As you have read this year I attended without Aurélie eMetrics San Francisco as she had to take care of our most important project ever: Luca ;-)

This post is the first of a series that I’ll be writing in the coming weeks regarding some of the sessions and conversations that I had during the conference. Usually it’s Aurélie who writes these kind of posts, but I promissed her that I would represent her during and after the conference so here it goes.

On the day 1, we had a very interesting panel that discussed Privacy and Ethics, the panelists were: Jack Jia from Baynote (previously CTO at Interwoven), Sergio Maldonado from MV Consultoria in Spain, Bob Page from Yahoo and Seth Romanow from Microsoft. I’ve chosen this topic for my first post as there’s a lot of discussion lately here in the European Union and following some interesting conversations last year with Bob Page regarding this topic.

From left to right: Seth Romanow, Bob Page, Sergio Maldonado & Jack Jia

Jack opened the discussion stating that from his point of view the privacy issue was easily resolvable by gathering data only anonymously. While this is an approach that seems to solve the issue, I have to admit that I disagree as I don’t think that this approach is realistic in today’s Internet world. We have lots of personal data that is provided in numerous ways by the visitors through forms, registration procedures, etc… without saying that the temptation is there to use the data to support various business objectives.

Sergio presented the European perspective as here in the EU we have more strict limitations in the way we gather and store data. Even if this is not always true as for example in the use of permanent cookies in public websites (government organizations) is not explicitly forbidden in the EU, which is the case in the US, always a hot topic at the public track in Washington (contact Alex Langshur for more information). He mentioned for example the current debate that we’re having here in Europe were the European Commission is considering that IP addresses might be personal data (at least from an ISP point of view) as they can be attached to personal details. The integration of data is also going to be a challenge, noted Sergio, as more and more companies start linking web gathered data with CRM systems. Another point that he explained is the regulation regarding Cookies, as in Europe you need to explain very clearly that you use them and what is the purpose of using them. Coming back to the personal data, Sergio reminded the audience that in Europe any personal data (not only the data gathered through the web) needed to be accessible to the individual allowing him to modify it or to erase it at will, following the same legislation applied to Direct Marketing.

Then it was time for Bob Page. He started saying that no one looks at the privacy page of websites. This is so true, I think that I never read entirely these long and indigestible pages — note that Yahoo’s is very clearly presented and more information is available in subsequent pages. He raised an interesting comment regarding access of data, as companies should ask themselves “Who has access to that data?” is it shared? only internally? Imagine that part of that data is stored on a laptop and that laptop gets stolen or lost he wandered? An access policy needs thus also to be defined proposed Bob. How long is the data kept? How is the data anonymized afterwards? He gave an excellent example of why Yahoo needed to keep this data: fighting click fraud in their search engine. I never thought about this one but it makes sense. And his latest comment about anonymazation of data (making it anonymous) lead to an interesting question: Are there tools to anonymize? Vendors, this is a tip if you’re searching to develop a new tool ;-)

He then stated that users are willing to give some data but the simplistic concept of opt-in/opt-out was not valid anymore. Users are willing to allow to provide access to parts of their personal data and thus a more detailed/granular management is needed. This reminded me of Facebook, when I activate a new application I’m requested to define what this application will be able to do and access. Even though if in Facebook the granularity could be stronger, I believe that this is a good example of were we should go in the Internet industry.

It was then the turn of Seth. His arguments were in the line of what Bob had explained as he advocated that customers needed to gain control in order to increase trust, as without trust there was no relationship (this reminded me the presentation of John Lovett at the Industry Insights Day on Sunday). So the keywords are: consent, control and communication. He also made the distinction between the anonymous data as 95% of visitors are anonymous and the data gathered from people logged-in which is of course much more sensitive. He finished his statement by warning that destroying trust was very easy and thus it was important to find a right balance when gathering data.

After the presentation of these 4 points of view, the session was open to questions. Angel Morales from Lights Out Marketing had an interesting question/comment:

What will happen the day that somebody from the NYT discovers a misuse by one player of all the data that can be gathered and it makes the front page? How can our industry make sure that this won’t lead to the end of business of many of us?

I will only include one of the comments that I found most valuable that Bob shared with the audience: our industry needs to setup policies above the law to make sure that the line is never crossed. The problem being that the industry has his interest at heart and not the consumer’s.

If I decided to start with this post is because I believe that our Industry through the WAA needs to prepare to the day we will have a crisis. This might affect all of us whether you’re ethical or not, privacy is and will be an increasing issue. So a crisis plan needs to be put in place. Bob has been leading a task force within the WAA in order to tackle the privacy and ethics. If you’re interested in joining him to help our Industry to better address this, don’t hesitate to drop him an email! And yes I know that the solution is not that easy, but at least it’s a good start.

As Sam Seaborn, played by Rob Lowe in The West Wing, stated in one of the episodes: “Privacy will be the issue of the XXIst Century”.

Cheers from sunny Brussels,

René

Original Comments

Comment 1

Author: Chris Tackett Date: May 13, 2008 Text: Been reading for a while now. Just wanted to say good job.

Chris Tackett

Comment 2

Author: John Lovett Date: May 13, 2008 Text: Nice Summary Rene, I appreciate the recap of the sessions I missed and it appears this was a good one.

About a year ago at eMetrics SF in ‘07 at a bi-partisan analyst dinner, we described the scenario that Angel referred to as the “Digital Chernobyl”. I agree with Bob about establishing above the law standards, but laws have never stopped deviants. I doubt that legislation (such as the NY assemblyman’s proposed Do Not Track list) will ever be truly effective. The onus is on vendors and collectors of data to protect the privacy of visitors. But I too agree that privacy is dubious at best and we need advocates.

Cheers, John