You may ask yourself, how did we get here?
some background on the privacy rules for digital media. Most of these rules can
be traced back to 1999 when technology firm and ad network DoubleClick
database marketing firm Abacus Direct. Abacus had a large database that
included personally identifiable information.
There’s some dispute about what DoubleClick
was actually planning to do with the Abacus PII. For the purposes of this
analysis, it is less important what DoubleClick was planning. What’s important
is what advocates, regulators and press THOUGHT DoubleClick was going to do
with the Abacus PII: namely, that DoubleClick was going to merge the ad serving
information collected via DoubleClick’s network of sites with the PII collected
via Abacus. To put it mildly, advocates and regulators were uncomfortable with
this practice. And the fallout to the DoubleClick Abacus merger was so severe
that it sent DoubleClick’s stock price tumbling, among other things.
become known as the DoubleClick
Abacus privacy scandal
resulted in the Adtech
industry creating a set of privacy rules
that were mostly focused on the
third-party ad network model (i.e., DoubleClick’s network of sites). Thus, our
industry created a set of self-regulatory rules around privacy that so severely
restricted the merger of ad serving data with PII that it was tantamount to a
the PII merger rules were not absolute. For example, email marketing service
providers like Cheetahmail
have been collecting digital data such as clicks and visits to websites for
nearly 20 years. Similarly, website analytics firms like Omniture
have routinely merged PII
with website surfing data.
you may ask yourself: why can one type of tech company merge PII with ad
serving data, but others may not?
key distinction was drawn in the very early days of digital media: ESP’s and
site analytics companies were the agents
of their advertiser and publisher clients – and generally collected information
across a single site. In other words, ESP’s and analytics companies for the
most part utilized the data they collect only as directed by their clients.
Conversely, ad networks leveraged publisher and advertiser data to create
interest segments for use on other
publisher and advertiser’s sites. By virtue of the fact that they created
interest segments across multiple sites for use downstream, the ad network
model was subject to a different set of rules than the agent models utilized by
ESPs and site analytics firms. The Network/Agent distinction was as much about
intellectual property as it was privacy. Nonetheless, this distinction has
governed the digital privacy world since the year 2000.
here’s the thing. The marketplace was very different back in 2000. Convergence
of ad network and service provider platforms, the growth of social networking,
onboarding of first-party offline data, not to mention nearly a dozen gigantic
entities collecting first party data in a third-party context across a
significant portion of the Internet have stretched the digital ad framework
circa 2000 almost beyond recognition.
The marketplace has changed: is it time revisit the digital
privacy rule set?