Alex Goldman: Have you thought about bringing in, say, like an ethicist to, to vet your experiments?

  Christian Rudder, founder of OkCupid: To wring his hands all day for a hundred thousand dollars a year?

— 

TLDR interviews OkCupid founder Christian Rudder about experimenting on its users without informing them.

DNT = Limit Ad Tracking?

"I do not wish to be tracked."

We can translate this into any number of languages.

No deseo hacer un seguimiento. (Spanish)

Je ne veux pas être l'objet d'un suivi. (French)

追跡するたくないです。 (Japanese)

(Thanks Babel Fish).

But what if I relied on a third party to communicate my preference?  How much context would you lose?  What if some of those communications came through intermediaries with a very particular point of view on the issue or with a reputation for posing the question in a leading manner?  We have guidelines for credible polling techniques, and most folks on either side of the ad tracking divide would fail to meet them.

As the industry attempts to build the infrastructure that is necessary to support consumer choice - especially choices that have been made on a global (non-company) level - I would urge us to retain context.  When a consumer makes an honest decision, having been presented with a fairly outlined choice, we should do everything we can to protect and further the effectuation of that choice.

Decisions coming through intermediaries that are vulnerable to tampering, or with a high likelihood of disingenuous presentation, need to be properly segregated.  Perhaps an individual company should process them all, but perhaps not.  Every consumer decision has it's own context and it's own legal standing.  If we blur them together into one universal signal, we rob companies from making any meaningful decision about how they should respond.  Worse, we make the industry substantially more vulnerable to outside tampering, especially if the non-credible and easily hackable signals are mixed with the legally binding signals.

I bring all of this up in the context of DNT and iOS Limit Ad Tracking.

DNT is a standard that remains highly controversial and which all of the trade associations have agreed to avoid until further notice.  One of most concerning aspects of the standard is that browsers remain in control of how the option is presented to users and other 3rd parties, including plug-in providers and security applications, can alter the way the standard is managed.  As an industry, our public position is that the standard is not properly reflective of consumer preferences and could be easily manipulated at large scale.

There has been discussion about the DAA leading an alternate form of DNT, but I wouldn’t assume that the DAA’s effort will necessarily follow the W3C technical specification.  In other words, any form of DAA endorsed DNT should not be assumed to bear any technical resemblance to DNT as we know it today, until we actually see a spec.

In contrast, iOS Limit Ad Tracking is a straight forward, centrally controlled setting that the industry accepts as a valid signal of consumer intent.

We want to avoid the blurring of these signals as we build out the industry's programmatic infrastruture so that we don’t leave the industry vulnerable to illegitimate spikes in DNT header signals (which needn’t reduce coverage) or the dismissal of Limit Ad Tracking signals (which none of us want).

Further, if we blur these signals, we impact our downstream partners, who would be left with a pool of blended data, forced to choose between two unsavory options.

We can't manage our own risk effectively or carry forward a consumer decision unless we preserve the context of that decision.

#studysays that NSA revelations and general concern that US security state is hoovering data indiscriminately will cost US cloud businesses $22-35B over next three years.

“The surveillance revelations will cost the US cloud computing industry USD 22 to 35 billion in lost revenues over the next three year,” said EU justice commissioner Viviane Reding on Sunday (19 January) at the Digital Life Design Conference in Munich.

Reding drew her estimates from a report by the Information Technology and Innovation Foundation, a think tank based in Washington.

Global surveillance programmes and the bulk processing of data by the US and UK intelligence agencies means people are losing trust in US-based cloud businesses, says the report.

@EUPrivacyLawyer with a thoughtful piece on the revised EU directive (#EUdataP - it's not dead yet), including practical guidelines that any #privacy law should meet.  When in doubt, don't pass a law.  Every law has consequences, intentional and otherwise.  Lawmakers should have reason to be confident that their market distortions will be in the public's interest over time.

There’s so much more that could be said, and the above proposals represent just a handful of suggestions that any country looking to adopt new privacy laws—or reform existing ones—would be well-advised to consider. You can form your own views as to whether the EU’s proposed GDPR—or indeed any privacy law anywhere in the world—achieves these recommendations. If they don’t now, then they really should; otherwise, we’ll just be applying 20th-century thinking to a 21st-century world.

#Obama announced specific changes today to incrementally restrict #NSA access to data.  While the changes are clearly a work in progress, they are a significant acknowledgement that the NSA has operated without appropriate safeguards and is undermining confidence in the appropriate use of power by the US government.  Obama is going to be pushed to go further and congress is going to have to help with legislation.

At the heart of the changes will be an overhaul of a bulk data program that has swept up many millions of records of Americans’ telephone calls, though not their content. While Mr. Obama said such collection was important to foil terrorist plots, he acknowledged that it could be abused and had not been subject to an adequate public debate.

“Critics are right to point out that without proper safeguards, this type of program could be used to yield more information about our private lives, and open the door to more intrusive bulk collection programs,” he said.

Mr. Obama said he would forbid eavesdropping on the leaders of allied countries, though he did not offer a list of those, and he pointedly said that the United States would continue to collect information on the intentions of foreign governments.

Mr. Obama made no mention of two of the recommendations of his panel of most pressing concern to Silicon Valley and the business community: that the N.S.A. “not in any way subvert, undermine, weaken or make vulnerable” commercial software, and that it move away from exploiting flaws in software to conduct cyberattacks or surveillance.

The president has been sharply criticized by companies that protest that the N.S.A.'s practices are costing them billions of dollars in foreign sales, as customers in Europe and Asia fear that American products are deliberately compromised by the agency.

Federal Trade Commission commissioner Julie Brill on privacy and CES

The @WSJ covers the quickly developing hyper location market, including @EuclidAnalytics‎ and @getTurnstyle.  A fascinating read that raises all sorts of privacy questions.  It's already in market, with data coming from proprietary wifi signal detectors and licensed carrier data.  Again, the law is trying to catch up, both in the US and Canada.

Mr. Zhang is a client of Turnstyle Solutions Inc., a year-old local company that has placed sensors in about 200 businesses within a 0.7 mile radius in downtown Toronto to track shoppers as they move in the city.

The sensors, each about the size of a deck of cards, follow signals emitted from Wi-Fi-enabled smartphones. That allows them to create portraits of roughly 2 million people's habits as they have gone about their daily lives, traveling from yoga studios to restaurants, to coffee shops, sports stadiums, hotels, and nightclubs.

Turnstyle's weekly reports to clients use aggregate numbers and don't include people's names. But the company does collect the names, ages, genders, and social media profiles of some people who log in with Facebook FB -1.77%  to a free Wi-Fi service that Turnstyle runs at local restaurants and coffee shops, including Happy Child

Even as they covet the data, stores and businesses recognize it is a touchy subject. "It would probably be better not to use this tracking system at all if we had to let people know about it," says Glenna Weddle, the owner of Rac Boutique, a women's clothing store that is a Turnstyle client. "It's not invasive. It might raise alarms for no reason."

Viasense Inc., another Toronto startup, is building detailed dossiers of people's lifestyles by merging location data with those from other sources, including marketing firms. The company follows between 3 million and 6 million devices each day in a 400-kilometer radius surrounding Toronto. It buys bulk phone-signal data from Canada's national cellphone carriers. Viasense's algorithms then break those users into lifestyle categories based on their daily travels, which it says it can track down to the square meter.

For example, by monitoring how many times a consumer visits a golf course in a month, Viasense can classify her as a casual, intermediate or heavy golfer. People whose cellphones move at a certain clip across city parks between 5:30 and 8:30 every morning are flagged by the algorithm as "early morning joggers." The company identifies "youth" by looking at phone signals coming from schools during school hours and nightclubs, and home locations by targeting the places phones spend each night.

Our cars are becoming detailed recording devices, with location sensitivity, audio recording, and detailed event logs.  Right now, we don't know when and what is being recorded, and the data can be used against us in the court of law.  Congress is not pleased and neither are the automakers.  Oh, and while all that was unfolding, Google slipped in behind the door.

Cars are becoming smarter than ever, with global positioning systems, Internet connections, data recorders and high-definition cameras. Drivers can barely make a left turn, put on their seatbelts or push 80 miles an hour without their actions somehow, somewhere being tracked or recorded.

Google announced it had a partnership with G.M., Audi, Honda and Hyundai to bring its Android platform to vehicle infotainment systems by the end of this year. At the same time, G.M. said it would start an app shop, where drivers can use apps like Priceline.com to book a hotel room and CitySeeker, which provides information about attractions and restaurants near the vehicle.

@Twitter rocked an @EFF analysis of major tech company's privacy records.  The study focussed on their technical and legal maneuvers to defend user data against government snooping.

The EFF examined how Internet companies responded to government data requests by looking at six criteria.

Requires a warrant.

Tells users about government data requests.

Publishes transparency reports and stats on how often it provides data to the government.

Publishes guidelines for how it dealings with law enforcement requests.

Fights for users’ privacy rights in courts.

Fights for users’ privacy in Congress.

Of the companies listed in the report's summary, only two earned a "star" for all six categories: Twitter and a company called Sonic.net, the EEF said. Sonic.net is a company based in Santa Rosa, Calif. that provides people with Internet access.

Is the 'do no evil' consumer halo for Google beginning to ebb?  A @McCann_WW study suggests that consumer trust in the #GOOG is on the decline.

Asked which companies are the greatest threat to the future of privacy, 59% of 1,100 respondents cited Facebook and 40% said Twitter, according to a survey conducted by McCann. Thirty-two percent pointed to Google, almost doubling from the 18% who said as much when McCann conducted the same survey in 2011.

"It's not necessary that people feel Google or Facebook has done anything bad with data to date. It's what might happen in the future. It's a nebulous fear," said Laura Simpson, global director of McCann Truth Central, during a session on privacy held by Ad Age and IPG in Las Vegas on Wednesday.

By comparison, Amazon topped the list of companies consumers trust with their data, with 73% of respondents citing the e-commerce giant. It's worth noting that a majority of respondents also named Google to this category, but that number fell from 63% in 2011 to 53% in 2013.

CNIL has come down on #Google over their unified privacy statement like a ton of ... croissants?  It's never good to be seen as violating the data protection law of a major EU country, but the substance of the penalty is a complete victory for Google.

The French data protection authority CNIL has fined Google €150,000 ($204,000) over its unified privacy policy, which regulators believe violates European privacy law. The EU data protection authorities are coordinating their anti-Google efforts – Spain became the first to levy a fine last month, relieving the company of $1.2 million.

In a statement on Wednesday, CNIL said Google’s merging of its various services’ privacy policies into a unified policy was in itself legal, but the way in which it implemented that unified policy was not legal.

Now, it doesn’t take a genius to note that €150,000 is chump change for Google, but it is the largest fine ever levied by CNIL. The regulator also ordered Google to put a notice on google.fr over 2 days – within 8 days from today – about the decision.

“This publicity measure is justified by the extent of Google’s data collection, as well as by the necessity to inform the persons concerned who are not in a capacity to exercise their rights,” CNIL said.

Jessica Rich, new Director of the @FTC consumer protection bureau, says her office will focus on native ads and mobile (security, payments).  + health related targeting and kids.

What ad trends are you seeing that could warrant FTC action? 

Native advertising will be a huge and continuing theme in our work. I want to make a broader push into mobile, mobile security, mobile payments, making sure we are able to bring mobile investigations, just as we are able to bring brick-and-mortar investigations.

Canada's #Privacy Commissioner comes after #Google for run-of-the-mill OBA and retargeting on health related sites.  Google is forced to upgrade procedures and systems to avoid the targeting of sensitive categories on its platform.

After searching online for medical devices to treat sleep apnea, the complainant was shocked to be suddenly “followed” by advertisements for such devices as he visited websites completely unrelated to the sleep disorder.

Google says the problem identified during the investigation relates to “remarketing campaigns” – which allow an advertiser to target ads to recent visitors to their site. Google acknowledged that some of the advertisers using its ad service do not comply with the corporation’s policy against interest-based advertising relating to sensitive issues.

The investigation identified shortcomings in Google’s monitoring systems.  The Office of the Privacy Commissioner recommended that Google develop a more formalized and rigorous system for reviewing advertisements for policy compliance. 

In response to the Privacy Commissioner’s concerns, Google committed to:

Provide additional information to advertisers creating remarketing campaigns;

Increase monitoring of remarketing campaigns for possible violations of its policy;

Offer more training to its own staff in addressing potential policy violations; and

Upgrade its automated review system.

#Target has $100M in 'cyber insurance' coverage relating to the #databreach.  But with over 70M records exposed and lawsuits pending ... will that be enough?

Target Corp., which last month had a massive data breach that exposed the credit and debit card information of some 70 million customers, has at least $100 million of cyber insurance, including self-insured retentions, and $65 million of directors and officers liability coverage, according to insurance industry sources.

Initially, Target on Dec. 19 said the data breach during three weeks of the recent holiday shopping season affected 40 million customers. Then last week, the retailer said its investigation showed the breach was worse than anticipated and involved the theft of financial information of 70 million customers. That personal information, the retailer said, included PIN data embedded in customers' credits cards.

#Ford acknowledges that all that onboard tech is creating a huge #privacy problem. One they want regulators to help them out of.  This wasn't how it unfolded in adtech or search.  But I guess Ford doesn't think of itself as a data company.

Drivers’ privacy needs to be protected by law, said Alan Mulally, chief executive officer of Ford Motor Co. (F), as more vehicles add Internet connectivity and location-based services.

The company is “supportive and participating” in talks with regulators who are considering such legislation, Mulally said yesterday at the Detroit auto show. He countered comments made last week by his global marketing chief, who said Ford knows when drivers of its vehicles violate traffic laws.

Farley said on a panel at the International Consumer Electronics Show in Las Vegas last week that Ford, the No. 2 automaker in the U.S., can use global-positioning system technology to know when drivers breach laws.

“We know everyone who breaks the law; we know when you’re doing it. We have GPS in your car, so we know what you’re doing,” he said, according to Business Insider. “By the way, we don’t supply that data to anyone.”

#Target remains in the hot seat over the holiday data breach, with Senators now calling executives to DC for hearings.  You have to be awfully careful when senators push you under oath.

Two U.S. senators were seeking answers on Tuesday from the chief executive of Target Corp about the company's response to the hacking of credit and debit cards of millions of its customers during the holiday shopping season.

"It has been three weeks since the data breach was discovered, and new information continues to come out," Rockefeller and McCaskill wrote. "We expect that your security experts have had time to fully examine the cause and impact of the breach and will be able to provide the Committee with detailed information."

The Target hacking shows the need for federal legislation on commercial data practices, the senators said.