Online advertising: Getting the balance of privacy right
Online advertising comes in many guises: ads on search engine results pages, banner ads and email marketing, including spam, to name a few. For most people advertising is part and parcel of their online experience: sometimes useful, sometimes irritating, but perhaps most often ignored. However, there have been significant developments in online advertising recently which are causing debate among privacy professionals - particularly relating to behavioural or personalised internet advertising. Should those of us who are concerned about privacy really be cautious about embracing these new technologies?
January 14, 2009 at 08:03 PM
5 minute read
Tracking individuals' use of the internet is the latest trend in online advertising. But are current data protection laws strong enough to protect the right to privacy?
Online advertising comes in many guises: ads on search engine results pages, banner ads and email marketing, including spam, to name a few. For most people advertising is part and parcel of their online experience: sometimes useful, sometimes irritating, but perhaps most often ignored. However, there have been significant developments in online advertising recently which are causing debate among privacy professionals – particularly relating to behavioural or personalised internet advertising. Should those of us who are concerned about privacy really be cautious about embracing these new technologies?
One matter in particular to have received press coverage is Phorm's internet service provider (ISP)-level adware and associated targeted online advertising. Targeted online advertising directs advertisements at customers based on their previous online behaviour. Together with a user's ISP, the new technologies profile the addresses and certain content of websites visited and then use that information to place that user in defined advertising categories.
Those who champion users' privacy often use offline analogies to convey how the new technologies work.
For example, US Congressman Joe Barton, who co-founded the Congressional Privacy Caucus, was recently quoted as saying: "Businesses don't send out gumshoes to track you around the shopping centre, and they shouldn't be allowed to dog you around the internet either".
However, Phorm argues that, as the profiling will take place with the knowledge and agreement of the user, there is no cause for any privacy concerns. It points out that the profile is based on a unique ID allocated at random to each user which is held only on their computer and by Phorm. This means the profiling and advertising occurs without knowledge of the identity of individual users and no "personal data", within the meaning of the Data Protection Act 1998, is processed.
At its very narrowest, privacy is understood to comprise users' data protection rights to have their personal data processed fairly and lawfully in accordance with this act. However data protection and privacy are not the same thing: there is other legislation which also plays a part in shaping our notions of privacy and what constitutes a compromise of it.
Accordingly, Phorm's response that such advertising complies with data protection legislation, even if correct, is not the end of the story as users' privacy rights extend beyond the strict limits of data protection law. For example, the Regulation of Investigatory Powers Act 2000 prohibits the interception of communications without consent. Even if targeted online advertising complies with data protection legislation as no personal data are processed, it may constitute the interception of a user's communication with a website, requiring the consent of both the individual and also the companies hosting the web pages visited by that user.
In addition, the Privacy and Electronic Communications Regulations 2003 require users to be informed when a cookie is placed on their computers and to be given clear and comprehensive information about its purpose and the ability to refuse it. There is also the right of respect for private life under article eight of the European Convention on Human Rights. The recent case of Copland v UK [2007] confirmed that this right extends to respect for the privacy of internet usage. In that case, the European Court of Human Rights held that Carmarthenshire College had breached an employee's right to respect for her private life by monitoring, collecting and storing personal information relating to her internet usage. Those who are concerned about targeted advertising argue that the only difference between what targeted online advertisers do and what Carmarthenshire College did in the Copland case is that online advertisers have non-name identifiers.
The regulators appear, at least in principle, to be willing to accept these new technologies. The Information Commissioner has reviewed how Phorm works and has concluded that it can operate in a way that complies with both the Data Protection Act and the Privacy and Electronic Communications Regulations. The Home Office has confirmed that it is questionable whether Phorm's technology involves an interception within the meaning of the Regulation of Investigatory Powers Act 2000 and, even if it does, it could be argued that such an interception was not unlawful. What appears to be key to this acceptance is the obtaining of users' fully informed consent and the ability of users to opt-out.
As well as getting the regulators on board, however, those operating these new technologies will need to gain, and maintain, public confidence. This is not always easy: different people may have different notions – and expectations – of privacy. These differences may be due to generational distinctions: the attitudes of Generation Y to these technologies are likely to be very different to those of older generations who have not grown up with the internet.
Both Phorm and the online advertisers must be aware of and address such differences in attitude if they are to be able to reassure those concerned about privacy and persuade them to embrace the brave new world of targeted online advertising.
Ann Bevitt is head of employment and privacy at Morrison & Foerster in London.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All'Almost Impossible'?: Squire Challenge to Sanctions Spotlights Difficulty of Getting Off Administration's List
4 minute read'Never Been More Dynamic': US Law Firm Leaders Reflect on 2024 and Expectations Next Year
7 minute readTrending Stories
- 1The Key Moves in the Reshuffling German Legal Market as 2025 Dawns
- 2Social Media Celebrities Clash in $100M Lawsuit
- 3Federal Judge Sets 2026 Admiralty Bench Trial in Baltimore Bridge Collapse Litigation
- 4Trump Media Accuses Purchaser Rep of Extortion, Harassment After Merger
- 5Judge Slashes $2M in Punitive Damages in Sober-Living Harassment Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250