DoubleClick: What are the ethics and practices of collecting information about Internet users without their knowledge?

Date: April 7, 2013 Published by

1 Introduction

Currently DoubleClick is no longer an independent company. It was acquired by Google in March 2008. The terms of service of DoubleClick has been replaced for the general Google terms of service released on the 27th of July 2012. Therefore, a research of the practises and ethics of collecting information will be undertaken on such Google papers.

Since the implementation of the new European cookie law on the 26th of May 2012 , the private information of Internet users should not be collected without their awareness.  An explanation and analysis of this law will be carried out in this assessment.

An overview of how online advertising works focusing on DoubleClick will be explained in this discussion.

2 Discussion

It is imperative to know how online advertising, specifically how DoubleClick works thus a very brief explanation is given as follows.

There are three major roles in DoubleClick. First of all, advertisers are entities who want to drive more Internet users to a certain website. Advertisers use Google Adwords as a tool to launch marketing campaigns. These campaigns can be targeted by location, language, age, interests, etc. Note that some of the targeting settings require information from Internet users.

After that, publishers are web sites owners who aim to monetize their sites. Google AdSense is an ad provider used by publishers to get ads to be displayed on their sites. Ads can be targeted by type of content selected by the publisher. In addition, once a publisher accepts Google’s terms of service, Adsense is entitled to collect information from Internet users through the ads displayed.

Note that the type of content that publishers want to display in the ads can be match with the interests of Internet users.

Finally, the Internet users who browse publishers’ websites can click on the ads displayed on the website. The ads have been previously selected according some parameters such the current page content, information from Internet users, location, etc.

Every time a Internet user clicks on a publisher ad, the publisher earns an amount of money from advertiser. This amount of money is called CPC cost-per-click.

There are two major practices of collecting information from users.

On the one hand, once a user signs up for a Google account, the terms of service must be accepted. As stated in the Google’s terms of service, the information collected from all their services including DoubleClick is used to provide, maintain, improve, develop and protect Google services and users. This information is also used to offer tailored content such as: search results and ads.  Consequently, behavioural information can be collected legally with their consent. Therefore it is user’s responsibility to understand the usage of their information in Google services.

A poll has been carried out to my Facebook “friends” in order to check whether they are aware of the statement mentioned above.

Figure 1: Facebook poll

A high quantity of negative votes was expected as a result of the poll. Nevertheless and surprisingly, the majority of  the people are aware that their personal information can be used for marketing purposes. This result leads to assume that people trust Google and tailored advertising.

On the other hand, the most common practise to collect information is the use of a technology called cookie. A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is usually a small piece of data sent from a website and stored in a user’s web browser while a user is browsing a website. When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. (“HTTP State Management Mechanism – Overview”.IETF. April 2011.)

Google uses third party cookies and others technologies to collect behavioural information from users who either has a google account or not, this information is used for marketing purposes such as tailored ads. Some of the sensitive information collected is: device-specific information, mobile network, phone number, information from Google apps such as search queries, actual user location(GPS), etc.

Once a publisher decides to get revenue from a website by displaying ads with AdSense. An account is created and the terms of service must be accepted by publishers. The terms of service explains that AdSense may collect information from Internet users by using cookies. However, Internet users are not aware of this agreement between publishers and AdSense.

ICO(Information commissioner’s office) decided to create a law that obligates such publishers websites to ask to Internet users whether they want to use cookies or not in order to improve their site experience. The lay tries to make sure that they are aware that their online behaviour can be used for marketing purposes. It is considered illegal to not ask to Internet users to use cookies or not. Fines up to £500,000 can be charged to websites who does not comply with the law by ICO. Nevertheless, this law has been recently implemented and there is an adoption period where websites who use cookie have to show that they are committed to comply with the cookie regulation and when they are going to be compliant.

An example of this cookie question can be found in the ICO’s site. “

We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we’ll assume you’re OK to continue.“

However there are exceptions in this law and some cookies such as analytics cookies are considered minimally intrusive and essential to a website’s success. Google Analytics use this sort of cookies. Therefore is not considered a severe fault to not ask for cookie usage if the website only uses analytics cookies. However it is recommended to mention that the site uses analytics cookies to track how users browse the site in the terms of service.

Cookies are a helpful technology to help Internet users find what they are looking for. Particularly, I can explain an example of positive use of cookies. I was looking for a flight from Edinburgh to Barcelona and I ran out of time and I had to leave the search for another moment. Two days after I was reading and a SkyScanner’s ad appeared. The content of the banner were flights from Edinburgh to Barcelona with the exact same dates that I typed two days before. I found a cheaper flight than two days ago. The airline was Ryanair.

I consider that there must be a barrier on the level of user privacy data that a publisher can  give to marketing platform. For instance, can a publisher give the name of registered user to DoubleClick and then DoubleClick try to link the name with a google account? Can the location of the Internet users be given to DoubleClick? Can the time spent on a page be used in order to know Internet users interests?

There are lots of fields to be considered as an invasion of privacy or not. The problem is still the same, where should the barrier be settled down? The answer is the PII. The PII (Personal Identifiable Information) is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Narayanan, A.; Shmatikov, V. (2010). The PII must not be given to any marketing platform at all.

However, this is not the end of the world for marketers. Behavioural tracking can be carried out respecting the PII and only collecting information such as: interests, time spent on a site, clicks on, etc. This information could be used by DoubleClick to display the most suitable ad to a specific user.

As stated, analytics cookies are considered minimally intrusive and they apport information about users behaviour on the website. This information could be used in two ways. First one, for analytics purposes and second one, for marketing purposes. At first glance, there are some benefits in using analytics cookies for marketing purposes such as: on the one hand, there is no invasion into the Internets users privacy. On the other hand, there is no need to ask for cookie usage.

Drawbridge has developed an algorithm that allows advertisers to target their audience without any use of PII at all and at the same time to track the same audience across multiple devices. The main idea of this algorithm is based on a statistical method that matches users by their behaviour online. For instance, you own a smartphone or a tablet and you are frequently observed at the same location at the same time, it is reasonable to conclude that this devices belong to the same user. This algorithm has matched people to over 500M devices and it is growing fastly every day without any use of PII at all.

There is another method to collect users information called pixel tag or web bug. A pixel tag collect user information from the advertisers website and with this information, DoubleClick decides which ad is going to be displayed in the next publisher website. This technology uses first party cookies and as a difference, the user information is collected in advertisers website rather than publishers websites.

3 Conclusions

To sum up, the practises of collection information and the current European cookie law  has been discussed in detail and a barrier has been settled down to protects people’s privacy. Hence the current law should take into account that any PII should be used for marketing  purposes and encourage marketing platforms to develop algorithms that respect the PII.