DV 2016: Don't Track Me, Bro - Security and Privacy as a Differentiator

Don’t Track Me, BroSecurity & Privacy as a Differentiator

Joe ChristopherVP, Analytics @ Blast Analytics & Marketing

• Analytics Consultant for 9+ Years• DAA Certified Web Analyst• Certified Expert: Adobe Analytics & Google

Analytics

Twitter: @joechristopher

Supporting Leaders To

EVOLVETheir Organizations

DON’T TRACK ME, BRO• Increasing desire of users to control their

privacy• Technology behind user privacy• Case Study: Healthcare.gov

I’M UNCOMFORTABLEWITH YOU TRACKING ME, BRO!

Photo by Henry Zbyszynski

ProblemMany consumers unaware of technology to opt out and control privacy

Image from Aaron’s Animal

of Americans believe control over personal information is “very important”

74%

believe they have such control9%

Source: www.pewinternet.org/2015/05/20/americans-views-about-data-collection-and-security/

of consumers are concerned about how their security is impacted by Ad Tracking

41%

Source: Ghostery Extension Install Survey July/Aug 2015 8,518 Responses

LOW PRIORITYUpside is perceived as low so it is low priority

But risk of major damage is high and underestimated

HIGH RISKIncreasing risk with each passing day creates for your organization: Bad PR, Lawsuits, Penalties.

Long-term adverse impacts on Brand Value and User Confidence with massive financial implications.

HOW & WHY ARE YOU TRACKING ME, BRO!?

Photo by Britt Reints

3rd Party Cookies 1st Party Cookies Local Storage IP Address

How Companies Track You?

Test yours at https://panopticlick.eff.org/

How Companies Track You?Browser Fingerprinting

Advertising Tracking: Make $$$ Increase relevancy of ads shown Reach users when most likely to buy

(remarketing) Cost savings over showing ads to all users

Web Analytics Tracking & Personalization: Understand what works well (marketing, UX,

etc) Make websites easier to use and increase value Personalize your experience

Why Companies Track You?

Who you are Name Gender Age Race Address Phone Fingerprint Heart Rate Weight Gait Government ID etc.

What can be tracked?What you did Education Career Criminal Record Press exposure Awards Publications Associations Credit score Loans Divorce Legal etc.

What you like Preferences Settings Avocations Political Party Social Groups Social Likes Entertainment Hobbies News feeds Browser history Brand affinity etc.

What you have Income Home Car Devices Clothing style Jewelry Investments Subscriptions Relationships Habits Proclivities etc.

What you do Keystrokes Gestures Eye tracking Day part Location IP address Social posts Dining out Purchases Commute TV viewing etc.

What do they know about me?

35-44

Male

San Diego, CA

Technology, analytics, books, travel, food

Haircare

35-44

Male

San Diego, CA

Age Range

Gender

Location

What Do They Know About You?

Check Yourself Google Ad Settings:

https://goo.gl/4R1UEr Digital Advertising Alliance:

http://www.aboutads.info/choices/ About the Data (Acxiom):

https://aboutthedata.com

Interest

Categories

& More…

Responsible Marketing

As Marketers, We Need To…

Provide GREAT experiences Assure trust in how we handle data Be transparent in our privacy

policies Give consumers choice & control

But my data will no longer be accurate!

NOOOOOOOOOO!

Your data is NOT 100% accurate – users have been opting out for years and bots have been plaguing your data

Sorry to break the news, but…

Analytics is NOT a precise measurement tool

Focus on the TRENDS

Consumers Controlling Privacy

Browser setting exposed via JavaScript

All Modern Browsers Support DNT

Setting is OFF by default (should be)

April 2015, Microsoft no longer enables DNT as default

What is DNT?

The signal sent MUST reflect the user’s preference, not the choice of some vendor, institution, site or network-imposed mechanism outside the user’s control; this applies equally to both the general preference and exceptions.

-W3C Standards on DNT

“”

Issues with DNT (Technology) No legislation in United States to enforce Most advertisers do not honor DNT

setting

Microsoft issue Good intent but does little

Do Not Track – Enablement %Q: What percentage of desktop users have this turned on?

A: United States: 13%2016 Blast Visitors: 8%

Source: https://dnt-dashboard.mozilla.org/

Do Not Track – Enablement %Q: What percentage of mobile users have this turned on?

A: United States: 4% 2016 Blast Visitors:

18%

Source: https://dnt-dashboard.mozilla.org/

Opt Out Browser setting Expressing a Preference –

Digital Advertising Alliance does not require members to honor setting

Primarily targets 3rd party advertising tracking

DNT Via plugins, browser settings, website

controls Explicitly Opting Out of

Technology(s) and expects honored 100%

Can be granular setting tied to specific technology (e.g. Google Analytics) OR tied to specific Web Site

Targets both 3rd party advertising and web analytics tools

vs

Sites to Opt Out of Tracking

Privacy Badger Ghostery Adblock Plus Browser cookie settings Many more…

Tools to Control Privacy

Options for Consumers to Control Privacy

DAA Opt Out: http://www.aboutads.info/choices/

Google Ad Settings: https://www.google.com/settings/ads

Ghostery Global Opt-Out: https://www.ghostery.com/support/global-opt-out/

Google Analytics Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout

Adobe Analytics Opt-Out: http://www.adobe.com/privacy/opt-out.html

DON’T FORGET WHO USERS ARE…Real People like you and me

Be a responsible marketer…Proactively Increase Customer Access to Privacy Options

THANKS FOR THE TRANSPARENCY AND CONTROL, BRO!

• US Federal Agency

• Administers Medicare, Medicaid, Affordable Care Act, and more

• Healthcare.gov

CASE STUDY

Problem:You’re tracking my private info, bro

Negative PR: Personal Data Sharing (Jan 2015)

Alleged healthcare.gov sending personal health information (PII) to 3rd parties

EFF confirmed data could be sent to 14 third-party domains

Shopping for healthcare should be private…

Source: https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data

Developers unintentionally made a programming change that caused the full URL to include querystring parameters which were

passed to tracking tags

Source: https://www.eff.org/deeplinks/2015/01/healthcare.gov-sends-personal-data

https://4037109.fls.doubleclick.net/activityi;src=4037109;type=20142003;cat=201420;ord=7917385912018;~oref=https://www.healthcare.gov/see-plans/85601/results/?county=04019&age=40& smoker=1&parent=&pregnant=1&mec=&zip=85601&state=AZ&income=35000& &step=4?

Taking ActionUser Privacy is Paramount

Where do we go from here? Lack of an Existing Roadmap – No other US Federal Agency

had implemented increased privacy options Lack of Existing Regulation in US Next steps: Identify technologies that have the right

capabilities to meet Privacy Objectives

Solution

iQ - Tag Management

+Strategy, Implementation, Management, Training

Beyond Tealium implementation, we strategically led project:• Guided a Privacy Impact Assessment, • Provided stakeholder education to help them understand

current tracking landscape and privacy risks,• Educated on value and need for governance and process

enforcement

Strategic Guidance

Provide high level of security to users

Leverage features to accelerate and accurately provide consumers options to Opt Out

Honor DNT setting Create a friendly

experience Restore confidence

Objective

What features did we use?

Detects if visitor enabled DNT

DNT selection placed in do_not_track data source (utag_data.do_not_track)

Controlled by Load Rules

Load Rule assigned to Tags

Only assigned to Advertising Tags

Do Not Track Extension

Tags placed into categories via drag-n-drop (remembered for same tag types)

Opt-Out Categories Configured: Analytics, Advertising, and Social Media

Privacy Manager Extension

Customized to Site Design and 508 Compliance

Required manual edits to ‘Multi-Opt Out’ template to adjust design and user experience

Implemented translated version for Spanish domain

Privacy Manager Modal

What did we achieve?

Results

User can adjust privacy options via modal to Opt Out of Advertising, Social Media, or Web Analytics tags

DNT is automatically honored to opt user out of ALL Advertising tags

User’s privacy selections honored for 3 years from date of last visit via 1st party cookie

Privacy selections honored across all sub domains

Increased Access to Privacy

Privacy Impact Assessment for each 3rd party tool (TPWA) – Covers why and how each tool is used

New Privacy Policy

3rd Party Tool Assessments

Provides links to 3rd party privacy policies and opt out links

Increased Transparency on 3rd Party Tools

Established Governance (documented and enforced processes) Educated organizational stakeholders on tracking and privacy

(risks/benefits) Trained users on Tealium iQ Setup routine / automated testing Setup tag monitoring to ensure only approved tags are firing

Ongoing ResponsibilityActively honor your commitment to privacy?

Source: https://www.eff.org/deeplinks/2015/10/privacy-victory-healthcaregov-announces-support-do-not-track

Positive Press

Applaud[s] healthcare.gov’s decision to support Do Not Track and give their users strong privacy controls.

-EFF

“ ”

Privacy concerns intensifying and best to get ahead of it now! It is okay to lose some data as won’t impact insights Perform a Privacy Impact Assessment Be a responsible marketer; use Tealium iQ Tag Management Features to

Honor DNT- Do Not Track Extension- Privacy Manager Extension- Privacy Manager Modal

Invest in your commitment to User Privacy via education, governance, and monitoring

Differentiate and protect your brand by proactively embracing user security and privacy

Takeaways

THANKS FOR NOT TRACKING ME, BRO

Photo by Wade M.

Learn more in tomorrow’s session: Translation Services: Making Sense of the Current Legal Landscape @ 3:10pm Get guidelines for approach to

data governance, privacy policies, and informed technology decisions

Learn about current legal landscape in marketer’s terms

Joe ChristopherVP, Analytics @ Blast Analytics & Marketing

Twitter: @joechristopher Email: [email protected]

Thank You