Have you heard about the supercookie? Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These supercookies are very hard to detect and delete, and can track user behavior across multiple sites, not just one.
These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. Here’s coverage from Information Week, Mashable and the Wall Street Journal.
All this gives me a strong case of deja vu all over again, as the expression goes. Back at the dawn of the online advertising age I headed up communications for Advertising.com. We were right in the middle of the “cookie wars” of that time, trying to explain what they did (and didn’t) do and trying to head off regulation by the FTC. More recently, I wrote back in 2008 about ISPs looking to get into the tracking business via software from companies like Phorm and NebuAd.
If you read that post from 2008, you’ll see a list of principles promulgated by groups like the Network Advertising Initiative and the Online Privacy Alliance that companies were supposed to adhere to in their online practices:
2. Notice and Disclosure
3. Choice/Consent
4. Data Security
5. Data Quality and Access
No question many are not being faithful to those principles today. But rather than focusing on the regulation issue, I’d like to suggest companies simply be more transparent with users. Sound a bit naive? I don’t think it – I think it would be smart business.
From the dawn of the online advertising age, companies have been very reluctant to clearly spell out the online quid pro quo for users. Users get lots of free or very inexpensive services and lots of convenience, in exchange for sharing information about themselves. Sometimes this sharing is explicit — registration, subscribing — but more often its done behind the scenes, using tools like cookies and now, supercookies.
The Internet has become such a part of daily life and commerce that companies should find the courage of their convictions and spell this out for consumers. Stop talking about personalized advertising as if people are dying for that. News flash — most consumers want no advertising at all. But if you explain the benefits they receive in exchange for a reasonable (yes that’s a flexible term) amount of shared personal information, I’m confident the vast majority would go along.
Let’s take a very basic example. Do you really want to input your ID and password at sites you visit every day? No you don’t, it’s convenient for that site to place a cookie on your computer so you are recognized and let right in. Companies need to spell this type of benefit out, and/or get their industry associations to do so. It would be a more effective tack than increasingly tenuous stories about the effectiveness of industry self-regulation.
To put it bluntly, the Internet is too essential to the everyday life of millions of consumers for them to turn back now. Companies should clearly explain the business model that makes so much information and so many services available online. They should also follow the principles above, including better protection for personally identifiable information.
Online companies can make this case to the public, if they want to. When we’ve brought this conversation out of the shadows, all parties will be better off.