At first I was pleased to see that VideoEgg, a rapidly growing video ad network, updated their consumer privacy policy on a couple of important points (see our updated summary):
- They added a data retention policy: 12 months for log data and indefinite retention of aggregate data, which is right in the middle of industry norms.
- They added a clear exclusion for sensitive-category information, which they define to include “health, religion, political views or sexual orientation” (and they note that they do not have pornographic sites in their network).
However there’s still a gigantic omission: no consumer opt-out feature. VideoEgg uses Flash cookies for tracking, so the fair thing to do would be to offer a Flash-based opt-out cookie (see this example). This would make the opt-out preference at least as durable as the method they use to track behavior. Unfortunately, they chose to provide neither a browser-based nor a Flash-based opt-out process.
However, they chose to write their privacy policy as if they offer a consumer opt-out (“We have also provided an opt-out mechanism for ad targeting”). This is dissembling. All they provide is a link to the Macromedia Flash cookie control panel, a befuddling process which, in order to work as an opt-out, requires the consumer to find the VideoEgg domain in their tiny Flash control panel and change the permitted data storage level to zero (a process that VideoEgg doesn’t even explain in their policy). VideoEgg is kind enough to provide a link to the NAI’s global opt-out site, in case consumers want to use the real opt-out processes of their competitors.
What’s the only thing worse than not offering a consumer opt-out? Saying you do when you don’t.
Thank you for the constructive comments.
Videoegg is working on the technical implementation of opt out functionality and will have an opt out button on the site by early February.
Lee Kirkpatrick, COO Videoegg
Pingback: Flash-cookie opt-outs: The VideoEgg Example « privacychoice