What Advertisers Know About You: Online Privacy and Personally Identifiable Information
Leaks of NSA surveillance programs have instilled fear and (legitimate) privacy concerns among Internet users, resulting in reports of people reducing their online activity. While PRISM may be the catalyst for all users to take Internet privacy more seriously, we wanted to clear up any misconceptions about data use and consumer privacy in online advertising, targeting, and retargeting.
Heres the data online advertisers have, and how they use it:
Online advertisers and publishers rely on cookies to understand browsing behaviors. A cookie is a small text file that stores anonymous data about browsing behaviors, such as whether or not a user has visited a certain site.
If you are an online retailer (lets say Amazon), you want to know what Im viewing and how Im browsing the web in order to improve my experience. My browsing information, which has been stored in a cookie, enables Amazon to show me products and product categories I might be interested in, essentially allowing for a shopping experience targeted to my likes and dislikes.
First Party vs. Third-party Cookies
A third-party cookie is any cookie that isnt from the website youre actually visiting. For example, if NYTimes.com utilizes retargeting via a third party (lets say its ReTargeter), the ReTargeter cookie placed on NYTimes.com site visitors is a third-party cookie.
When I visit NYTimes.com and NYTimes.com places a cookie to gather data on my browsing behavior, thats a first-party cookie.
Segments: How Cookies are Used
As sites (like Amazon) continue to collect data on user browsing behaviors via cookies, all of those users can be placed into groups based on their interests, also called segments. Segments are anonymous and aggregated across thousands of users.
How it works: I go to Amazon.com and I regularly shop for womens shoes. Amazon is not interested in who I am as an individual, theyre interested in the fact that I am more interested in womens shoes than other products. All Amazon.com visitors with browsing behavior that demonstrates that they like womens shoes are placed in a womens shoes audience segment, and Amazon can then tailor their messaging and advertising to the interests of that segment.
The placement of cookies (first and third-party) collect non-personally identifiable information to better understand the browsing behaviors of all users in order to make online ad experiences more relevant and engaging.
How Advertisers Use Non-Personally Identifiable Information (Non-PII)
Advertisers want to serve you the ads that are best suited to your likes and dislikes. Targeted ads that match your taste preferences improve your experience as a consumer — who wants to see ads for products completely unrelated to their tastes? Through the collection of non-PII, advertisers have access to the information they need to segment their ads, increasing the relevancy of products and messages being shown.
Non-Personally Identifiable Information
Non-personally identifiable information includes all data that does not directly reveal an individuals identity. The Network Advertising Initiative defines non-Personally Identifiable Information as the following:
Non-Personally Identifiable Information (Non-PII) is information that is not, on its own, used to identify, contact, or precisely locate a particular individual. Used for Interest-Based Advertising by NAI member companies, this data consists primarily of click-stream information (sites you have visited or links you have clicked) that is tied to a randomly generated anonymous identifier.
Examples of Non-PII:
- Browser type
- Browser plug-in details
- Local time zone
- Date and time of each visitor request (i.e. arrival, exit on each web page)
- Language preference
- Referring site
- Device type (i.e. desktop, laptop, or smartphone)
- Screen size, screen color depth, and system fonts
When your online browsing behaviors informs which segments you are a good fit for, you will begin to see ads for items and services you might actually be interested in. This may seem more of a benefit for the advertiser than for you, but consider how exciting it is to see that your favorite online retailer is having an exclusive 30% off sale? Or that as a reward for your loyalty, theyre giving you a second item free? Lets use the NYTimes.com example, again. Thanks to my browsing behavior as a regular reader of the Travel section, I am now in a segment of online users interested in travel, and that means I get ads for flight and hotel deals! Similarly, my coworker is a sports enthusiast, and is regularly thrilled to see ads for custom jerseys and other sports paraphernalia.
As a consumer, the perks of targeted advertising are that you see ads tailored to what you like and are actually interested in. You discover things you wanted, and you get promotions that are designed just for you. Targeted advertising is done without posing a threat to your online privacy, as this all occurs without ever capturing any identifying information.
Personally Identifiable Information: What You Should Know
When we talk about concerns for online privacy, it is the personally identifiable information that exists online that can put a user at risk. Heres how the U.S. General Services Administration defines Personally Identifiable Information (PII):
Personally Identifiable Information is information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined. In OMB M-06-19 (July 12, 2006), “the term Personally Identifiable Information means any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individuals identity, such as their name, social security number, date and place of birth, mothers maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual.”
Examples of PII:
- Social Security Number
- Date and Place of Birth
- Health Records
- Financial Information
In short, PII is any data that identifies and/or can be linked to YOU. This is NOT what advertisers are interested in and in fact, are legally restrained from even using unless specifically authorized by the individual. Increased ad relevancy based on non-PII may be responsible for the misconception regarding digital privacy. A TrustE survey conducted in 2011 found that 32% of users surveyed claim that more than one in four online advertisements are relevant to their wants and needs, compared to 12% in 2008. Advancements in ad technologies, not the collection of PII, is responsible for an improved ad experience.