Performance Roel van Rijsewijk

Pakhuis de Zwijger, Amsterdam2 december 2010 Pakhuis de Zwijger, Amsterdam2 december 2010

Performance Based Advertising en het Privacy DebatHet einde van performance based advertising zoals we dat nu kennen?

Pakhuis de Zwijger, Amsterdam2 december 2010

“Who” 1.0: Behavioral• Registration• Frequency• Retargeting• Contextual

story• Segmentation• Look-a-likes• Predictive

targeting


“Who” 2.0: Intent

• Purchase– Funnel

• Research, comparison, price, location


“Who” 3.0: Social• Self-image

– What do I say about myself?

• Social Graph (friends)– Who do I “hang around” with?

– Influencers

• Conversations– What do I say?

– When do I speak? (initiate, listen, participate)

• Congregate– Where do I hang out?


…and beyond

• Matching– Online to online– Offline to online

• Real-time exchanges– Ad exchange– Data exchanges


Why Internet?

• It’s new !• Easy collection and distribution• Concentration of “power”• What goes on the Web, stays on the Web, and, alas everyone’s on the Web

http://www.google.nl/imgres?imgurl=http://www.frankwatching.com/wordpress/wp-content/uploads/2009/12/danger_internet2.jpg&imgrefurl=http://www.frankwatching.com/archive/2009/12/12/betekent-internet-het-verlies-van-ons-collectief-geheugen/&usg=__XyEJlBu7bU927FAX9gKxNwkjwY0=&h=357&w=500&sz=67&hl=nl&start=4&zoom=1&um=1&itbs=1&tbnid=3bBlvIjWbn5fpM:&tbnh=93&tbnw=130&prev=/images?q=internet&um=1&hl=nl&sa=N&rls=com.microsoft:*&tbs=isch:1


Social Media

0.00000068% of facebook users joined "we are quiting facebook"


Niets te verbergen ? Dan heb je een heel saai leven.......


Drie Zorgen• Hoe wordt persoonlijke informatie gebruikt ?

• Hoe wordt persoonlijke informatie beschermd ?

• Wie is verantwoordelijk ?

Drie Principes• Leg duidelijk uit waar je de informatie voor gebruikt

• Verzamel alleen die informatie die je nodig hebt en gebruik het alleen waar je het voor nodig hebt

• Beveilig het goed en bewaar het slechts zolang je het nodig hebt


•Personally Identifiable Information (PII) is generally defined as any information relating to an identified or identifiable natural person. •Examples include (but are not limited to):

Health Information

• Medical records• Health plan beneficiary information• Physical or mental health information• Provided health services or any information collected during the health service

Financial Information / Special Handling PII

• Government identifiers (Social Security Numbers)• Account numbers (bank accounts, credit cards, etc.)• Personal Identification Numbers (PINs) and passwords to financial accounts

Sensitive Information

• Racial or ethnic origin• Religious or philosophical beliefs• Trade-union membership• Health or sexual orientation• Offenses, criminal convictions or security measures• Combinations of certain information (e.g., name and ssn)

Personal Information

• Name• Gender• Date of birth• Home address• Personal telephone number• Personal email address• Biometric identifier• Photograph or video identifiable to an individual• Behavioral information (e.g., in a CRM system)


•Personally Embarrassing Information (PEI) is generally defined as any embarrassing information relating to an identified or identifiable natural person. •Examples include (but are not limited to):


Personally Identifiable Information?


Doubleclick Inc. Privacy Litigation, March 28, 2001

• “ …..Doubleclick's purpose has plainly not been to perpetrate torts on millions of Internet users, but to make

money……”


Plaatselijke verschillen

* U.S. *The prevailing concept is that once an

individual provides PII to an organization, the organization becomes the data

owner.Baring any sector-specific privacy

legislation, the organization can determine the use of that information.

* EU*The prevailing concept is that the

individual data subject retains rights in his/her PII.

The organization has the responsibilities of a custodian for protecting that PII and using it only in

accordance with the rights conveyed by the individual.

* APEC *The prevailing concept is accountability.

Organizations must design privacy protections to prevent harm to individuals

from wrongful collection or misuse.The organization is accountable and obligated to exercise due diligence.


The prevailing concepts have led to many different laws throughout the world

AustraliaFederal Privacy Amendment BillState Privacy Bills in Victoria, New South Wales and Queensland, new email spam and privacy regulations

European UnionEU Data Protection Directive and Member States Data Protection Laws

South AfricaElectronic Communications and Transactions Act

US FederalGLBA, HIPAA, COPPA, Do Not Call, Safe Harbor

Hong KongPersonal Data Privacy Ordinance

Canada Federal/ProvincialPIPEDA, FOIPPA, PIPA

JapanPersonal Information Protection Act

ChileLaw for the Protection of Private Life

South KoreaAct on Promotion of Information and Communications Network Utilization and Data Protection

IndiaLaw pending currently under discussion

New ZealandPrivacy Act

ArgentinaPersonal Data Protection Law, Confidentiality of Information Law

PhilippinesData Privacy Law proposed by ITECC

TaiwanComputer-Processed Personal Data Protection Law

Numerous State LawsBreach NotificationStates from CA to NY


“Trying to control information in the network age…

…is about as successful as pissing into the

wind”

(Keith Henson)


Borderless Internet??

http://www.google.nl/imgres?imgurl=http://digitaldaily.allthingsd.com/files/2008/02/yang_sad.jpg&imgrefurl=http://fakesteveballmer.blogspot.com/2008_06_01_archive.html&usg=__YRcSJqwh4cxl28GiOU23gj4i7pw=&h=240&w=350&sz=15&hl=nl&start=7&zoom=1&um=1&itbs=1&tbnid=SBMmjuYm_IJ1OM:&tbnh=82&tbnw=120&prev=/images?q=yahoo+yang&um=1&hl=nl&sa=N&rls=com.microsoft:*&tbs=isch:1


EU: Wijziging van de Telecommunicatiewet

Meldplicht voor inbreuken in verband met persoonsgegevens en meldplicht voor veiligheidsinbreuken en het verlies van integriteit

Voor het plaatsen van een cookie moet vooraf toestemming aan de eindgebruiker worden gevraagd (opt in).


Draft privacy wetgeving door Rep. Rick Boucher

Covered information includes any unique persistent identifier:

• Internet Protocol address• Other unique identifier used to

collect, store, or identify information about a specific individual or a computer


Enkele ‘hoogtepunten’• Consent requirements on the collection of data• Delivering privacy notices before the commencement of information collection• Express affirmative opt-in for the transfer of data to Third Parties• Requiring consent when changes are made to policies governing the

prospective collection of information


Kalf is nog niet verdronken......


......maar afwachten dan?


How Companies Have Gotten Into Trouble

• Misrepresenting the purpose for collecting PII• Failure to adequately train personnel on privacy • Disclosing, sharing, or selling PII to third parties contrary to

the organisation’s privacy policy• Exporting PII contrary to the privacy laws of the originating

country• Misrepresenting the security protection of PII


Less Aggressive

Aggressive Privacy Initiative

RegulatoryRequirements

BrandImage

Time

Value

Regulations

CompetitiveAdvantage vs. Increased Risk

Privacy as a Strategic Decision


MeetLegal

RequirementsLetter of the Law

Spirit of the Law

Digital Dilemmas

Accessibility

Trust in a Digital World

Accuracy Property

Privacy


Enhancing trust, as a measure of how much consumers, advertisers and suppliers trust in digital and online services, is becoming a key growth enabler—or inhibitor—for the digital economy• .

Market for Trust in a Digital World2009 Booz Hamilton report ‘Digital Confidence’


US Self Regulatory Industry Initiatives

NAI Opt Out Tool

http://www.networkadvertising.org/managing/opt_out.asp

http://www.google.nl/imgres?imgurl=https://juniperhealth.com/images/icon-truste-temporary.png&imgrefurl=https://juniperhealth.com/privacy-policy&usg=__sQXOaG7EDEvU1eRW6hlmVOrNSuI=&h=100&w=74&sz=7&hl=nl&start=16&zoom=1&um=1&itbs=1&tbnid=sKF49OQptPSZiM:&tbnh=82&tbnw=61&prev=/images?q=truste+icon&um=1&hl=nl&sa=X&rls=com.microsoft:*&tbs=isch:1


An investor’s perspective on targeted advertising

• Does it work?• Who owns the data?• Who can share/trade/match this data?• When does it become personal?• When does it become weird?• How many non-PII data points = PII?• Art vs. Science of targeting• Regulation: Self vs. State


Key Take Aways

• Huidige voorstellen voor regelgeving hebben waarschijnlijk geen enorme impact

• Totdat het een keer verschrikkelijk misgaat (een grote misser, of enorm veel kleine)

• Dus, regulate yourselves, before you get regulated !

Performance Roel van Rijsewijk

Documents

Transcript of Performance Roel van Rijsewijk