawmakers and the Federal Trade Commission are stepping up pressure on the ad industry to improve its approach to consumer privacy, and online ad buyers such as Vivaki need to ensure compliance with self-regulatory guidelines.
Centralized reporting systems allow agencies and advertisers to access campaign-compliance information -- for instance, "If the FTC comes knocking and says, 'Hey, I want you to show me proof of compliance,'" said Ms. Liau.
How it works
The Evidon and TrustE systems generate tags that agencies and advertisers include in their ads. Those tags enable the systems to track the campaigns for compliance purposes. Advertisers can log into the systems to see campaign information such as the number of Ad Choices symbol impressions and whether or not the centralized systems enabled ad targeting opt-outs requested by consumers.
When publishers use first-party information gleaned on their own sites to target ads, it isn't necessary to include the standard self-regulatory Ad Choices icon, a small blue triangular symbol that users can click to reveal information about how the ad was targeted and to opt-out from future targeting. Indeed, members of the DAA are not actually required to use the standard icon or the centralized reporting systems from Evidon and TrustE. They must, however, abide by its guidelines of providing "notice and choice" -- information about why a user is seeing the ad and the opportunity to opt out of receiving such ads.
"The DAA AdChoices icon is but one means of providing notice," said Mike Zaneis, senior VP and general counsel of the Interactive Advertising Bureau, which is part of the DAA coalition.
Indeed, some large ad sellers, such as Google and Yahoo, employ their own technologies to comply with DAA guidelines. However, their systems can be integrated with and tracked by Evidon and TrustE, according to Kevin Trilli, VP-products at TrustE, which makes things easier for agencies.
Wavering standards
Many of the display ads served on Facebook and Amazon are targeted using only first-party data and aren't required to use the AdChoices icon, but that 's not always the case. Since Facebook launched its FBX ad exchange, a growing number of ads on the social site are targeted using third-party behavioral data. Those ads are of particular concern when it comes to privacy compliance, said Ms. Liau.
Amazon's notice-and-choice system launches a small window when users click on an "Advertisement" link below display ads. But, unlike the standard system which notifies people within ads about how they were targeted and links to an opt-out page, the Amazon ad window features a short form asking users to rate the relevance and appropriateness of the ad. It is only in tiny print at the very bottom of the site's pages that a link to privacy-related advertising information is found. That Interest-Based Ads page offers links to the DAA and Network Advertising Initiative sites, both of which allow consumers to opt-out from receiving targeted ads.
Another wrinkle: in some cases, TrustE does work with Amazon to enable the icon in ads but not in the standard way that launches a window explaining specific information naming companies involved in targeting the ads. Instead, TrustE creates a landing page with disclosures from Amazon and the advertiser, as confirmed by Amazon and TrustE. If anything, such nuances exemplify the gaps in true standardization in the industry's self-regulatory privacy regime.
The Facebook and Amazon systems speak a "different language" than the standard reporting systems, said Mr. Trilli. "It's not the same thing." For example, when ad campaigns are flighted through TrustE and feature the firm's tags, TrustE can track for compliance. "We know where all the impressions are, we can provide the reporting, it's all automated," he said.
Amazon says it only targets using first-party data, said Ms. Liau. "However what happens is sometimes we overlay third party re-targeting, which they don't have any control over," she said.
Amazon does collect data from other sources, though it's not clear if that information is used for ad targeting. According to its website, it collects "page-view information from some merchants with which we operate co-branded businesses or for which we provide technical, fulfillment, advertising or other services; search term and search result information from some searches conducted through the web search features offered by our subsidiary, Alexa Internet; search results and links, including paid listings … and credit history information from credit bureaus."
Facebook's display ads include an "About this ad" link which takes users to a Facebook page explaining privacy information, or in some cases -- presumably when an ad is served through one of its exchange partners -- to exchange privacy pages that include opt-out information and links.
"They're pushing the edge of what online advertising is doing," said Mr. Trilli regarding Facebook. "You have big massive data stores being created by platforms like Facebook and Amazon, and you don't need (data to come from) multiple sites anymore."
"The self-regulation (community) needs to take a close look at this," he continued, suggesting companies like Facebook and Amazon may warrant a whole new category within the DAA's program. "The platforms themselves have tremendous brands they want to protect ... how long can they remain in this gray area?"