Home > Papers > DoubleClick
Introduction | Online Preference Marketing | PII and Non-PII | The NAI Principles | Conclusion | Bibliography
Personalization vs. Privacy - The DoubleClick / Abacus Direct Merger
The NAI Principles: Opt-In and Opt-Out
Many users feel that having their names associated with detailed online and offline behaviour profiles is a violation of their privacy, and were glad to see the Federal Trade Commission (FTC) voice concern over DoubleClick's plans to merge PII and non-PII.
The FTC uses a set of information practice principles to evaluate online privacy issues [FTC00]: Firstly, users must be notified of profiling activities on web sites and be given the opportunity to decide whether they want to participate in those activities. Secondly, web sites must provide users with reasonable access to their individual data, and make reasonable efforts to protect that data from loss, misuse, alteration, destruction, or improper access. Consequently, the leading advertising agencies formed the Network Advertising Initiative (NAI) in 1999 with the goal to preempt government regulation of the online advertising market by defining a set of self-regulatory principles. In July 2000, they released a policy governing the use of consumer data for OPM. This document [NAI00] specifies that:
These rules employ two different models for getting a user's decision on allowing data collection: In the opt-in model, the user has to give the agency explicit permission to use his data - if he does not opt-in, the agency is not allowed to use the data. The opt-out model works the other way round: The agency may use the data as long as the user does not explicitly forbid it.
As a consequence of the NAI principles, DoubleClick cannot simply merge its database of online non-PII with Abacus' database of offline PII - it is only allowed to merge the profiles of users who explicitly opt-in. Additionally, DoubleClick provides users the opportunity to opt-out on its web site. This feature is achieved by simply storing a cookie with the value OPT_OUT instead of a unique identifier on the user's computer [DC00d].
|© 2000 Matthias Book|