Alex Steer

973 words | ~5 min

In the first of these posts we covered mounting concern about behavioural tracking and targeting by digital marketers, and traced some of the history of the 'data panic' that people are experiencing now - the sense that their data is at large, at risk, and for sale. Now it's time to take the temperature of data panic today, see where it might lead, and what marketers need to do.

Short-term vs long-term risks

As I said in the previous post, the current state of data panic is an odd mix of the well-informed and the ill-informed. Let's try to tease out those two strands in order to see what might change, and what might stick, in the current mindset around tracking and targeting. I should say up-front, this requires a bit of honesty.

After all, a lot of the things people are worried about, well... they are a bit true, aren't they? The technology, media and advertising industries have carried on quite happily over the past few years collecting data about their customers' online behaviours, without much scrutiny, and without much sign of wanting to take the conversation public. And that's a problem, because when it does come to light and people get concerned about it, nothing says 'you got me' like an awkward silence.

It doesn't help that the technology and the mathematics involved in targeting are so opaque and often rather hard to explain. As soon as you get into a discussion about cookies or sessions or clustering or segmentation or regression analysis, you're in a sort of voodoo country of the mind that calls up the ghosts of high-speed algorithmic trading and  Long-Term Capital Management and whatever the hell they were doing at Enron. Terrifying, confusing, the-machines-are-taking-over stuff.

Obviously there's a lot of misreporting here, as well as more well-founded concern. I think it's likely that, if privacy stays on the public agenda, it will lose some of its ability to shock.  Specifically, I think it will split out again into two separate discussions: about the merits of tracking and targeting, and about security of personal data. The second of these will remain high-stakes: when data has the power to expose or embarrass us, it matters. Tracking and targeting will probably become more transactional, though, as consumers either accept it as it is, in exchange for increased relevance and free services, or seek to gear the system more in their favour, for example by warehousing their behavioural data and selling it to advertisers. (Though I tend to buy Doc Searls's argument, that the benefits of giving data away are greater than the sale value.) Finally, while I think concerns about 'filter bubble' effects are legitimate, I don't think they're mainstream enough yet to drive the agenda.

Even if the privacy discussion matures, though, it hasn't yet. Let's not kid ourselves: there is public concern about targeting, and there is legislative pressure in the markets where the use of targeting is most advanced.

Why you can't just ride this one out

It's easy for industry insiders to succumb to a kind of disaster myopia around changes to privacy legislation. We tend to see data collection as not only so valuable, but so undeniably useful and beneficial, that we forget what a shock it is to users who barely know what a cookie is, let alone the extent to which their behaviours are being recorded and trafficked between servers for a profit. It's also easy for us to forget that the instincts of policymakers are likely to resemble those of the voting public, rather than those of digital marketers.

So let's assume that, a few months down the line, the US and EU require users to opt in before third-party cookies can be set on their machines. At the moment, when asked 'Do you mind if marketers track your behaviour?', the answer's hardly likely to be yes. If marketers want to avoid losing all their tracking data overnight, there are a couple of things they should be doing now.

The first is to get their data back under their own control. A lot of behavioural tracking is done on behalf of marketers by third parties who install their tracking technology (typically script tags) on marketers' websites. So data collected on domain1.com (marketer's website) is trafficked over to servers owned by domain2.com (tracking provider), and possibly beyond. That makes it hard for marketers to keep track of where they are sending their customers' data, and leaves them open to charges of negligence, not to mention security risks. Since third-party cookies are likely to be hit hardest by new legislation, marketers need to take more responsibility for data management.

The second priority is more basic. Marketers need to start being honest about data - and to take privacy seriously. The case for data collection has to be made by marketers, not just technologists, and it has to be put - genuinely - in terms of benefit to users, not just value to businesses and advertisers. We need to show that a better understanding of people's real behaviours isn't just used to serve up ads like cards from a deck - but to design better products and services, and give your users more relevant information.

We haven't been good at this, and we need to get good at it, fast. Otherwise we'll quickly find ourselves left behind.