While Yahoo!, Micrsoft, and AOL have all been engaged in behavioral targeting for some time, Google’s entrance into this controversial domain is quite significant. And, similar to its approach to locational privacy with Latitude, Google has taken some very positive steps to design privacy into this new advertising framework. For example:
- If a user clicks on the “Ads By Google” link which accompanies its banner ads, they will be taken to this page where the behavioral targeting technique is explained, with a link for even more detail.
- On this page, users can see exactly which behavioral categories they have been assigned based on their browsing activity. Users can also add/delete categories to/from their profile.
- A user’s profile is only based on her browsing activity as tracked by a specific cookie. It is not populated by, or linked to, her Google Account or Gmail.
- Google won’t create “sensitive interest categories” like race, religion, sexual orientation, health, or sensitive financial categories, without a user’s opt-in consent.
- Users can also opt-out of the targeting altogether by clicking the “opt-out” button on this page, disabling Google’s tracking cookie with an “id=OPT_OUT” setting.
- Recognizing that users might routinely clear out their browser’s cookies, and as a result removing this “id=OPT_OUT” setting, Google warns users of this possibility, and has taken the steps to build an open-source browser plug-in to allow users to permanently opt-out of the cookie tracking system.
- To help explain all of this, Google has added a YouTube video on its Privacy Channel.
These are all significant — and mostly unprecedented — steps to give users access and control over the data collected about their online activities; just what I have been urging Google to do for quite a while now.
That said, Google can go further to better protect user privacy, and increase transparency, access, and control with regard to the collection of personal information. For example:
- Make participation in behavioral targeting opt-in, not opt out. Currently, every person who comes into contact with a website participating in Google’s targeting program receives the cookie and is integrated into Google’s larger tracking infrastructure. A user must happen to click on the “Ads by Google” link at the bottom of an advertisement to discover she can opt-out.
- Change “Ads by Google” to “Ad Privacy Preferences”. If the goal is transparency, access, and choice, Google should make the link to the ad preferences page more descriptive than “Ads by Google”. In fact, since the entire advertisement is “clickable”, a user has little reason to think clicking on “Ads by Google” would take them anywhere different than the ad itself. If anything, a user would presume that link points to a general page about Google’s advertising solutions. There’s nothing that would trigger a user to think they could opt-out or view their profile by clicking this link.
- Provide more refined controls. While it is impressive to let users see and edit exactly what interest profiles they have been assigned to, Google should take it a step further and provide even finer levels of access to view precisely what websites have been included in my profile data. Not everyone will need to be burdened with such detail — perhaps only those who I call “privacy power users” — but providing the option would be an important enhancement to the privacy controls already designed.
- Expand these tools to all Google properties. I’m impressed by the level of transparency and control Google is providing users in relation to behavioral tracking and targeting. Now, extend these same privacy-enhancing features to other Google products. Let me see what data has been collected about my search history (in Google’s logs, not just what is viewable in the “Web History” interface. Similarly, let me see what clickstream data Google collects from my activities on their properties, if they’ve been logging what books I view in Google Book Search, and so on. And just like the interests in my behavioral profile, provde me the ability to edit, add or remove data from these logs.
- Create a global Google cookie opt-out plugin. Google should enhance the advertising cookie opt-out plug-in to include any and all Google cookies. Rather than relying on third-parties to design and maintain cookie blocking, Google should recognize that releasing such a tool would be a big step in building user trust (and, since I’m guessing that only a small percentage of people would bother to user such a plug-in, Google probably wouldn’t lose much data anyway).
- Commit to never use search history for behavioral targeting. Finally, I call on Google to commit to never use an individual’s search history for behavioral targeting. Search queries necessarily contain personal, sensitive, and private information. It should never be aggregated in an attempt to profile a user and sell advertising.
[Disclosure: I recently attended a Public Interest Consultation and Roundtable discussion at Google, which included a preview of this advertising product and related privacy controls. Google paid for my travel & accommodations.]
If Google can convince people its surveillance is merely a warm and fuzzy way of helping you shop, while ISPs’ surveillance is akin to warrantless wiretapping, that gives Google an enormous advantage in collecting information to sell to advertisers.
UPDATE: Chris Soghoian has expanded Google’s opt-out plugin to include nearly all behavioral advertising networks. Download it here.