(I wrote this article a while back for ClickZ. I’m reposting here because this touches on a few themes that I hope to expand upon in some further posts.)
After more than two years of contentious and often circular wrangling between advertisers, online privacy activists, regulators, software vendors and others, the W3C’s Tracking Protection Working Group suffered a major blow the other week when the Digital Advertising Alliance (DAA) officially withdrew from participation. The Tracking Protection Working Group has been the leading effort to establish a common industry approach to the “Do Not Track” browser option, which among other things governs how a web user’s browser governs cookie setting. (For more about what browser cookies are, see this Wikipedia article.) After more than 100 group-wide teleconferences, input documents, face-to-face meetings, polls and god knows what else, the working group was never able to define even basic issues, like what fundamental consumer harm was at stake, or what the definition of “tracking” was, let alone get down to substantive issues about, say, a Do Not Track standard.
To be honest, I think very few in our industry were surprised at the failure of W3C group’s misaligned interests to reach an agreement. But the problem isn’t the W3C process itself. After all, a separate industry initiative, which is unrelated to consumer privacy per se, that aims to voluntarily standardize the digital data layer has been proceeding smoothly. The Big Three of digital marketing and analytics (IBM, which founded and chairs the group, Google and Adobe) have found substantial shared interests there in making the page tagging layer more standardized, interchangeable, and focused on delivering insights rather than proprietary data models. The problem isn’t even necessarily between consumers and advertisers. That relationship is very old already, and while consumers may not always like advertising, most have accepted it as the price we pay for free content and services (whether via TV, radio or internet). Rather, the problem is that privacy activists haven’t adequately considered advertisers’s BATNA – familiar to negotiators and MBAs everywhere as the “Best Alternative To a Negotiated Agreement.”
When calculating a BATNA, both parties must decide how they would fare in the absence of a negotiated, mutually satisfactory agreement. How favorable that position is determines the strength of each party’s negotiating position. Through that lens, the failure of the DNT working group begins to make a lot more sense.
Online privacy activists – NGOs, academics, and a smattering of politicians and regulators – have a particularly difficult BATNA. Most academics and activists have little to offer business in exchange for concessions and have few avenues for recourse outside of negotiation. The one notable exception are workaround technologies like AdBlock, which have proven somewhat effective (thus far) at blocking much web advertising. But even setting aside the controversy around AdBlock charging advertisers fees for inclusion on their “whitelist,” this solution is probably short-lived. Technological workarounds will only amount to an arms race, in which the side with the deepest technical resources and widest reach on the consumer web – think Google, Yahoo, AOL, etc. – will inevitably win.
On the other side, advertisers and technology vendors have a particularly strong BATNA position. In the U.S., political support for stronger privacy regulation is very weak, and in Europe, there is a growing sense that it may have gone too far. Consumers have continued to flock towards web services and applications that explicitly measure user behavior, seemingly at odds with the media hype about concern for online privacy. Conversion rates from ad retargeting belies the view that consumers hate seeing ads for goods they’ve browsed and searched for elsewhere. And very few people actually bother to read posted privacy policies.
But the real deal breaker for advertisers when it comes to making DNT concessions is probably plain ol’ technological evolution. While most of Congress and the FTC has yet to wrap their heads around the basic technologies at stake (honestly: how many members of Congress do you think could adequately describe how the internet works, let alone browser cookies?), industry has already moved on. Cookie technology is nearly 20 years old, and we are now living in the twilight of its useful life. The explosion of mobile technology, social network use and the sophistication of widespread browser, digital analytics and e-commerce tools augur in favor of new methods for measuring and analyzing user behavior.
The most promising of those methodologies rely on passive capture “digital fingerprinting” technology, which identifies the unique combination of your browser configurations, operating system features, font preferences, and dozens of other simple data points to identify a specific user, rather than using a (deletable) browser cookie which lives on a user’s device. While this technology isn’t widespread yet, it’s only a matter of time. It’s easy to imagine such a system being combined with a project like Google’s recently-announced AdID, which they plan to use to replace third party cookies. While Google promotes the system as giving consumers greater control over how they are tracked online, that control is likely to be fairly superficial. It’s pretty plain that such a system would mostly benefit Google, whose control over access to behavioral ad tracking would only increase. Not a surprising development, given that over 90% of Google’s revenue is, well, advertising.
Thus, as the technology advances, Do Not Track becomes less and less of a relevant threat to the online economy and more of a hollow slogan. When online measurement essentially entails only passively recording public, personally broadcasted data points, banning it becomes an arguably unfair infringement on how companies operate internally that would be quite difficult to enforce in many jurisdictions. For that matter, even if we could interpret what an individual consumer’s actual intent was behind a single DNT header, and how that applied to all the diverse parties out there (ex. advertisers, merchants, analytics tools, etc.), would those interests on all sides align? I doubt it.
So is all lost for Do Not Track? No one knows for sure, and of course, the internet is a graveyard of premature conclusions like this one. But without some overwhelming, and heretofore absent, change in regulatory pressure, I suspect it is. As in many industries, legal and regulatory pressure will simply lag too slowly behind technological progress to effectively govern it for the time being. As such, digital channels will substantially begin to resemble traditional ones, in the sense that advertising will evolve around consumer behavior; and as our society grows ever more comfortable with digital engagement as a part of everyday life, the hysteria over privacy will gradually wane. Privacy is important – but until the public better understands what “privacy” actually means in the context of digital life in the 21st century, we’ll be like the city planners a century ago, building hitching post regulations for city streets instead of stoplights.