Google's new "Interest Based Advertising" (IBA) program represents the company's first foray into what is generally called "Online Behavioral Advertising" (OBA): In order to deliver more relevant advertising, Google will begin tailoring ads delivered through AdSense on the Google Content Network (GCN) and YouTube.com (but not Google.com). This tailoring will be based on a profile of each user's interests created by tracking their browsing activity across sites that use AdSense-but not search queries or other user information. Until now, (i) AdSense has delivered essentially "contextual" advertising by choosing which ad to display on a page based on an algorithmic analysis of keywords on that page; and (ii) Google has tracked users' browsing only for analytics purposes-to limit the number of times a user sees a particular ad (to prevent overexposure) and to allow sequencing of ads in campaigns where one ad must follow another.
Google is sure to be attacked for crossing a "line in the sand" drawn by some privacy advocates between contextual and behavioral advertising-even though Google's closest competitor, Yahoo!, already offers a similar program, and the concept in general is hardly new. Google's position as the leading search engine and third party ad-delivery network will no doubt cause paroxysms of privacy hysteria among those who consider targeted advertising inherently invasive, unfair or manipulative.
But those whose first priority is advancing consumer privacy, not advancing a political or regulatory agenda, should applaud Google for excluding sensitive categories and for putting the new Ad Preference Manager at the core of the company's new IBA program. The Ad Preference Manager sets a new "gold standard" for implementing the principles of Notice and Choice, which have formed the core of both OBA industry self-regulation and the various regulatory proposals made in recent years. Indeed, Google has done precisely what Adam Thierer and I have called for: giving consumers more granular control over their own privacy preferences by developing better tools.
How Google's Ad Preference Manager Works
For years, debates about how OBA should be regulated (whether by industry or by government) have revolved around two key questions:
Notice: How should consumers best be informed about the data that's being collected about them, how it's being used, by whom, and so on?
Choice: How should consumers be given the ability to opt-out of tracking for OBA purposes?
While there are significant philosophical disagreements about some aspects of these debates-such as whether the default should be opt-in or opt-out-much of the debate has come down to questions of implementation that may seem trivial or easily-solved to lay people: Where should notice be provided? If notice is provided in ads themselves, what should the link say and how big should it be? By what technological means should users be able to opt-out of tracking? Google has provided an elegantly simple solution to these questions.
Google provides "notice" to users in two ways:
In the ads. In the bottom left corner of each AdSense ad on sites in the GCN, users will see the URL for the advertiser's website. This is already the case for all text ads, but not for display ads. In the bottom right corner of both display and text ads, users will see an "Ads by Google" link. Thus, the ad itself provides the user notice of (i) who's paying for the ad and (ii) who's serving it.
In the Ad Preference Manager. If the user clicks the "Ads by Google" link, they will see which of the ~20 categories and ~600 subcategories have been associated with the tracking cookie in their browser. Thus, Google provides notice to the user of what's in their so-called "digital dossier."
Google provides "choice" to the user in two ways:
Editing categories. The Ad Preference manager not only shows the profile that has been algorithmically assembled of their likely interests, but it lets them decide for themselves which categories they're really interested in. If a user finds that they have been placed in the "Automotive > Motorcycles" category but actually owns a SUV, they could select "Automotive > Trucks & SUVs"-or no Automotive category at all.
A persistent opt-out. Users can decide to opt-out completely from having their data collected for IBA purposes. That choice will be respected in the future, and will therefore be "persistent."
The Persistent Opt-Out Plug-in
For roughly a decade, the OBA industry has operated under a self-regulatory scheme developed by the Network Advertising Initiative (NAI). NAI lets users opt-out of receiving ads based on OBA targeting. But privacy advocates have objected on three grounds:
First, privacy advocates argue that it's currently too hard for users to find the NAI opt-out tool since users don't know which ad network is serving which ads and there's no obvious way to get from an ad to the opt-out option. Google moots this argument by making its opt-out easily accessible to anyone who clicks on the "Ads by Google" link that appears beneath every IBA-targeted ad.
Second and most importantly, privacy advocates decry NAI's opt-out because it isn't "persistent"-i.e., it requires the placement of a special "opt-out cookie" on the user's computer, which may be inadvertently deleted when users delete all their cookies. Indeed, many users do precisely that on a regular basis through either their browser or antivirus software-thus erasing their own opt-out choice. Google moots this argument too: While Google's opt-out also relies on a special opt-out cookie, Google has created an easily installed plug-in for the two most common Web browsers, Internet Explorer and Firefox, that ensures that the opt-out cookie is automatically recreated even if a user deletes their cookies. For the Chrome and Safari Web browsers (which do not support plug-ins), Google has outlined a simple procedure whereby users can achieve the same result.
Third, many critics worry that any cookie-based opt-out mechanism still involves sending data to ad networks that the ad networks could use to track users-despite promises in their privacy policies not to do so. Even though the FTC can enforce such policies, it may be difficult for users to determine what the ad networks are doing with the data they receive from users that have opted out of tracking. Although Google's system seems to be no different in this regard from how other NAI member companies handle opt outs, truly privacy-sensitive users could easily address this concern by configuring their Web browser to not send any data to these networks and/or not allow any persistent cookies, as we've discussed in our Privacy Solutions Series.
A Superior Solution to a "Do-Not-Track" Registry
The privacy advocates who lambaste the inadequacies of the NAI opt-out system have demanded the creation of a government-run "Do-Not-Track" registry loosely modeled on-but very different in practice from-the FTC's Do-Not-Call registry, by which over 170 million Americans have opted out of receiving telemarketing calls. Google's Ad Preference Manager provides a better system.
First, it proves that the "persistency" problem can be solved. In fact, since Google's plug-in is open source, these privacy advocates may be able to use it to create a browser plug-in that works for opt-out cookies from other NAI member companies. Indeed, given how simple Google's plug-in is, one wonders why they didn't do this when NAI's Opt-Out Tool was first made available. Perhaps the technologists at these organizations have spent a little too much time developing elaborate regulatory solutions and too little time focusing on empowering users. Or perhaps these organizations simply decided that creating such a tool would undercut their argument that only government intervention could protect users' privacy. Ironically, some of the organizations pushing Do-Not-Track have joined us in emphasizing the effectiveness of user empowerment tools in other contexts-such as online child protection, where parental control software offers a more effective alternative to government regulation of Internet content that also does less to restrict constitutionally protected speech. Even more ironically, their Do-Not-Track proposal specifically calls for the development of browser-based tools to implement the government-maintained Do-Not-Track database. In an era when anyone can write a browser plug-in that can achieve wild popularity (such as the roughly 43 million downloads of the Firefox plug-ins AdBlock Plus and NoScript), these advocacy organizations have little excuse for not practicing what they preach.
Second, Google has set a new standard in both Notice-by including a link to the opt-out in every ad-and Choice-by respecting user's opt-out preferences. Other ad networks now face intense pressure to catch up with, or outpace, Google by implementing the same kind of Notice and Choice. Indeed, NAI will now be expected to improve its own opt-out system with a browser plug-in capable of preserving opt-out preferences for all of its members' ad networks. To the extent that this plug-in might work better with cooperation from the ad networks, that cooperation should now be more forthcoming than ever.
Third, if these privacy advocates' real objection to any cookie-based opt-out system-whether the NAI opt-out tool or Google's plug-in-is uncertainty as to whether opt-out preferences would really be respected by ad networks that continue to collect tracking data (as discussed above), who better than Google to lead the market in setting higher standards for privacy protection? Ultimately, these standards will be, and should be, enforced by the FTC under its existing authority to punish unfair and deceptive trade practices.
What This Episode Says About Google
Some privacy advocates will argue that Google is just too big-and therefore too "scary"-to be allowed to engage in OBA, and may try to paint Google's entry in the OBA marketplace as a net loss to privacy, notwithstanding the extremely pro-privacy way in which Google has implemented its "IBA" service. But if this incident demonstrates anything about Google, it's the following:
First, it's no accident that Google is now leading the pack of third party ad networks by developing innovative solutions that respect consumer privacy. Unlike most third party ad networks, Google is directly focused on the demands of consumers: In addition to the ad network they acquired from DoubleClick, of course, Google offers consumers a wide array of other online services (search, email, maps, etc.). Because these services (and their competitors) are all free, Google has to compete in what economists call "non-price terms"-such as privacy. So, Google has a lot to lose by alienating its users and a lot to gain by being seen as a leader in privacy protection. Would an independent DoubleClick have taken so much care to address privacy concerns? As the developer of a competing search engine once said about the Internet search industry, ''you earn your right to be in business every day, page view after page view, click after click.''
Second, it's no accident that Google was a late-comer to the OBA market, lagging behind Yahoo! in particular. The most likely reason Google has taken its time in rolling out an OBA product is that Google is subject to a unique level of scrutiny by privacy advocates by virtue of its size. Being the "big kid on the block," Google has to be especially careful not to appear to be "Big Brother." This reputational check on Google should allay some concerns about Google's size.
Third, this episode also demonstrates the advantages of having a player like Google large enough to be able to singlehandedly set a new paradigm in privacy protection. Google risks alienating some advertisers and publishers with its bold empowerment of users, but was willing to take those risks because of its incentives as a consumer-facing company and able to do so because of its leadership in the marketplace. Uncomfortable as this reality may be for those who fret about antitrust issues and indeed for Google itself, the simple reality is that sometimes it takes "big dogs" to make self-regulatory systems truly effective. For example, the video game industry's highly effective content rating system has worked because the titans in that field were big enough to push through a tough system and keep it working. Similarly, Microsoft has led the way for years in empowering users by offering in Internet Explorer the most sophisticated cookie management tools available in any browser, as we've discussed. In a nutshell, privacy leadership requires scale.
Google's Ad Preference Manager, with its persistent opt-out plug-in, offers precisely the kind of robust opt-out that privacy advocates have always demanded. Google deserves a rousing "Amen!" from privacy advocates. But those who respond to this program by insisting that "more needs to be done on how to educate people and tell them how to opt out," are right in two senses. First, Google has shown other ad networks how to do more to empower users. I am confident that they will rise to that challenge by continuing to refine self-regulation through technological innovation. Second, this is by no means the last word in privacy protection from Google, which operates in the midst of continually-evolving privacy standards. I expect Google and competing ad networks will continue to innovate in developing technologies that empower users to manage their own privacy-and that this competitive "race to the top" will improve online privacy protection in a broader sense beyond just advertising by putting pressure on other online service providers to improve their privacy practices and policies.
But I fear that too many privacy advocates will instead see this as just another reason for the government to intervene-perhaps because of fear of Google engaging in OBA or because they think the government, not Google, should be developing privacy solutions. Or perhaps they think Google's system shows that a system of government-mandated solutions really could work. To the contrary, Google's approach is precisely the kind of innovation that would be discouraged by pre-emptive government regulation. Worse, those who would freeze privacy protection in place would also freeze in place much of the Internet itself, precluding development of new business models that would compete with Google, allaying concerns about competition and benefiting consumers. Why preclude broadband providers, for example, from figuring out how to deploy ad-targeting technologies in a manner that does as much to empower users with better privacy controls as Google has-especially when this could create a new source of funding for "free" content and services and even discounts on broadband?
I hope instead that the effectiveness of Google's approach will shift the policy debate about protecting user privacy back to an emphasis on the layered approach Adam Thierer and I have outlined, supplementing consumer education, industry self-regulation, existing state privacy tort laws, and FTC enforcement of corporate privacy policies with increasingly powerful technological "self-help" tools that allow privacy-wary consumers to take privacy into their own hands.