Keeping Pace With Privacy Standards: Q&A With TRUSTe UK
Somehow on May 26, when the UK's version of the dreaded EU Cookie Directive came into force, the Internet did not crumble and burn to ashes. That could be partially credited to the last-minute (almost literally) addition of "implied consent" by the Information Commissioner, but many British publishers have had their heads down to the ground, making preparations for the worst for a while now.
Three months after the May deadline, TRUSTe found that 63% of major UK websites had taken some measures to address the regulations, with 12% introducing pronounced privacy notices and dynamic cookie controls and 51% offering minimal privacy notes and basic cookie controls. TRUSTe has been quite the student of the UK privacy circuit of late, with a June study that found online privacy is weighing heavily on the minds of 94% of British consumers, with 54% more concerned now than they were a year ago.
We caught up with Richard Foster, UK Director of Ad Solutions, to get some insight into recent findings and hear his take on how regulation will affect the development ofbehavioural targeting in the UK.
Your recent study shows that privacy concerns amongst the UK public have skyrocketed – why do you think this is?
While the data shows privacy concerns have increased in the past year, it is important to note that privacy related challenges have also been increasing. This is due to a combination of factors, including new regulatory requirements, increased consumer awareness of practices like behavioural advertising, and increased exposure via mobile devices.
So while many companies are taking privacy seriously and implementing steps to help provide consumers with proper notice and control, the standard they are being evaluated against is continuing to get higher. Companies need to realise privacy is not an on / off switch – you need to continue to evolve how you manage data privacy in sync with how you are evolving your marketing and advertising programs.
So is behavioral targeting doomed?
No, on the contrary, the research clearly demonstrated that transparency and good privacy practices could be very effective in addressing consumer concerns over online behavioural advertising (OBA).
For example our latest research showed that 79% of consumers are aware of online behavioural advertising, 53% do not like it and 42% incorrectly assume that personally identifiable information is attached to tracking activity. However these consumers are almost twice as positive about OBA when they are assured that any data that could identify them personally is not used.
The research also showed that good privacy practices make a difference with 51% of consumers more inclined to click on an advertisement that gives them the option to opt out of OBA and 55% more likely to continue to visit websites from publishers and advertisers that give them the option to opt-out.
Interestingly the research confirmed that advertisers can increase favourability by 42% through participation in the EDAA self-regulation programme.
Do you think the ePrivacy Directive has done enough to allay consumer fears for their online privacy?
I think that the recent EU Cookie Directive has really put third-party tracking and online behavioural advertising under the spotlight in the UK and has required advertisers, publishers, networks and ad targeting companies to consider their data privacy practices and how they communicate these to their audiences.
This focus on data privacy is good news for consumers however, there is still a long way to go. The TRUSTe research was conducted at the very end of May, just after enforcement of the EU Cookie Directive began, so the very high levels of concern (94% of consumers worried about online privacy and 54% more concerned than a year ago) show there is still a great deal more work for advertisers and businesses to do to allay consumer privacy concerns and build trust.
The new fear is of changes to the data protection act coming in the next year or so – do you have any insight into these changes? What do you expect?
Given TRUSTe's global footprint, and the fact that so many of our clients do business in Europe, we have been closely monitoring the proposed changes to the EU data protection “regulation” for the last several months. If the regulation passes, there will be a single privacy standard in Europe and we think this will be good for overall compliance as companies will benefit from having a single standard to comply with. However there are certain proposals in the Directive that could have a significant impact on the online ad ecosystem.
Firstly, the regulation redefines consent – the proposed regulation specifically states that silence and inaction cannot constitute consent. This would mandate “opt-in" any time consent is required which would have some serious repercussions in the cookie-driven world of online advertising. Incidentally, TRUSTe’s own requirements around consent are crafted in a way that is contextually appropriate to the situation – we don’t mandate that consent either be opt-in or opt-out.
For instance, when certifying mobile applications, we recognise that geo-location data is sensitive, however, we don’t require express consent every single time geo-location data is collected (if your mobile map app asked for your consent each time it had to provide you directions, it would definitely detract from the experience). Instead, we require express consent the first time geo-location data is collected, and implied consent for subsequent collections and use.
Secondly the regulation provides an expanded right of access known as the “right to be forgotten.” While certain aims of the “right to be forgotten” are laudable, it’s difficult to implement technologically. To fully comply with this right, and provide the individual access to their data at any point in time, companies would need to store and secure data indefinitely – and this will impose costs, since much of the data will be, by definition, personal and probably linked to some sort of customer profile (e.g. a wall post on Facebook).
What measures do TRUSTe take/have at their disposal to help with these concerns – both from the consumer and the publisher perspective?
At TRUSTe, we offer a wide range of technologies and certifications to help companies build trust and increase engagement across their online channels. TRUSTed Ads is the leading, global self-regulatory platform for online behavioural advertising (OBA) compliance and numerous European companies including Adconion UK; MediaMind; Gumtree and YD – have already standardised on the TRUSTed Ads platform collectively serving billions of monthly impressions in Europe each month.
Last month, TRUSTed Ads EU was authorised as a Provisionally Approved Icon Provider for the EDAA (European Digital Advertising Alliance). TRUSTe has also recently introduced the EU Privacy Management Suite and five new data privacy certification schemes in the UK for websites, mobile sites, mobile apps, and data collection.
Through these tools we help advertisers, media owners, ad networks and targeting companies to maintain compliance, manage technology and build customer trust, and we help customers to find brands they can trust, manage their privacy online and click and share with confidence.
Gavin Dunaway is Editor, US for AdMonsters’ Content Team. Previously he served as Senior Editor for interactive advertising trade news depot Adotas.com, and before that he held reporting and editing roles for numerous industry-related publications. When not diligently producing news and feature articles related to ad ops, he enjoys playing guitar so loud that the walls shake.