Privacy – More or Less

As marketers, we should be gravely concerned about the questions of privacy and the ethics surrounding collection and use of what many email recipients consider private information. Please bear with me as I continue my commentary on the topic

As marketers, we should be gravely concerned about the questions of privacy and the ethics surrounding collection and use of what many email recipients consider private information. Please bear with me as I continue my commentary on the topics.

The line between business and marketing email is often blurred, and what affects one nearly always affects the other. Not surprisingly, privacy—and the lack thereof—is of heightened concern to businesses and individuals alike these days. With new and frequent discoveries concerning alleged abuse by both government and private agencies, this shows no signs of diminishing.

Google Is on the Hot Seat
It’s easy to despise Google. The company is a ridiculously successful behemoth that collects an immeasurable amount of data they then choose to use, sell, share and—seemingly arbitrarily—withhold in their quest to profit from what many recipients of email believe to be private thoughts, browsing experiences, correspondences, search phrases and more.

In two separate cases, Google’s collection and use of email data is being challenged.

In the first, a group of private email users have claimed Google illegally intercepted, read, and mined information from their private email correspondence in order to better understand the recipient’s profile and deliver targeted advertisements. (Wait. That sounds a bit like what I do as a marketer …)

In September, California Judge Judy Koh rejected Google’s bid to dismiss the case based upon their argument Gmail users had agreed to allow interception by accepting the company’s terms and privacy policies.

As the legal wrangling ensued, the lawsuit lost a bit of steam when the judge ruled these plaintiffs could not band together in a class-action suit because the proposed classes of people in the case aren’t sufficiently cohesive. Her ruling may well impact a number of other email-privacy cases in which she will be asked to rule, including lawsuits against Yahoo and LinkedIn. (In other cases, Facebook and Hulu are defending their right to monetize their members’ data.)

In a submission to the court, Google has said users of Google’s email service Gmail should have no “legitimate expectation” that their emails will remain private. A “stunning admission” of the extent to which internet users’ privacy is compromised, proclaims Consumer Watchdog (CW), a US pressure group.

This causes me to ponder: Yes, of course, Google collects more information than we do—but is it simply because they can? If we, as marketers, had the ability to collect to the same degree, would we? Is the difference between Google and my company the temperance with which the small business (compared to the conglomerate) would collect? As I said in my last blog, Spider Trainers—and other marketers—should proceed carefully, respectfully, and exercise care in not just what to collect, but how to use it. But is that a distinction without a difference to the average recipient?

Students’ Consent
In a similar lawsuit, students in California have come toe to toe with Google claiming the company’s monitoring of their Gmail violates federal and state privacy laws. This case, being heard by the U.S. District Court for the Northern District of California, was brought by nine students whose emails were subject to Google surveillance because their accounts were provided in part by Google in their Apps for Education suite; a suite touting more than 30 million users worldwide, most of whom are students under 18.

Google admits to scanning student emails to serve students targeted advertisements even though display ads are not shown in Apps for Education. Contained in a sworn statement, Google “does scan [student] email” to “compile keywords for advertising” on Google sites.

What’s different about this case is the age of the typical recipient. FERPA (Family Educational Rights and Privacy Act) issued in 1974, ensures the privacy of records of students under the age of 18 and, as big as Google is, they should not be immune to legal constraints of this act. Like the previous case, the students are seeking class-action certification for the case.

This begs the question: Are marketers immune? Perhaps in our B-to-C events, we too must be mindful of the age of our audience. Certainly we know that we are collecting more than most of our recipients imagine. What preteen suspects that emails from her favorite store are actually vehicles for accumulating information about her buying behaviors in order to send her more relevant email offers?

Extending Acceptance
The pivotal topic in many of these Google and Gmail users discussions should be this: Even if the sender understood and agreed to the terms and conditions, that consent could not and should extend to the recipient who has not consented and who is probably unaware their data and profile is being assimilated from these communications. The Electronic Privacy Information Center (EPIC) is also concerned about Google’s ability to build detailed profiles of Gmail users by augmenting email-collection data with information collected by Google’s search-engine cookies, though Google denies such cross referencing occurs.

The Government
For most adults, searches are easily defined. If law enforcement suspects of us wrongdoing, they get a warrant, search our house, our car, our locker, and then seize the evidence of a crime. With an email account—be that Gmail or any other—it’s different. Emails are seized first and then searched for evidence. It’s similar in approach to the argument of the Obama administration for collecting every American’s phone records—law enforcement doesn’t know what is relevant until they have reviewed it all. In other words, it’s a fishing expedition on a grand scale.

So, it’s not just the private sector misbehaving if a federal judge has found it necessary to admonish our own justice department for requesting overly broad searches of people’s email accounts—nearly all of whom have never been accused of a crime. It’s widespread, but worse; all data collectors are at risk of being painted with the same brush. It’s coming to this: If you’re collecting data, you must be committing some sort of offense in the form of invasion of privacy, and perhaps even acting illegally. (Wow! All I wanted was to send you a personalized dog food coupon because you have three mastiffs and a poodle named Fred, Pete, George, and Ginger.)

In this case against the justice department, Judge Facciola concluded prosecutors must show probable cause for everything they seize – especially since it is possible for companies to easily search for specific emails, names, and dates of content relevant to an investigation. It’s therefore not necessary to ask for all electronically stored information in email accounts, irrespective of the relevance to the investigation.

Education
It’s going to become necessary to become educators—we marketers must educate our clients on appropriate collection and use in order to delineate what we do from what is happening with Google, NSA, Yahoo, and others. Without our input, and our self-regulation, it is quite possible that we will be spoon-fed rules of engagement—and likely that those rules will reduce future access to less than what we have now.

With the caching of images and relegation of email to specific tabs, Google is already getting in between us and our recipients by intercepting data to which we’ve already become accustomed. It’s a slippery slope to be sure, but we do have an opportunity to steer this downhill roll in a direction that will protect our ability to be good marketers in a healthy balance with the privacy of our recipients.

In Other News…
In an ongoing case, a U.S. appeals court has again rejected Google’s argument that it did not break federal wiretap laws when it collected user data from unencrypted wireless networks for its Street View program.

In the U.K., the High Court ruled Google can be sued by a group of Britons angered when using Apple’s Safari browser by the way their online habits were apparently tracked against their wishes in order to provide targeted advertising. Google asserted the case is not serious enough to fall under British jurisdiction.

Microsoft is feeling the heat after acknowledging it read an anonymous blogger’s emails in order to identify one of their employees suspected of leaking information. The FBI was involved only after the emails had been read.

Maybe I need a new blog: Privacy Erosion.

Don’t Be Creepy: Using Robust User Data for Ad Targeting While Respecting Privacy

When your brand possesses or has access to data that provides deep visibility into user interests, you should use that visibility to create more relevant ads, thus increasing performance while limiting costs. But with deep visibility comes deep responsibility to respect privacy. The fastest way to hurt performance is to cross into the creepy zone. Don’t be a creeper.

Google announced that on March 1 it will be updating its privacy policy to enable the integration of user data across Google properties. As it integrates more cross-property data, including information on user interests and demographics, Google can provide advertisers with more robust and precise targeting capabilities in search and display.

For instance, Google may uncover a certain person’s interests through their interactions on Gmail and Google+. This capability may someday enable an advertiser to direct search or display ads to that person based on those interests.

Although users can opt out of the experience and adjust and delete information that Google has collected, the privacy policy update has been met with some backlash. Lawmakers in the U.S. and European Union have asked Google to explain why the changes are necessary and how privacy will be protected. A privacy advocacy group sought a court order directing the FTC to sue Google, and sites like Gizmodo have urged people to take control of their privacy by switching to various non-Google-owned properties for search, email, social, photos, docs and video.

Assuming Google goes forward with the update and activates the potential for more robust targeting options, advertisers should keep a few things in mind to increase performance while respecting privacy:

1. There’s a fine line between appropriate and creepy. Ads that are more tailored to a person’s interests are more likely to satisfy that person’s needs. However, many users would prefer that advertisers don’t know everything about them. If a user sees an ad that’s eerily related to a Google+ or Gmail conversation they’ve just had with a friend, a line may have been crossed.

2. Users will blame you. Creepy ads harm people by making them feel as if they’ve been unwillingly observed. But who’s responsible for this unwanted observation? Technically Google observed the user, but the average web surfer doesn’t think about what’s happening behind the scenes. Users ask, “How did this brand know that about me? Have they been watching me?” Creepy isn’t always a label that users attach to Google (or Facebook or any other advertising platform). It’s a label attached to brands that push the platform’s capabilities too far.

3. Just because you can doesn’t mean you should. Users must agree to the new privacy policy in order to sign in to Google. Google provides an easy means within its Ads Preference Manager to opt out of customized or personalized search and display ads. Thus Google’s informing its users, obtaining their consent and providing them with privacy controls. But just because a person consents or fails to adjust their ad preferences doesn’t mean that it’s open season for creepiness. People shouldn’t have to choose between using Google and avoiding the creep factor.

As a marketer, don’t think that people agreed to diminish their right to privacy in order to use Google or another service. Respect privacy as a right that can’t be diminished, no matter whether a person opts in to a privacy policy.

When your brand possesses or has access to data that provides deep visibility into user interests, you should use that visibility to create more relevant ads, thus increasing performance while limiting costs. But with deep visibility comes deep responsibility to respect privacy. The fastest way to hurt performance is to cross into the creepy zone. Don’t be a creeper.