thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Monday, April 20, 2009

Privacy International Position on Behavioural Targeted Advertising

A lot of folks have been waiting for this. PI has been working with Google and other online marketers recently to enhance their privacy understanding and practices. But they never openly spoke about the dangers of Deep Packet Inspection and related tracking technologies. In my research paper, I took this as one reason for the fact that UK-based Phorm is still alive, while NebuAd and related US-based companies are more or less out of business, after American net advocacy groups heavily criticised the monitoring of customer traffic by ISPs.

But finally, PI has issued a statement on behavioural advertising, and Alexander Hanff from is even joining their team.

Online Behavioural Targeted Advertising – Privacy International’s position

Privacy International believes that online behavioural targeting for online commercial advertising using the technology of Deep Packet Inspection (DPI) is a dangerous and potentially unlawful technique that is fraught with unethical practice. This industry extends across multiple models and strategies including the use of Deep Packet Inspection, Flash Cookies, Tracking Cookies and other emerging technologies.

We believe that, particularly in the long term, the threat arising from these technologies is of such gravity that commercial organisations must not be permitted to adopt Opt-Out solutions. Without care, industry will within three years adopt a default opt-out platform upon which can be built a limitless spectrum of intrusive technologies. Governments need to legislate in a way that protects the rights of the general public. From any ethical standpoint such interception of web traffic must be conditional on the basis of explicit and informed consent.

We are concerned that almost all the major online commercial players worldwide are moving in this direction. This is not a model that will be limited to issues such as Deep Packet Inspection that has raised concerns in the UK. With Cloud Computing, 3g and 4g Mobile technologies and Public Wifi Networks the issue extends into all markets involved in data communications and increasingly voice communications due to the global take up of Voice Over IP. It is critical that we set the bar now, whilst these technologies are still developing, in order to prepare for the future.

There is an urgent need for the EU and US Congress to recognise that the entire online economy is shifting its business models in the direction of communications interception, almost always at the expense of privacy rights. Seismic shifts are occurring in the online advertising market, and these shifts are polarising on both sides of an economic fault line. Furthermore, globally governments must create and fund initiatives that engage all stakeholders. Care must be made to educate people with regards to what privacy is and why privacy is so important to quality of life. Whereas the commercial sector need to behave ethically and responsibly, society as a whole need to take more responsibility and care with the way they share their personal data. For this to happen education has to play a key role.

Legal protections with regard to these technologies must be enforced. Where organisations can be shown to have acted unlawfully action must be taken. The lack of action against BT Group in the UK with regard to covert trials of Deep Packet Inspection must never be repeated. Corporations that act unlawfully must be prosecuted. (...)


Blogger Andrej said...

Ok, so (informed) consent would most probably be the (only) acceptable legal ground, right. The problem is that getting consent is not a big deal - just offer your subscribers 1EUR per month less for their subscription and they'll be perfectly happy with "a couple of tailored advertisments once in a while". I'm afraid there's no stopping this. Check back to these questions in 5 years' time...

29/5/09 22:34


Post a Comment

<< Home