Blog

Submitted by William Lee on February 10, 2017

by William Lee and Grant Nelson

FTC News

|> FTC penalizes Vizio for unfair and deceptive data collection practices

Smart TV manufacturer, Vizio, has settled with the FTC and New Jersey Attorney General for $2.2 million for collecting sensitive TV viewing data without affirmative opt-in consent. The settlement also requires that Vizio delete its old data and implement a comprehensive privacy program subject to biennial assessments. Acting FTC Chairwoman, Maureen Ohlhausen, issued a statement concurring with the settlement but indicating her intent to reexamine what constitutes “substantial injury” in the context of sensitive information about consumers.

NAI News

|> NAI, Industry Trade Groups Support FTC’s Notice And Choice Framework

The NAI joined with the DAA and other industry trade groups to defend the FTC’s Notice and Choice framework for providing consumers with the proper transparency and agency to make decisions about their privacy.

|> PrivacyCon 2017 Roundup

NAI attended the FTC’s annual PrivacyCon on January 12, 2017, and covered the research presented. Highlights for NAI members are outlined in our blog post. Because PrivacyCon exposes interesting research to a broader audience, and is typically dominated by academics with few companies submitting proposals to speak, we encourage members to become more involved and submit proposals to speak in order to share research at next year’s event.

Tech Updates

|> Adblocker Usage up 30% in 2016

Pagefair reports that mobile adblocker usage now exceeds desktop adblocker usage. Asking users to whitelist is met with varying success.

|> Windows 10 Includes New Privacy Controls

Windows 10’s privacy settings now includes direct links to Microsoft’s advertising opt out webpage. The Edge browser stores browsing history in Microsoft’s cloud, undeletable from the Edge browser, but erasable via Microsoft’s updated account privacy portal. Finally, Windows 10 prompts users on initial setup to choose whether to allow relevant ads. Solid writeup here.

|> Windows 10 Includes New Privacy Controls

Mozilla’s Focus browser is now available in 27 languages, in line with Mozilla’s return to focus on the Firefox Browser. The Firefox browser fell from 30% market share down to 12% in the last several years, but Mozilla is pivoting to bring Firefox back to its previous glory.

Submitted by Grant Nelson on February 8, 2017

NAI News

|> NAI’s First Ever Privacy Hackathon: May 2017

The NAI is hosting its first privacy hackathon, bringing together hackers of all stripes: designers, programmers, and lawyers to think about privacy solutions. We encourage companies to use the opportunity to focus on privacy for a bit, and we won’t be requiring anyone to open source their work: only to share what you create. NAI will promote the good work of our companies working to respect consumer privacy. Prizes will be awarded on May 16th, the day before the NAI Summit, to top teams. To sign up, find a team, or get more info, visit www.privacyhack.org.

|> NAI Speaks At FTC’s Smart TV Workshop

The FTC held a workshop on smart, connected, and addressable TV technology on December 7th, 2016. The NAI’s Shaq Katikala spoke on a panel discussing the privacy implications of televisions that participate in the online advertising ecosystem by either collecting information for the purpose of displaying targeted ads or displaying targeted ads. We explained why the effectiveness of self-regulation of online advertising shares parallels with how smart televisions can be similarly self-regulated.

FTC News

|> Privacy Enforcing Power Flows From FCC To FTC

The FCC is being urged to decline to enforce privacy rules from the Obama administration, setting the stage for privacy-enforcement responsibility to vest in the FTC.

|> FTC’s Acting Chair Olhausen is Self-Regulation Advocate

Olhausen, who has been an FTC commissioner since 1997, named acting chair, and reportedly in the running for a permanent position.

Tech Updates

|> New Chrome Browser Settings

Chrome now offers more clarity into which browser capabilities a website is requesting or accessing simply by clicking the icon to the left of the web address in the omnibox. Notably, users can quickly access the list of cookies on their browser instead of having to go through the browser’s content settings.

Submitted by Grant Nelson on February 6, 2017

NAI and DAA News

|> New NAI Industry Opt Out Tool Goes Live February 15th

Early this year, NAI will be launching the next version of the NAI opt-out tool, which will feature a significantly improved consumer experience, easy to understand instructions, and the ability for companies to present consumers with notice and choice regarding non-cookie based tracking technologies. We have worked with all of our members to integrate each company's operations and technology to the new tool, and are excited to announce the tool will go live on the NAI's website on February 15, 2017. Please make sure your company is integrated with the new tool, and contact Julie at julie@networkadvertising.org if you have any questions about technical integration.

|> NAI Will Begin Enforcing Non-Cookie Technology Guidance March 1st

Additionally, beginning March 1, 2017, the NAI's previously published Guidance for the Use of Non-Cookie Technologies will be enforced by the NAI compliance team. This is an important step in providing meaningful transparency and choice to consumers regardless of the technology utilized by companies. Feel free to contact us if you have any questions about compliance or enforcement.

|> DAA Began Cross-Device Enforcement Feb 1, 2017

The Digital Advertising Alliance issued a warning to all in the digital advertising ecosystem that February 1st marked the first day of enforcement of the DAA’s cross-device guidance. All members should take a moment to read the guidance and take necessary steps to conform.

FTC News

|> FTC Releases Staff Report on Cross-Device Tracking

The FTC released its cross-device tracking staff reportin January, encouraging industry to increase transparency, notice, and choice when providing cross-device services. From the report:

“Another aspect of transparency is making truthful claims about the categories of data collected. Often, raw email addresses and usernames are personally identifiable, in that they include full names. Even hashed email addresses and usernames are persistent identifiers and can be vulnerable to reidentification in some cases. The Commission has repeatedly stated that data that is reasonably linkable to a consumer or a consumer’s device is personally identifiable. Therefore, consumer-facing companies that provide raw or hashed email addresses or usernames to cross-device tracking companies should refrain from referring to this data as anonymous or aggregate, and should be careful about making blanket statements to consumers stating that they do not share “personal information” with third parties.”

Submitted by NAI on January 20, 2017

by William Lee and Grant Nelson

The FTC held PrivacyCon 2017 on Thursday, January 12th. Eighteen researchers were selected from about 70 submissions to present their findings to attendees and participate in short audience Q&A. The presentations were delivered through 5 sessions: "Internet of Things and Big Data," "Mobile Privacy," "Consumer Privacy Expectations," "Online Behavioral Advertising," and "Information Security." Please see the agenda with links to the presented research.

Here are the highlights for NAI members:

  • Overall, PrivacyCon 2017 was less critical of the online advertising industry than PrivacyCon 2016.
  • Researchers continued to focus on the prevalence of trackers across the mobile and online ecosystems, particularly in the context of cross-device.
  • Research noted the rise in adblockers, but equivocated the growth with an increased consumer interest in privacy.
  • Consumers recognize the value of targeted advertising when done in a privacy-respecting manner, some research shows.
  • Machine learning and AI-enhanced research and analysis methods are increasingly common in privacy research papers.

Below we've outlined some of the research highlights relevant to NAI members.

 

Researchers continued to focus on the prevalence of trackers across the mobile and online ecosystems, particularly in the context of cross-device.

Several presentations focused on various methods of analyzing data collection using different trackers. For example, Princeton researchers are running a monthly scan of the top one million websites and tracking how many third party URLs are called, and comparing changes. They noted that fewer companies enjoy an increasing share of the total trackers deployed. Research on mobile devices is also picking up, with researchers developing an app that allows a non-rooted Android device to intercept and modify all network traffic in order to analyze third party connections. Increasingly, research shows that consumers are less concerned about their data being collected and more interested in knowing the specific information about them that is being collected and shared. For example, every respondent in one study (n=21) reported they cared more about the information collected than they cared about tracking in general. The researcher emphasized that companies collecting information should clearly explain what data they collect. For NAI members, these findings are in line with the Code requirements to provide clear notice of data collection practices for IBA.

 

Research noted the rise in adblockers, but equivocated the growth with an increased consumer interest in privacy.

One researcher presented an anti-anti-ad-blocker. The extension blocks websites' requests to users to disable their adblockers. During the presentation, the speaker claimed that the rise in adblocker installs could be primarily explained by users who are seeking to protect their privacy. The paper, however, also mentions consumer "annoyance" with ads as being a major issue facing the online advertising ecosystem, motivating adblocker use. Through the Code and other efforts, the NAI is constantly working to address consumer privacy concerns. Regarding consumer annoyance, the NAI is working on solutions with the Coalition for Better Ads. Beyond those issues, a number of audience questions for this presenter pushed back on the feasibility of requiring consumers to pay for content that they'd otherwise receive for free via the ad-supported model. One audience member even questioned the free speech implications of potential consolidation in media sources if consumers were required to buy subscriptions.

 

Consumers recognize the value of targeted advertising when done in a privacy-respecting manner, some research shows.

One study (n=35) analyzing the pros and cons of online tracking from a consumer perspective asked respondents to identify settings in which they found tracking to be either beneficial or not. 74% of respondents found online tracking "beneficial" when it delivered them targeted ads rather than generic ads. At the same time, only 31% of respondents cited website customization as a benefit of online tracking. Meanwhile, 60% of respondents said ads could be "not beneficial," largely when they found the ads objectionable. The concerns cited included seeing the same ad repeatedly, using sensitive information to target the ad, or seeing the ad out of context. Another study investigating consumer reactions to privacy choices found nearly identical results. Namely, that consumers dislike seeing the same ad repeatedly, do not want ads targeted based on sensitive information, and are more comfortable with ads that match the content of the page on which they are displayed. The NAI Codes address these concerns by permitting ad frequency capping to limit the number of times a consumer sees the same ad and prohibiting ad targeting on sensitive information unless the consumer opts in.

 

Machine learning and AI-enhanced research and analysis methods are increasingly common in privacy research papers.

A common theme among both the submissions and accepted papers was the increased use of automation and machine learning for research into and investigation of privacy practices. Researchers presented papers that utilized machine learning and automation to analyze thousands of privacy policies and compare the policies to apps' or websites' observed behavior. Other research attempted to interpret a user's past privacy choices using machine learning to automate future ones, only prompting the user when the system is unsure of the user's preference. Two presentations utilized automated analysis of network traffic between a device, including a non-rooted one, and the internet to identify what information is being shared, including PII leaks. The NAI has been using automated technical monitoring tools for several years and appreciates the efforts of the community to adopt such technology. Further, the NAI is investigating how to improve our automated tools by incorporating machine-learning techniques.