Don’t Track Me, Bro Security & Privacy as a Differentiator
Apr 15, 2017
Don’t Track Me, BroSecurity & Privacy as a Differentiator
Joe ChristopherVP, Analytics @ Blast Analytics & Marketing
• Analytics Consultant for 9+ Years• DAA Certified Web Analyst• Certified Expert: Adobe Analytics & Google
Analytics
Twitter: @joechristopher
Supporting Leaders To
EVOLVETheir Organizations
DON’T TRACK ME, BRO• Increasing desire of users to control their
privacy• Technology behind user privacy• Case Study: Healthcare.gov
I’M UNCOMFORTABLEWITH YOU TRACKING ME, BRO!
Photo by Henry Zbyszynski
ProblemMany consumers unaware of technology to opt out and control privacy
Image from Aaron’s Animal
of Americans believe control over personal information is “very important”
74%
believe they have such control9%
Source: www.pewinternet.org/2015/05/20/americans-views-about-data-collection-and-security/
of consumers are concerned about how their security is impacted by Ad Tracking
41%
Source: Ghostery Extension Install Survey July/Aug 2015 8,518 Responses
LOW PRIORITYUpside is perceived as low so it is low priority
But risk of major damage is high and underestimated
HIGH RISKIncreasing risk with each passing day creates for your organization: Bad PR, Lawsuits, Penalties.
Long-term adverse impacts on Brand Value and User Confidence with massive financial implications.
HOW & WHY ARE YOU TRACKING ME, BRO!?
Photo by Britt Reints
3rd Party Cookies 1st Party Cookies Local Storage IP Address
How Companies Track You?
Test yours at https://panopticlick.eff.org/
How Companies Track You?Browser Fingerprinting
Advertising Tracking: Make $$$ Increase relevancy of ads shown Reach users when most likely to buy
(remarketing) Cost savings over showing ads to all users
Web Analytics Tracking & Personalization: Understand what works well (marketing, UX,
etc) Make websites easier to use and increase value Personalize your experience
Why Companies Track You?
Who you are Name Gender Age Race Address Phone Fingerprint Heart Rate Weight Gait Government ID etc.
What can be tracked?What you did Education Career Criminal Record Press exposure Awards Publications Associations Credit score Loans Divorce Legal etc.
What you like Preferences Settings Avocations Political Party Social Groups Social Likes Entertainment Hobbies News feeds Browser history Brand affinity etc.
What you have Income Home Car Devices Clothing style Jewelry Investments Subscriptions Relationships Habits Proclivities etc.
What you do Keystrokes Gestures Eye tracking Day part Location IP address Social posts Dining out Purchases Commute TV viewing etc.
What do they know about me?
35-44
Male
San Diego, CA
Technology, analytics, books, travel, food
Haircare
35-44
Male
San Diego, CA
Age Range
Gender
Location
What Do They Know About You?
Check Yourself Google Ad Settings:
https://goo.gl/4R1UEr Digital Advertising Alliance:
http://www.aboutads.info/choices/ About the Data (Acxiom):
https://aboutthedata.com
Interest
Categories
& More…
Responsible Marketing
As Marketers, We Need To…
Provide GREAT experiences Assure trust in how we handle data Be transparent in our privacy
policies Give consumers choice & control
But my data will no longer be accurate!
NOOOOOOOOOO!
Your data is NOT 100% accurate – users have been opting out for years and bots have been plaguing your data
Sorry to break the news, but…
Analytics is NOT a precise measurement tool
Focus on the TRENDS
Consumers Controlling Privacy
Browser setting exposed via JavaScript
All Modern Browsers Support DNT
Setting is OFF by default (should be)
April 2015, Microsoft no longer enables DNT as default
What is DNT?
The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions.
-W3C Standards on DNT
“”
Issues with DNT (Technology) No legislation in United States to enforce Most advertisers do not honor DNT
setting
Microsoft issue Good intent but does little
Do Not Track – Enablement %Q: What percentage of desktop users have this turned on?
A: United States: 13%2016 Blast Visitors: 8%
Source: https://dnt-dashboard.mozilla.org/
Do Not Track – Enablement %Q: What percentage of mobile users have this turned on?
A: United States: 4% 2016 Blast Visitors:
18%
Source: https://dnt-dashboard.mozilla.org/
Opt Out Browser setting Expressing a Preference –
Digital Advertising Alliance does not require members to honor setting
Primarily targets 3rd party advertising tracking
DNT Via plugins, browser settings, website
controls Explicitly Opting Out of
Technology(s) and expects honored 100%
Can be granular setting tied to specific technology (e.g. Google Analytics) OR tied to specific Web Site
Targets both 3rd party advertising and web analytics tools
vs
Sites to Opt Out of Tracking
Privacy Badger Ghostery Adblock Plus Browser cookie settings Many more…
Tools to Control Privacy
Options for Consumers to Control Privacy
DAA Opt Out: http://www.aboutads.info/choices/
Google Ad Settings: https://www.google.com/settings/ads
Ghostery Global Opt-Out: https://www.ghostery.com/support/global-opt-out/
Google Analytics Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout
Adobe Analytics Opt-Out: http://www.adobe.com/privacy/opt-out.html
DON’T FORGET WHO USERS ARE…Real People like you and me
Be a responsible marketer…Proactively Increase Customer Access to Privacy Options
THANKS FOR THE TRANSPARENCY AND CONTROL, BRO!
• US Federal Agency
• Administers Medicare, Medicaid, Affordable Care Act, and more
• Healthcare.gov
CASE STUDY
Problem:You’re tracking my private info, bro
Negative PR: Personal Data Sharing (Jan 2015)
Alleged healthcare.gov sending personal health information (PII) to 3rd parties
EFF confirmed data could be sent to 14 third-party domains
Shopping for healthcare should be private…
Source: https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data
Developers unintentionally made a programming change that caused the full URL to include querystring parameters which were
passed to tracking tags
Source: https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data
https://4037109.fls.doubleclick.net/activityi;src=4037109;type=20142003;cat=201420;ord=7917385912018;~oref=https://www.healthcare.gov/see-plans/85601/results/?county=04019&age=40& smoker=1&parent=&pregnant=1&mec=&zip=85601&state=AZ&income=35000& &step=4?
Taking ActionUser Privacy is Paramount
Where do we go from here? Lack of an Existing Roadmap – No other US Federal Agency
had implemented increased privacy options Lack of Existing Regulation in US Next steps: Identify technologies that have the right
capabilities to meet Privacy Objectives
Solution
iQ - Tag Management
+Strategy, Implementation, Management, Training
Beyond Tealium implementation, we strategically led project:• Guided a Privacy Impact Assessment, • Provided stakeholder education to help them understand
current tracking landscape and privacy risks,• Educated on value and need for governance and process
enforcement
Strategic Guidance
Provide high level of security to users
Leverage features to accelerate and accurately provide consumers options to Opt Out
Honor DNT setting Create a friendly
experience Restore confidence
Objective
What features did we use?
Detects if visitor enabled DNT
DNT selection placed in do_not_track data source (utag_data.do_not_track)
Controlled by Load Rules
Load Rule assigned to Tags
Only assigned to Advertising Tags
Do Not Track Extension
Tags placed into categories via drag-n-drop (remembered for same tag types)
Opt-Out Categories Configured: Analytics, Advertising, and Social Media
Privacy Manager Extension
Customized to Site Design and 508 Compliance
Required manual edits to ‘Multi-Opt Out’ template to adjust design and user experience
Implemented translated version for Spanish domain
Privacy Manager Modal
What did we achieve?
Results
User can adjust privacy options via modal to Opt Out of Advertising, Social Media, or Web Analytics tags
DNT is automatically honored to opt user out of ALL Advertising tags
User’s privacy selections honored for 3 years from date of last visit via 1st party cookie
Privacy selections honored across all sub domains
Increased Access to Privacy
Privacy Impact Assessment for each 3rd party tool (TPWA) – Covers why and how each tool is used
New Privacy Policy
3rd Party Tool Assessments
Provides links to 3rd party privacy policies and opt out links
Increased Transparency on 3rd Party Tools
Established Governance (documented and enforced processes) Educated organizational stakeholders on tracking and privacy
(risks/benefits) Trained users on Tealium iQ Setup routine / automated testing Setup tag monitoring to ensure only approved tags are firing
Ongoing ResponsibilityActively honor your commitment to privacy?
Source: https://www.eff.org/deeplinks/2015/10/privacy-victory-healthcaregov-announces-support-do-not-track
Positive Press
Applaud[s] healthcare.gov’s decision to support Do Not Track and give their users strong privacy controls.
-EFF
“ ”
Privacy concerns intensifying and best to get ahead of it now! It is okay to lose some data as won’t impact insights Perform a Privacy Impact Assessment Be a responsible marketer; use Tealium iQ Tag Management Features to
Honor DNT- Do Not Track Extension- Privacy Manager Extension- Privacy Manager Modal
Invest in your commitment to User Privacy via education, governance, and monitoring
Differentiate and protect your brand by proactively embracing user security and privacy
Takeaways
Learn more in tomorrow’s session: Translation Services: Making Sense of the Current Legal Landscape @ 3:10pm Get guidelines for approach to
data governance, privacy policies, and informed technology decisions
Learn about current legal landscape in marketer’s terms
Joe ChristopherVP, Analytics @ Blast Analytics & Marketing
Twitter: @joechristopher Email: [email protected]
Thank You