This has been a rough week for behavioral targeting, a promising advertising technique that uses activity data to display more relevant ads than the old generic banner ads. In theory, this should be good for advertisers and consumers, but this week has seen a firestorm in the UK over the actions of three leading ISPs and a behavioral targeting company named Phorm. This is a cautionary tale for marketers. When activity data is used without permission, behavioral targeting is perceived as online stalking.
In case you haven’t followed the story, three of Britain’s ISPs are being accused of violating British law by using customers’ activity data to target personalized ads. British Telecom, one of the best known names in the industry worldwide, has received the biggest black eye, accused of testing Phorm’s behavioral targeting system with at leasts 18,000 customers. (Other sources report gusts up to 30,000 customers.)
BT asserts that the test was legal, but observers have had trouble understanding how that could be true. The reporting indicates that British law demands such use of activity data (such as browser surfing histories and search histories) be disclosed, but the ISPs do not appear to have done so.
Clearly, this is a public relations fiasco for the companies involved, because they’ve gotten no benefit from using the data in this way while taking hits from the blogosphere and the mainstream press for what they’ve done. What can marketers learn from this story?
First, although it’s obvious, obeying the law is kind of recommended. Now I have no idea if any laws were actually broken, but in a sense that isn’t even the point. The truth is that laws vary from place to place and when you market on the Internet you are subjected to the laws of anywhere your customers come from, which could be anywhere in the world.
You probably need to go beyond the law because your image can suffer even if you’ve broken no laws. Imagine if it is eventually found that no laws were broken in this situation—I think it’s clear that a lot of reputation damage has been done.
So what should companies do? Perhaps the safest way to handle this with a strong opt-in policy, rather than merely disclosing terms in something no one reads. And pinning the opt-in to receiving the service at all seems onerous from an ISP. (Perhaps there’s a way of using what I call an opt-in straddle, also.) Making this optional would seem to serve everyone. If behavioral targeting works as well as I think it can, I believe that consumers will gradually decide they like getting these offers the same way some look forward to receiving their favorite catalog. When the attention is welcome, it suddenly isn’t stalking anymore.
And, as a sidelight, who’s sitting back with a box of popcorn watching this unfold? Google. As I’ve said before, I believe that Google is going slow on personalization, letting others make the missteps before a consensus emerges on the acceptable way to handle privacy concerns, country-by-country, if necessary. At that point, Google will use its considerable activity data and its advertising reach to create an extremely valuable behavioral targeting network that raises minimal privacy concerns. It’s just a question of when Google believes that it knows how to do this without risking a backlash like the one sweeping Britain this week.