Facebook on Beacon: We Don't Collect Info Unless You Opt-In
Last week we wondered if maybe MoveOn was a bit premature in declaring victory when Facebook changed their Beacon advertising system to be explicitly opt-in. Was Facebook still gathering information on your purchasing behavior, even if you had opted out of the program? Computer Associates blogger Stefan Berteau, who reported that Facebook was being sent data about activity on affiliate sites, even when not logged in, wondered the same thing.
Facebook later emailed Stefan the following statement:
"When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically. If a Facebook user clicks "No, thanks" on the partner site notification, Facebook does not use the data and deletes it from its servers. Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well."
While some commenters on the CA blog aren't buying it, Facebook's promise that they aren't collecting user data except from those who opt-in to the program essentially puts to bed fears that the company is gathering user behavior data from outside sites without user consent. But if they were, it would likely violate a number of the privacy policies of their partner sites.
Overstock, for example, says in their privacy policy that purchase information "may be disclosed only to our staff and to third parties involved in the completion of your transaction, the delivery of your order or the analysis and support of your use of the Overstock.com web site." Facebook doesn't sound like any of those things.
It's our own fault for dealing with companies that have questionable privacy policies. Blockbuster, for example, has language in its policy that basically gives it carte blanche to share your name, address, and rental history with third parties. "Blockbuster, its affiliates and franchisees (if permitted by Blockbuster) on occasion may disclose to their business partners certain data, such as names and addresses and the genre of products rented or purchased by Users or Members, so that the business partner may send their own direct marketing communications to Users and Members," reads one passage in the lengthy privacy policy.
Facebook's Beacon concessions may actually be a blessing in disguise for privacy conscious web users. Behavioral targeting is coming of age on the Internet, and more and more web sites are scrambling to collect user data and build profiles of people's interests, location, relationship status, and other personal details that can be used to better target ads. Last year, for example, United Airlines ran a campaign on Yahoo! that used search and weather lookup data to figure out where people were located and where they might be thinking of vactioning and serve ads pairing those two locations.
That sort of targeting has advertisers salivating -- research firm eMarketer predicts that behavioral targeting will be a $3.8 billion industry segment by 2011 -- and it has privacy watchdogs wary.
While we still feel that the user backlash over Facebook's Beacon system was overstated by MoveOn and the media, it was certainly well covered. As users begin to wake up to how much data is being collected by companies, and the sorts of things companies do with that data, you may begin to see changes in the type of behavioral profiling that is tolerated or allowed on the web. As MediaPost reports, privacy inquiries in Europe especially may have a profound impact on the advertising industry because the EU has stronger privacy protections than the US.
Advertisers tread a fine line between getting their ads in front of the right consumers and turning users off because they feel their privacy has been violated. "You want to have enough targeting that a consumer notices the message and pays attention, but you don't want it to be so obvious that they are thinking [there] is targeting," Tracy Ryan, professor of advertising research at Virginia Commonwealth University told the Associated Press. "That would be scary." As consumers become more savvy to the types of information being collected about them, they will be more in tune to ads that are targeted directly at them and that could be a turn off.
What do you think? Does behavioral targeting bother you? Should companies be able to collect data on your web surfing and buying habits and use it to target ads? Leave your thoughts in the comments below.
Share2 TrackBacks
TrackBack URL for this entry: http://www.readwriteweb.com/cgi-bin/mt/mt-tb.cgi/1812
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Josh,
There's a pretty big difference between web companies when it comes to the rights you grant them as a user. I did a quick overview of a few here: http://www.emaildashboard.com/2007/11/how-privacy-and.html
Behavioral targeting does not require knowledge of my personal information. All it requires is a picture of my behavior. The moment a service starts to rely on identifiable information it crosses the boundary from behavioral targeting to targeting based partially on behaviors and targeting based on explicit profile information. And that's fine.. if people opt-in.
But you've fallen into the trap of calling Beacon an opt-in program It's not. It's a service that requires you to optin on a per transaction basis, but one that you are, by default, in. What I mean is that I was never asked if I wanted to opt into the Beacon program with the default being No. Worse, I've been conscripted into the program and I cannot globally opt out of it. I can choose not to opt-in on a case by case basis, but I can't simply go somewhere in my account settings and turn the thing off.
David Weinberger is right... Facebook choose sides and that side it choose was not that of its users.
I want targeting! I'm sick of my attention being directed to ads that I have no interest in just because an advertiser couldn't know that there is no way that I would be interested in their product. Targeting isn't the problem it is control over targeting. If the targeting is under my control then I like it. If the targeting is under the advertiser's control then it is an invasion of my privacy. How many people would be willing to share far more detailed information voluntarily than they are against Facebook collecting involuntarily?
You know, the whole idea of Beacon essentially requires that Facebook find out you interacted with a site, albeit not all the specifics. When an interaction occurs that could generate a Beacon notification, the third-party site has to contact Facebook to see if you're logged in there as well. Facebook then has to check whether you've opted in for that particular site. I'm not sure how you could get around at least this level of information sharing, and it's more efficient for the third-party site to go ahead and send information on the interaction to Facebook.
You're right that the coverage at least makes people aware of what's happening with Internet advertising. Much of Beacon isn't new at all - such techniques have just never involved a specific personal profile like you have on Facebook.
@Rick: Facebook recently changed Beacon such that if you ignore the requests to publish information, that is taken as a "no" -- this essentially makes the program opt-in.
See more info here: http://www.readwriteweb.com/archives/facebook_beacon_changes.php
Multiple-site data tracking of a consumer has been in effect for quite a while. We've been living with it through DoubleClick, Tacoda and many others. Google knows my search history (note: essentially an opt-out philosophy here...).
Data tracking is going to be a fact of life, unless the EU or consumer advocates can force a change.
We should focus not on stopping the tracking, but on instituting policies and controls for the tracked data.
This means TOS and transparency on the part of companies that collect this data. How do you separate PII from the tracked data? What are your plans for using this data? How long will this data reside in your database? What is your policy with regarding to sharing this data with third parties? How do consumers remove their data is the TOS changes?
With this information, consumers can then decide whether they want to participate in the service. And the companies that collect the data can push forward on the business models tied to behavioral targeting.
I disagree with Tracy Ryan that targetting adds should not be too obvious in order not to scare the user. Who are we fooling? Users need to know the possiblities of profile matching and be given the tools to use it to their advantage.
If I as a user can rely on a good targetting system, I will let it guide me in my behaviour. In the long run, this is also in the interest of advertisers. There is no point in using profiling technologies to support an old fashioned broadcast product like advertisement.
It is really frustrating to read these posts on blogs/sources that totally know better, but instead, seemingly carry the water for facebook, acting as PR extension for them.
Allow me to explain how this post reinforces that perception:
The title is wholly misleading. Facebook never said they didn't 'collect' data - they said they didn't 'keep' collected data. There's a world of difference there. Why obfuscate it?
You say, "Facebook's promise that they aren't collecting user data except from those who opt-in to the program essentially puts to bed fears that the company is gathering user behavior data from outside sites without user consent."
What?? Are you serious?? This is a laughable when you consider the context that the damn statement came under. The original CA post was highlighted that FB *Misrepresented* their claims about how Beacon worked. In other words, they lied. Period. They told the NY Times that data was "absolutely not" collected on logged off users. The CA blog/research proved that it is. It was under these circumstances that FB issued this response that you say, puts the issue to rest. Fool me once...?
Finally you say, "While we still feel that the user backlash over Facebook's Beacon system was overstated by MoveOn and the media, it was certainly well covered."
Well, I guess that too was a blessing in disguise. After all, if a top tech blog like Read/Write Web doesn't think that it's a big deal for the most popular site on the web to secretly track its users, won't let them opt-out of it (and is flagrant about that point), and has even been caught misrepresenting the whole thing...well, I guess that it's good that it gets well reported by these other less informed, overreacting sources.