What Do The New Communication Privacy Rules Mean To You?

A lot is being made about the recent moves to unwind the FCC privacy rules, which made it difficult for Internet Service Providers (ISPs) to share consumer web and app behavior data without permission.

Data collection and sharing comes down to Notice & Choice.  Was the consumer aware that you were collecting data, did they know how you intend to use that data at the time the data was collected, and do they currently have the option to Opt Out of the collection and subsequent use of that data at any time.

The rules around notice and choice vary from channel to channel and region to region.  If you have ever asked yourself why many European websites have begun posting obnoxiously prominent privacy notices (in some cases requiring you to actually accept the privacy policy before continuing), now you know.

As I mentioned, how this is managed varies from channel to channel, in large part because the technology from channel to channel varies.  In a web browser, a specific no-follow cookie is (somewhat ironically) use to indicate to a web browser that the consumer doesn’t want to be tracked by cookies, or other means.  If the consumer deletes that no-follow cookie, then a website assumes it is alright to follow and track that consumer.

But cookies don’t work in every channel. Addressable TV doesn’t accept cookies.  Most mobile webs don’t either.  Given the many to many relationship between the numerous potential online and offline channels, the countless signals that can be pulled from a consumer device (cookie ID, latitude/longitude, mobile ID a.k.a. MAID, cookie, IP address, device type, etc.), and the different ways in which a consumer can opt out (DMA, IAB, no-follow cookies, etc.) – the challenges of properly managing consumer opt-outs is arduous.

Understandably there was concern when it was announced that there might be changes in the policy which governs how ISPs collect and share your viewing and browsing behavior. Questions like:  what data would be collected and shared?  how would consumers be notified of this data collection (through a pop up screen?  in the terms and conditions of their contract?)   and how could they opt out ?

Unlike other “walled gardens” such as Google and Facebook, who each maintain massive databases on digital consumer behavior, ISPs are unique in that they see all of the Internet activity for their customers.   They are the “last mile” ending at the home, so in the case of wifi they see all activity coming from a specific modem or mobile device, and are able to tie that to the identity of the person paying the internet bill.   Google and Facebook only see that activity for registered users which occurs within their own sites, or sites which use their targeting and analytics services.

At this point it is unknown what the specific changes will be, but it’s certain that they will  impact both consumers and marketers alike.

Marketers need to closely monitor how data is collected not only internally but also by their marketing partners (including media publishers) to ensure that it is done so compliantly.