Intellectual Property Lawyers | Protecting Media & Entertainment Rights

Award Winning Internet Solicitor Blog

Resource library

In today's rapidly evolving digital landscape, staying informed and increasing knowledge in specialised legal services is crucial for e-commerce and digital technology businesses. At PAIL® Solicitors, we understand the unique challenges faced by start-ups, medium-sized companies, and creative agencies in protecting their intellectual property and navigating legal complexities. By focusing on continuous learning and expertise in these areas, businesses can safeguard their reputation, make informed financial decisions, and seamlessly expand into new markets with confidence.

Our blog is dedicated to providing valuable insights and updates on legal trends affecting e-commerce, social media channels, and digital design industries. With PAIL® Solicitors, you'll gain access to expert advice on mitigating risks, understanding potential legal barriers, and ensuring compliance when hiring international contractors or employees. By staying engaged with our content, your business will be better equipped to handle legal challenges, save time and money, and thrive in the competitive digital marketplace.

Narrow Your Focus

Discover Insights :

Internet behavioural advertising

 

Internet behavioural advertising

In order to understand the controversy regarding privacy and data protection and Internet behavioural advertising, it is necessary to consider the marketing concept and philosophy. At the very core of marketing is customer satisfaction, `the Customer is King`. Please see Kotler, Philip, and Gary Armstrong. Principles of Marketing. 8th ed. Upper Saddle River, NJ: Prentice Hall, 1999. In Contemporary Issues in Marketing and Consumer Behaviour, Elizabeth Parsons and Pauline Maclaran the following excerpt elucidates the importance of data to the core marketing concept:

`The impact that technological developments have had on marketers’ ability to both understand and influence the consumer is perhaps most clear when looking at data driven marketing. Rather than trying to understand consumers’ psychology or sociologically based motivations for purchase, marketers rely here on mathematics to predict the probability of a consumer making a specific purchasing decision. In order to do this, companies collect vast amounts of data on consumer spending histories. As consumers we leave behind a trail of transaction data……………….This information is then shared across a range of organisations including the website you visited, the supplier you purchased from (which may differ from the website owner) and the postal service. In addition, this information may be shared with other web providers, or sold to other companies as part of a data list.`

To give an idea of the scale of the importance of data to marketers, most large corporations have data warehouses. According to (Peacock, 1998), data warehouses can take up to 3 years to build and costs in excess of £5 million. According to (Shaw et al., 2001), the US retailer Wal-Mart has a data warehouse that is larger than the US Internal Revenue Service for collecting taxes.

It other words since technology has made data the primary approach to gaining an informed view about consumers, it is now `data` that is `king`.

It is against this background that the controversy surrounding Internet behavioural advertising has arisen. The pertinent questions are:

a) How much data is being collected about consumers?

b) How is it being used?

c) What is being done to prevent the unlawful sharing or exposure of the data with the public sector (law enforcement, tax authorities etc); criminals and/or the unauthorised disclosure to the wider public?

d) How much control does the individual have over the way their data is subsequently used?

Article 29 working group

The Data Protection Working Party was set up under Article 29 of Directive 95/46/EC, as an independent European advisory body on data protection and privacy.

The remit of the Working Group are set out in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC as follows:

Article 30 Directive 95/46/EC

(30) ….. the processing of personal data must …. be carried out with the consent of the data subject…………..;

Article 15 Directive 2002/58/EC

(15) ………….Traffic data may, inter alia, consist of data …the location of the terminal equipment of the sender or recipient…..

In other words, the main activity of the Group is to uphold the rights and interests of citizens with respect to their privacy and the protection of their data, primarily against corporate or public sector interests, which, in certain circumstances, may not be acting in the interests of citizens.

It is worth noting that in online behavioural advertising private sector & public sector lines are often blurred.

Internet behavioural advertising – What is Profiling?

Essentially, the data collected about an individual’s online activity is used to `predict the probability of a consumer making a specific purchasing decision` (c.f. Contemporary Issues in Marketing and Consumer Behaviour, Elizabeth Parsons and Pauline Maclaran). Profiling is the method by which marketers try to identify an individual’s attitudes and motivations in order to sell them products that the individual will want to associate with. According to www.ecommerce-dictionary.com/p.html: ` Profiling is the building of a profile on consumers interests by monitoring and analyzing the Web pages, types of content, and paths users take while visiting one or more Web sites.` As a result profiling is a key marketing tool in online behavioural advertising.

Opt-in & Opt- out – Internet behavioural advertising

The individual’s safeguard regarding data processing, is that they must give their `prior consent` to the processing of their data. There are 2 ways for the website to obtain that `prior consent` from the individual, either by an opt-out or an opt-in policy. However, there is still some flexibility in the activity receiving `prior consent.`

1) If a consumer does not give `prior consent` to behavioural advertising, does the website continue to collect data on their browsing habits? In other words, does collection and tracking continue even though there are no adverts served to that consumer?

2) Does the website offer consumers the choice of opting out of tracking and data collection?

Advertisers pay to find out whether their ads have been shown, so data is collected to be able to report to advertisers that the ad has been shown. Advertisers and advertising networks are therefore strong advocates of targeted and/or behavioural adverts.

Generally websites based in the US, UK and prior to Directive 2009/136/EC (the `latest Directive`) in the EU use the opt-out policy to comply with `prior consent`.

What are the safeguards that websites currently have in place to ensure compliance with privacy and data protection regulations including `prior consent`?

1. Transparency: reputable websites state, or should state, what exactly the consumer is opting out of.

2. Activity: websites should state whether the opt-out is in respect of the use and the collection of data or both.

3. Clarity: the individual’s choice, of opting-out or opting-in of data collection and use, should be clearly provided and easy to find.

4. Anonymisation: most reputable websites anonymise collected data within 90 days of collection. All log systems, including informing advertising are included.

In order not to overstate the threat level to privacy and data protection, it is worth noting that Websites by themselves may not pose a threat to privacy and civil liberties. When a user goes to Google for example, the only information that is recorded is the user’s IP address (which is assigned to that user by their ISP) and a standard cookie, containing a log line that records the user’s IP address. Now whether a cookie or an IP address per se, can identify an individual is uncertain. There could be several users of the same device and the use of proxy servers and other software can obscure the actual IP address of a user. In a typical opt-out scenario, when a user clicks on opt-out, what it does is that instead of getting a unique cookie, which is a series of numbers and letters, what the user receives is the opt-out cookie. What this means is that the user gets a cookie that has in it literally `opt-out`, so the data collected by that cookie goes in a huge pool of all users who have the same opt-out cookie. That data is apparently deleted.

Internet behavioural advertising networks

Generally, websites and blogs do not manage their website ad space themselves. They contract this out to advertising networks who match thousands of website ad space to advertisers. These advertising networks routinely use cookies to profile users browsing activity and history. If a user visits a website about fly-fishing, that user may be on a news website 3 weeks later and be served with an advertisement about fly-fishing on the news website. This is because the cookie on the user’s device was recognised by the servers of the advertising network.

It is this proliferation of the collection and use of personal data harnessed from the Internet that is causing the controversy. There is a concern that this much personal data in the control of corporations is a matter of public concern. Not just because it might be open to abuse by the websites and advertising networks, but also, if it is lost or stolen, could fall into the hands of criminals. It could also be misused by law enforcement who may be able to unlawfully obtain information from website owners.

A good example of how online data processing can be damaging is the AOL case. In 2006, 20 million web queries from 658,000 customer accounts were made public by American Online. Banking records, phone numbers, credit card numbers, social security numbers were all released (c.f. http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ ).

Internet behavioural advertising Opt-In

The Privacy and Electronic Communications Regulations (EC Directive) Regulations 2003 (Regulations), implemented Directive 2002/58/EC, the Privacy and Electronic Communications Directive (Directive). In 2009, the Directive was amended by the latest Directive, requiring consent for the use of cookies. In the view of the Article 29 Working Group an opt-out policy to satisfy `prior consent` does not meet the requirements of the latest Directive. A cookie is set before a user accesses the website, therefore, the user is unable to consent to the use of the cookie before the cookie has already been placed on the hard drive of their device.

Internet behavioural advertising – Conclusion

There are several good reasons why websites collect data, including preventing the illegitimate use of the website. However given the general lack of consumer knowledge about the data collection and use and the potential threat to civil liberties, there is no doubt that opt-in consent is the meaningful choice for consumers. A consumer should be given the right to make an informed conscious decision whether or not to consent to the processing of their data. This may not be so agreeable for the marketers. According to Marketing Week, the UK will take an opt-out approach to `prior consent` and behavioural advertising (http://www.marketingweek.co.uk/govt-says-uk-will-take-opt-out-approach-to-behavioural-ads/3025577.article).

Online Libel 

 
E-commerce Legal ServicesPeter AdediranPail Solicitorsconditions, contracts, cookies, data, lawyers, Peter Adediran, policy, privacy, protection, terms, website, Website Lawyers