In the debate about “Do Not Track,” ad-business folks often talk about the success of the self-regulatory program supervised by two industry groups, the Digital Advertising Alliance and the Network Advertising Initiative. These groups have knit together a privacy framework that includes data-practice requirements, a notice-and-choice system for the ads, and ongoing monitoring and compliance reviews.
Hundreds of companies participate in the program (including Google and Yahoo!), but one important one doesn’t: Facebook.
In every other way, Facebook is the ad industry’s new best friend, recently opening up a vast new of inventory and data for third-party marketing applications. Within the last few months Facebook began to match profiles to offline purchase behavior, allow third-parties to target ads based on existing profiles, and ad-targeting based on anonymized email lists. Facebook’s quest for post-IPO revenue has taken it directly to the frontier of targeted marketing, and they’re only getting started.
At the same time, Facebook shows little interest in the industry’s privacy initiative:
- They don’t show the ad-choices icon. The icon is supposed to be a universal signal to consumers that their behavioral information is in play with an ad, so they get why it may feel creepy and can easily opt-out. Even though few people click on it (because of its cryptic design and because people take other measures), it fosters accountability.
- They bury notice-and-choice. Clicking the icon should take you immediately to the place where you can opt-out. Facebook’s implementation hides notice-and-choice first below an X (not an icon that usually says AdChoices), then under a tab for “About this ad.” This is the opposite of “Privacy By Design,” but entirely consistent with Facebook’s cynical approach to privacy choices.
- They don’t link to the big opt-out page. As an important convenience to users, the industry groups host a consolidated opt-out page. The choices are fragile and “opt out” means different things to different companies, but it is the industry’s only substantive alternative to Do Not Track. Facebook’s notice-and-choice setup doesn’t mention it.
Ironically, the ad industry itself facilitates Facebook’s choice to go it alone on ad privacy. Plenty of NAI and DAA members are now playing in Facebook’s giant data sandbox, including NAI-certified data brokers like Datalogix. The problem is that the ad initiative’s rules don’t discourage members from dealing with companies that don’t also comply.
A bigger question is whether Facebook is simply beyond the scope of self-regulation. Can an industry program cooked up by Washington D.C. lawyers possibly keep pace with the new applications for big data that are coming out of Facebook every day? When it comes to their data, consumers have to count on the marketing industry — particularly big players like Facebook — to police themselves. So far the record is not inspiring.