Home Data The FTC Seeks Clarity On Cross-Device Tracking – But Opt-Out Remains A Murky Mire

The FTC Seeks Clarity On Cross-Device Tracking – But Opt-Out Remains A Murky Mire


FTCworkshopIf policymakers, academics, privacy researchers and technologists have trouble making sense of the cross-device landscape, what chance does the average consumer have?

Even the tech-savvy crowd that gathered in Washington, DC, for the cross-device workshop hosted by the Federal Trade Commission on Monday admitted they don’t always have their finger on the pulse, try as they may.

“If it’s hard for researchers to figure out what’s going on, it’s hard for the general public,” said privacy researcher and Stanford University computer science Ph.D. candidate Jonathan Mayer.

For example, Mayer and his colleagues at Stanford recently ran a little experiment under lab conditions to see if they could tell if similar identifiers were being sent across multiple devices. They were able to tell in some cases that identifiers were being passed, but that was based on the limited information they were diligently able to piece together.

It’s difficult to imagine most people taking the time or having the wherewithal to parse the 10, 20, 30 or more Ghostery tags that fill the right hand of their screen as a page loads – assuming they have Ghostery installed or know what Ghostery is.

But the purpose of Ghostery and similar third-party browser extensions is to alert users to the presence of third-party trackers on a site rather than to show users how their data is actually being used.

And cross-device tracking complicates that issue further.

“It is impossible for most consumers who maybe have lesser understanding of online tracking in general and less time they might devote to thinking about these issues,” said Laura Moy, senior policy counsel for New America’s Open Technology Institute, which focuses on tech policy and social justice. “Consumers do know they are being tracked, [but] the fact that they don’t understand the extent of it doesn’t mean they don’t care about it.”

That, arguably, is where the Digital Advertising Alliance and the Network Advertising Initiative step in with AdChoices and the now ubiquitous – but, some would argue, still obscure – little blue triangle icon designed to provide transparency around online behavioral advertising by presenting users with an opt-out mechanism and information on how their data is being used.

On Monday, to coincide with the FTC’s workshop, the DAA released guidance to explain how its self-reg principles apply to browser-based and app-based choices around data collection on one device or one browser and its subsequent use elsewhere. In other words, the DAA is saying that its principles apply to any kind of tracking now, not just cookie-based tracking.

It’s a per-device opt-out policy, meaning that when users opt out on one device, that device becomes what Genie Barton, VP and director of the Council of Better Business Bureaus’ Online Interest-Based Advertising Accountability Program, called a “black hole” – no data to fuel interest-based advertising leaves that device and no targeted interest-based ads come back in.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

That’s different from a universal opt-out, whereby a user’s opt-out choice on one device is automatically applied to that person’s other devices. Although Barton said she believes universal opt-out is the way forward, the industry is “not there yet.”

But there’s a puzzling footnote in the DAA’s guidelines, a little asterisk pointing to this clause on the page detailing user controls: “This control provision does not address choice with regard to the creation of a ‘graph.’”

“It reflects that the graph is leveraged for security and fraud prevention, as well as interest-based advertising,” said DAA general counsel Stu Ingis. “The DAA provides control, but does not want to undermine other consumer protections.”

It seems to imply that there’s no way to get off the grid.

Which is problematic, considering that, although “people know they’re being tracked, at the same time they don’t understand data mining or what’s going on under the hood in a very strong way,” said Joseph Turow, a privacy researcher and professor of communication at the University of Pennsylvania. “And not only do people not fully understand it, they’re nervous about it.”

Through his research, Turow found that 58% of Internet users in the US agree with both of the following statements: “I want to have control over what marketers know about me online” and “I’ve come to accept that I have little control over what marketers can learn about me online.”

Although many stakeholders in the space will aver that consumers are happy to share their data in return for free goods and services, a sort of informed quid pro quo, Turow sees the situation somewhat differently.

“Most Americans are resigned,” he said. “And the more people know about what goes on online, the more resigned they tend to be.”

Although Barton said she believes “people don’t necessarily want to opt out, they want to feel they understand and have a degree of control over what’s going on,” Turow’s research seems to point to a potential flaw in the argument that better consumer education can fix the situation.

Even if 100% of consumers are aware of what the AdChoices icon means, the industry has a serious problem with opacity. Making more information available – what amounts to either meaningless marketing-speak or reams of befuddling techno-speak on how specific ad networks and exchanges operate – arguably obfuscates rather than educates.

“For the most part, consumers have no idea what these companies do, what these random names are,” said Andrew Sudbury, CTO and co-founder of Abine, a company that develops online privacy tools. “I’d be hard-pressed to imagine they actually go to the site and learn more about the 29 companies [that show up through Ghostery] on The New York Times or The Washington Post.”

The technology continues to develop, but the opt-in/opt-out quicksand persists.

“We have historically had a notice and choice framework, an opt-in and opt-out framework, but as data sets become more easily cross-referenceable and aggregatable and data analysis techniques expand, these distinctions mean less and less,” said the Open Technology Institute’s Moy. “Those conclusions could be troubling for the consumer.”

The FTC, which had been collecting public comments in the lead-up to the workshop, will hold the comment period open through Dec. 16.

Must Read

Comic: An ID Bridge Too Far?

Programmatic Companies Wrestle With ID Bridging And What Counts As Fraud

In January, the Chrome browser removed third-party cookies for 1% of users, to facilitate testing of the Privacy Sandbox –  and a new controversy was born.

It’s Open Season On SaaS As Brands Confront Their Own Subscription Fatigue

For CFOs and CEOs, we’ve entered a kind of open hunting season on martech SaaS.

Brian Lesser Is The New Global CEO Of GroupM

If you were wondering whether Brian Lesser was planning to take some time off after handing the CEO reins of InfoSum to Lauren Wetzel last week – here’s your answer.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: S.P. O'Middleman's

TripleLift CEO Dave Clark Abruptly Exits After Setting The SSP On A New Trajectory

Dave Clark, who’s led TripleLift for the past two years, is stepping down, effective immediately, and is being replaced by a coterie of TripleLifters.

shopping cart

Moloco Invests In Its Competitor Topsort As The Retail Media Stakes Go Up

Topsort can lean into Moloco’s algorithmic personalization, while Moloco benefits from Topsort’s footprint with local retailers in the US and in Latin America.

CDP BlueConic Acquires First-Party Data Collection Startup Jebbit

On Wednesday, customer data platform BlueConic bought Jebbit, which creates quizzes, surveys and other interactive online plugs for collecting data from customers.