Navigate Through The Privacy Fog, For Your Own Good

joannaoconnelrevised“Marketer’s Note” is a weekly column informing marketers about the rapidly evolving, digital marketing technology ecosystem. It is written by Joanna O’Connell, Director of Research, AdExchanger Research.  

I attended an eye-opening session on “the state of privacy” at this year’s Adobe Summit that reminded me of something I sometimes choose to ignore in all my excitement for what we can now do in digital marketing: In today’s world of hyper-targeting, building and managing robust profiles, delivering unified consumer experiences across the customer lifecycle, we’re standing on a shaky foundation, and most of us don’t really know it – what’s happening under our feet, what it means, and what to do about it.

The session, led by Adobe’s VP, Chief Privacy Officer, Associate General Counsel, MeMe Jacobs Rasmussen, was intended to help companies “navigate through the privacy fog.” The woman clearly knows her stuff. We took a look at a few hot topics in digital marketing through a privacy lens, though my attention was most captured by the discussion around cross device tracking and targeting, “Do Not Track,” and the larger 3rd party cookie question.

Below are a few highlights I came away with:

  • Cross-device marketing: This is a subject that’s heating up from a privacy standpoint, with the FTC beginning to pay attention and think about this. Fingerprinting (a blanket term used for a variety of approaches to associating multiple devices with a user – a term, by the way, lots of companies hate and try and steer clear of) can be rife with privacy pitfalls.  While I understood the potential privacy concerns with “fingerprinting” in its various forms, I didn’t realize that there’s an increasingly bright light being shone on it by regulatory and enforcement bodies. Good to know.
  • Do Not Track (DNT): Here we are, three years after the W3C work began, and we still can’t agree on a set of rules around DNT. Which is bad, according to Adobe: if DNT doesn’t succeed, we are likely to see more regulation, the cookie going away faster, etc.  Either future outcome means limitations on what marketers can – or should – do, such as co-mingling 1st and 3rd party data, or using 1st party data for off-site purposes (like advertising). Didn’t know that. Also good to know.
  • 3rd party cookies: Less a statement on the future of the cookie, and more one of being aware when 3rd versus 1st party cookies are dropped, this was a great reminder to me that the general understanding of this topic is still relatively low (I certainly won’t claim to be an expert). What’s important here is awareness: do you know what kinds of cookies your technology partners are dropping and why? Do you understand the implications of those choices, the applications of the different types, the privacy ramifications of one versus the other?

I have to admit, I left the session feeling worried and a little depressed – if I were an advertiser, I’d feel more concerned than ever about what is and isn’t ok in terms of targeted advertising outside of the walls of my own site(s), whether it’s reaching an individual consumer across devices with targeted ads, or using licensed third party data to augment consumer profiles, approaches that are becoming the lifeblood of sophisticated digital advertising.

That said, I refuse to concede that the answer must be, “don’t do it.” Nor is my intention to pick on Adobe. (Really, it’s the opposite – I appreciate that they are tackling this issue head on from a technological and business standpoint, and trying to educate their customers on what it all means.) I think that the ultimate answer, complex and nuanced as it may be, must begin with openness with consumers.

Here, Ms. Rasmussen and I agree wholeheartedly: “Say what you do. Do what you say.” The real opportunity here is to be open, transparent and communicative with people: give them every chance to understand what’s happening to them, with their data and the like (like using English – rather than legalese – in your privacy policy*). Authenticate whenever possible, interrupt to explain what’s happening when you’re gathering their data, give them ample openings to opt out. Long and short, treat them like people.

(And yes, I realize I’ve said this before – it’s something I feel very strongly about. In fact, I’m reminded of that research I found not too long ago which found that consumers DO in fact prefer relevant, over irrelevant, ad experiences when given the choice. Relevancy can be seen as a good thing if people get what’s happening.)

Thoughts, comments, send them my way!


*The only way this can happen is if your lawyers understand digital advertising. And they probably don’t. So become their friend and explain it to them.

Follow Joanna O’Connell (@joannaoconnell ) and AdExchanger (@adexchanger) on Twitter. 

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. Nice article on privacy and the changing landscape from the Adobe Summit.

    Would make two comments:
    – Understanding the raised specter of regulation relating to any 1 or all 3 of the issues in the article, as gov’t gets more involved in the ‘fingerprinting’ arena I think it is going to be extremely difficult to outirght ‘ban’ probabilistic approaches to predicting something about someone. Preventing a company from predicting something about a consumer would have massively wide ramifications far beyond advertising. The more likely scenario would follow today, which is to say you can’t use this particular piece of data in this way (e.g. you can’t use sexual orientation to predict creditworthiness). The deterministic approaches could be more easily banned through regulation (ie prohibiting the actual stitching of different data sets for a specific person together), but would expect that marketers raise an uproar. The easiest thing for regulators to do would be to go after the Traditional data companies working in the offline world that have thumbed their noses at regulators for decades (if you haven’t seen the recent 60 minutes piece on this, you should). The experians, acxioms, epsilons of the world need to beware – they’re selling real data derived from real PII and data collection no consumers are aware of, and these companies sell this data to anyone for any purpose.
    – If we come to real legislation that bans cookies in favor of DNT, if that ever comes to pass, you can be assured there will be a substantial transition period to get off of cookies. Although there may be a precedent, I can’t think of a case where regulation/legislation to prohibit a technology was implemented overnight. Even with Do Not Call, there was a transition timeframe and extensive lobbying which resulted in number of big carveouts of different kinds of people who still call my house.

  2. JIm Spanfeller

    Transparency is indeed the best practice in this and so many other digital marketing areas. Right now we have an issue around this as some really bad actors are making a whole of money due to the lack of transparency. One of the core facts that transparency will show by the way is that most 3rd party data is not accurate and as a result often times not helpful. So at the end of the day, all our fretting about 3rd party cookies might just be for naught.

    • Joanna

      Thanks for your thoughtful post, as always, Jim. Here’s the challenge: 3rd party cookies do more than just fuel 3rd party behavioral advertising. They serve as a connecting web for the digital advertising ecosystem, at least right now (not to mention powering all kinds of other systems like many site analytics platforms). So losing them (in a DNT scenario, where only some people are affected; or, in a scenario where browsers default block them) could have much larger ramifications. That’s the real issue, although, yes, I agree, 3rd party behavioral advertising would be affected (and to your point, maybe clear out some of the junk data in the process).

      • JIm Spanfeller

        I am sure you are right in terms of other uses for 3rd party cookies. In my early days in leadership at the IAB I fought hard to stave off the first wave of push back around third party cookies. At this point, I think it is clear that the industry as a whole would be much better off without them…just from a trust point of view. Most if not all of the “other” uses of third party cookies could be accomplished in different ways or by simply moving the process to an appropriate first party solution…for example with web analytics.

  3. John Montgomery

    Thanks for championing the importance of getting engaged with privacy. Its the cornerstone of data collection which is in turn, the foundation of our business. In other words if we don’t give this our attention, we are going to have to rely on contextual targeting again.
    I would like to emphasize one of the things that you said about privacy language. Not only do we have to be transparent – we should tell consumers what data we are collecting – and importantly, why – but use language that they can understand. I am encouraging our clients to have their privacy policies written by copywriters and checked by the legal team – and include as many explanations as possible.