On Privacy, Publishers Prefer the Sideline

That lasted until it didn’t. The threat of Do Not Track legislation spurred the industry into action on the self-regulation front in order to head off government rules. The problems of protecting consumer privacy in the modern digital world is fiendishly complex. You can forgive many publishers for believing this is an issue that shouldn’t even involve them very much.

“The biggest issue for most publishers is aggressive third-party ad networks who collect data about a publisher’s readers without the publisher knowing,” said BuzzFeed CEO Jonah Peretti.

“I think the battle ground of privacy isn’t happening around content properties,” added Troy Young, president of Say Media. “It’s way more to do with Facebook in particular. There’s user-experience issues that pertain to privacy; when you customize experience based on someone’s social graph, it needs to be explained to users.”

This is as content publishers would prefer it: out of the spotlight. And yet it is publishers that find themselves potentially in the crosshairs as privacy advocates and some regulators work to rein in what they see as the industry’s overreach in its pursuit of consumer data collection and processing. After all, the ad-tech world referenced by Peretti collects its data by working with publishers. Facebook even relies on publishers to put like buttons all over their sites. The new European Union “cookie directive” holds publishers directly responsible for data collected on their sites by third parties. It’s fair to wonder whether publishers are taking the issue seriously enough since the threat of Do Not Track has faded in the U.S.

“I think publishers are interested in privacy issues,” said Mike Zaneis, svp of public policy and general counsel for the IAB. “What we’ve set up in the U.S. is a self-regulatory regime where the parties are then collecting and using the data have the burden of transparency and choice, and since most publishers are using first-party data, the interest is relatively low.”

That doesn’t absolve publishers of obligations. They can no longer assume an ostrich pose when the issue of privacy arises, at least when it comes to the EU. U.S. sites are required to follow EU laws for visitors there. That means, according to the new U.K. law due to go into effect next month, publishers will need to notify users about third parties that use their sites to collect data. In many cases, publishers aren’t even aware of all the third parties that are using their sites to get consumer data.

“It’s hard for them to comply,” Zaneis said. “It’s hard for a publisher to tell users every third party that’s using data. It’s better for third parties to tell how they’re using data.”

The issue still remains of what publishers do with data. All of the publishers interviewed for this article mentioned how the data they receive informs editorial decisions and, when it is used for advertising, are kept in-house. There are publishers that use the data to find users elsewhere around the Web or anonymize it for sale via data exchanges.

“As long as you use data for your business, it’s fair trade,” Rich Antoniello, CEO of Complex Media. “Anything beyond that is creepy. If they come to my site and click on an ad and go to that advertiser site, it’s their choice. I’m not selling that data, but it would be the user’s choice to click.”

According to Evans Anyanwu, an Internet and privacy lawyer, publishers are engaging in a lot of semantic double talk. The way he sees it, in this market, there’s no way a publisher that has a rich source of data is not going to sell it to a third party.

“They’ll build different user profiles based on how long you stay on a site, how long you click, and most time what sites you visit after you leave the site,” he said. “I don’t think they care what information leaks out from a third party. For the most part, it’s not specific data. They’re just giving advertiser user data and profile of a number.”

And this is the crux of the problem: how can publishers address — or be beholden to — what third parties are doing with the data.  The Internet, for better or worse, is so fragmented that it needs a raft of intermediaries in order to target and fulfill ad campaigns. Zaneis says that third-party data has to have heightened transparency and publishers need to have better ways of educating users about the data that’s being left behind.

“Every publisher should be thinking about the privacy issue, from a user and legal perspective,” Zaneis said. “It’s easy to change a link and uphold the relevant privacy provisions — data use and marketing use — out of your privacy policy. It was probably written by lawyer, and the description [of] how they’re using data should be written by someone who speaks to users effectively.” In other words, publishers should make it easy for people to know what’s happening behind the scenes.

Publishers, he said, are not putting their heads in the sand. It’s that privacy advocates are looking for a simple way to restrict data flow and that the simplest way, as an outsider, is to say the publisher should have the burdens.

“It’s an unsophisticated viewpoint and strategy and largely carried the day in Europe years ago,” he said. “We have a more educated and insightful process in the U.S.; we found the right place to put transparency and burdens on third parties.”