Data Protection
Published by: Sertan Hakki
, News International
Published on: February 27, 2012
Hello AdMonsters,
You may or may not be aware of the changes to the 'Privacy & Electronic Communications Regulations' made back in May 2011.
See ICO advice (& an example at top of browser window of how they think you should comply) here:
http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communica...
I was hoping we could discuss how your organisations have decided to ensure they are compliant from an advertising perspective.
Thanks,
Sertan
Recent Discussions
Jun 11 | 1:25 pm | James Williams
3 comments
Jun 11 | 10:46 am | Allison Kaiser
3 comments
May 29 | 7:35 am | Angie Singh
3 comments
23.11.12 | 7:11 am | Russell McGurk
0 comments
Dec 3 | 11:38 am | Gavin Dunaway
0 comments
Jan 23 | 5:44 pm | Nathan McCormick
1 comments
12.08.11 | 10:45 am | Sharon.Leong@morningstar.com
7 comments
Jun 10 | 6:09 pm | Rob Beeler
0 comments
Jun 4 | 12:23 pm | Amanda Fellows
1 comments
May 23 | 10:31 am | Russell McGurk
1 comments
.png)
.png)
Job Listings
Manager of Advertising Operations, Digital Technology Activation Group
Starcom MediaVest Group
| New York , NY
Ad Operations Manager
The Daily Voice
sales assistant
Time Inc., us
Everything about
Mobile 447 articles
Operations Management 2 articles
Private Marketplaces 5 articles
Programmatic Direct 2 articles
Audience Extension 10 articles
Responsive Design 2 articles
Viewability 9 articles
Creative QA 3 articles
Tag management 5 articles
Private Marketplace 1 article
Comments
At The Seattle Times, we are using Adometry's TagScan product to identify Data collection (pixels and cookies), to verify ad specs, and to detect malware. On the data collection side, the tool counts and identifies the source of cookies and gives you insight into their domains, values, size and expiration. As we have begun scanning all of our 3rd party tags on initial upload and on a scheduled basis to monitor for changes, we have really had our eyes opened to the sheer volume of cookies and often how long they stay active for our users. Like us, many publishers appear to be in this learning stage and we will very quickly move to set policies and instate practices for managing data collection performed on our sites. For anyone who is not looking at the cookies and pixels being dropped through 3rd party tags, I would strongly urge you to do so.
We, Glam Media, have been using Adometry's TagScan as well. I've gathered this type of information manually in the past using various cookie tools and http sniffers and it's overwhelming the amount of data that can come from even the simplest tag. We looked at Adometry initially for Malware scanning, but as stated by Matt, the Data collection piece has proven to be very valuable during our pre-live QA process. I also like the fact that you get screenshots with each scan, either a single tag or URL, since you "sometimes" need to push back on sales and visual proof is good.
One thing to add is Adometry works with Ad-Juster UI to integrate with your ad server (no dev work). This allows for automated scanning in conjunction with the manual scan piece. A big benefit of the automated and scheduled scanning is seeing if a tag has been changed mid-campaign. Seeing what a tag is dropping before it's live is good, but the real concerns are when it's actually running.
For the marketers/advertisers in this group, drop me a shout if you're looking for a low cost, but detailed and accurate cookie audit solution.
Our service, Pikslme (pronounced Pixel Me), is already at work helping marketers start their ePrivacy Directive compliance journey.
For now, our presentation is here: http://bit.ly/xc0MTb
Note: We're just moving out of private beta now; a new/temporary site will be up soon and a full site live in the coming weeks.
James
James Sandoval
Founder & CEO - Invizua Limited - www.invizua.com
Co-Founder - Pikslme Limited - www.pikslme.com
Phone: +44 7740 284 164
Email: james.sandoval@invizua.com or james@pikslme.com
LinkedIn: www.linkedin.com/in/jamessandoval
Twitter: @checkyourfuel
Our Address: 1 East Poultry Avenue, London EC1A 9PT
@Megan -- Brian from DataXu here. The scale of most of the campaigns our clients run makes the idea of trying to retarget even a large publisher's audience fairly impractical. That's not to say unscrupulous players can't or won't do it, or that you shouldn't be monitoring who drops cookies. But one option some publishers are pursuing is to proactively adopt tools like ours to sell their audience (particularly valuable and niche audiences) across not just their own properties, but across other sites via exchange traded media.
Hi Sertan,
Acceleration has been consulting with numerous tier 1 publisher clients in the UK and EU about this issue over the past year. While most publishers have started analysing the issue, few have put any concrete measures in place to change the way they work with cookies.
The ICO guidance is quite helpful in setting out an approach for compliance that can be paraphrased like this:
1 - Audit and control the cookies dropped from your site
2 - Inform visitors what cookies you drop and what you use them for
3 - Obtain consent from visitors before dropping or using any cookies
The obvious challenge in the advertising context (as opposed to web analytics, site UX etc) is that the dropping of cookies via advertising creates a dynamic data set, i.e. the cookies set changes from impression to impression. As a result, doing a static audit at one moment in time is utterly useless. What you need is a consistent monitoring and protection layer that gives you ongoing insight and reporting on what cookies are set and how they get onto your site, and allows you to set alerts for (or block) consistent bad actors with whom you have no commercial relationship. In our opinion the best tool currently on the market for this job is Krux's Data Sentry.
The bigger challenge, of course is figuring out how you are going to obtain consent, and how that will impact your advertising technology set-up. Strictly speaking, no cookies should be dropped or used until consent has been obtained from a visitor. So, can you prevent your publisher ad server from setting a cookie based on consent/no-consent per visitor? Even if you could, can you prevent 3rd party ad servers from doing the same? What about your SSP or your behavioural targeting tool?
The ICO has acknowledged repeatedly that this is the most complex part of the problem set, but at the same time they have identified "online behavioural advertising" as the most intrusive category of cookies requiring the most comprehensive information and consent process.
It seems almost unbelievable that a law could have been passed that runs counter to the very architecture of the online advertising industry and, because of this, I think most people are simply hoping it will go away. But that would be both naive and irresponsible. The law exists and we are all currently in breach; it's time we figure out how to protect our businesses and protect our customer relationships.
Happy to discuss further offline.
cheers
Stephan
Nicely stated Stephan. You're spot on.
Hi Stephan,
I'd welcome a conversation with Acceleration at any time to introduce The Media Trust, our services, and our perspective from scanning web pages and ad executions for hundreds of clients up and down the ad serving ecosystem. We agree that enabling frictionless ad execution within the context of multiple new laws is a significant, but addressable challenge. There are services today that enable automated pausing of specific creative or ad tags whether run directly via a publishers ad server or via 3rd/4th party served "upstream" partners. Most upstream publisher partners that we work with, be they SSPs, DSPs, Exchanges, Ad Networks, or Agencies take the problem seriously as well and are grappling with and addressing similar issues.
Regardless of the service publishers utilize to establish data transparency/security, the most critical step is to have a defined policy that works for the particular publisher and to then stand by that policy by working (regularly) with their upstream partners to properly maintain that policy in the real world. A second critical point that needs to be made more strongly, is that not all cookies, pixels, or code sets riding with advertising are bad. For example, differentiating between flash cookies utilized for creative execution or remembering a login name rather than data collection is critical for differentiating between a data leakage or consumer tracking event and a site performance event that benefits the advertiser, site, and the consumer.
It is also critically important that publishers take a cooperative stance with their upstream partners - the only way the ecosystem can manage this process without grinding the ad ecosystem to a halt is for publishers to not adopt the attitude that 3rd parties utilizing cookies are "stealing your data" (that is not to say that some are not), and instead to adopt a more open policy where they are willing to work with their upstream partners to establish procedures around addressing issues as they arise. There are myriad ways to accomplish this, but a start is to help publishers gain the confidence to open and maintain regular conversations with their network partners and separately with the data collection companies. It should come as no surprise to publishers that upstream partners from agency/media buyers to SSPs are also concerned about what cookies or pixels are added to creative after they leave their ad servers.
Finally, we agree that static "cookie audits" provide little to no value. Even continuous scanning is only as good as the last scan. A list of domains that drop cookies on a website leaves publishers guessing at what to do next in a sea of continuous pixel drops. Proper cataloging of cookies, pixels, flash cookies, and DOM Storage manipulation is critical to enabling an efficient flow of commerce while providing the security layer that all members of the ecosystem need to meet regulatory requirements. These categorization layers do, at some point, need to be shared with the ICO and US Regulators for obvious reasons. Perhaps Admonsters can help via a forum dedicated to data leakage and publisher best practices.
Feel free to reach out any time.
Chris
I agree that privacy is becoming a huge area of focus recently. I was also curious how other publishers are handling requests by advertisers to use companies such as DataXu to enable audience level reporting. While the reasoning for using it is to enable more thorough and efficient reporting it also opens the door to retargeting and I would love to hear what, if any, safeguards other publishers have put in place on this and/or if anyone is pushing back on these requests.
Thanks!
Megan