To hear it from the Federal Trade Commission, an online data collector is an awful lot like a Hollywood paparazzo.
Companies that track and collect online consumer data can act like “invisible cyberazzi,” said FTC chairman Jon Leibowitz during a speech at the National Press Club in October. The chairman, while noting that he doesn’t want to “pull a Sean Penn” and get rid of behavorial targeting, said, however, that these companies, hidden in shadow, trail people on the Web, nabbing personal information and snapshots of activity that they then share with marketing firms.
There’s another way in which this exchange of consumer data is like the trafficking of celebrity snaps: It’s a big business. Each year, companies in the U.S. spend more than $2 billion on third-party consumer data, according to Forrester Research. Add in the money spent on credit data, market research and other kinds of derived information, the research firm says, and you’re looking at a multibillion dollar industry. In fact, the volume of digital data created by consumers is growing at such a fast clip that the World Economic Forum and other futurists have called personal data the “new oil.”
Many consumers have begun to find this surreptitious cookie- and beacon-enabled tracking (“discovered” when they see ads and content that match their activities) disconcerting at best. Indeed, in the past few years, companies that rely on Internet tracking, including tech giants such as Google and Facebook, have come under fire for collecting, using and sharing consumer information in ways critics say are not only stealthy, but also erode privacy. (The business is self-regulated, with much-hyped guidelines making slow progress in Congress.) And as mobile technology gains adoption and the demand for location data grows, concerns about under-the-radar data trackers that can follow digital footprints in real time loom even larger.
Research does show that consumers are uncomfortable sharing sensitive personal information, such as location data. According to a spring/summer 2011 study from Internet privacy company TRUSTe, for example, 46 percent of consumers said they “definitely would not consent” to sharing their current location with advertisers. Another 20 percent said they would “probably not” consent to sharing that information.
In response, a growing number of companies, including Personal, Azigo and Experian, now aim to give consumers a degree of control over their data. Through so-called “data lockers” or similar kinds of online destinations—places, in essence, where selected streams of information can be deposited and managed—they offer tools that help consumers decide how much data they want to share, with whom and for what purpose. Describing it as a win-win situation, these companies say that in exchange for sharing data, consumers can receive deals and, in some cases, cash, while marketers can reach consumers on their terms, gaining the insights that will make their offers even more relevant and effective.
“The market is set up for a pretty big shift. People have to understand how [data tracking] works and have some control over it or else it’s going to become way too spooky and invasive,” says Personal CEO Shane Green. “We believe that the more people have that ability to aggregate their data and set permissions on who gets it, the more they’ll be willing to share data with companies, advertisers and marketers who can actually deliver real value for them.”
Launched in open beta in November with more than $7 million in funding from AOL co-founder Steve Case and other investors, Personal, using category-specific data “gems,” can store information, from insurance policy numbers to favorite recipes to pet-sitting directions. Other “gems” could store electronics purchases or websites a person has visited. For now, people can use the site as a quick reference or to share “gems” with others. It’s also intended to aid in the filling out of forms.
In the second quarter of this year, however, Personal says it will offer consumers, on a limited pilot basis, the option to be matched up with marketers. A consumer ready to buy a hybrid car, for example, would indicate her intention on the site, and participating marketers would compete for her business by paying for her time and engagement. Maybe it’s $10 for watching a video or multiples of that for heading to a local dealership for a test drive. The consumer gets payment as long as she transacts with one of the companies courting her on Personal. Whenever a Personal user makes money, the company gets 10 percent of what the marketer pays the user. The marketer, says Green, only learns the full identity of the individual should they choose to share it.
Boston-area startup Azigo, which plans to launch in public beta next month, will have people choose the companies they want to interact with by redirecting email from marketers to Azigo’s website. There, consumers can adjust the amount of information they share with marketers via loyalty programs, e-commerce accounts, daily deals, etc. For example, a clotheshorse in San Francisco could conceivably use the site to give J. Crew specific information about her demographics and preferences, but could have Azigo limit information for JetBlue.
In addition, the company will offer a Web browser extension that it says will block unwanted ad trackers and help users autopopulate forms and log-in credentials on marketer websites. The browser extension also gives the company real estate for communicating with users in real time. Say a consumer has opted in to receive offers about designer shoes; as they surf the Web, certain content could trigger a box offering an Azigo-specific deal from a shoe company. Azigo says it will sell that inventory on a cost-per-click or cost-per-action basis.
“Facebook is where you go to manage social relationships; LinkedIn is for keeping up with professional networks,” says Steve O’Brien, Azigo’s head of marketing. “We think there’s room for a third place online for people to consolidate all of their commercial relationships.”
Other groups throwing their hats into the ring include startup Singly, which has an open-source platform called the Locker Project; credit report giant Experian; and the nonprofit personal data store Mydex, based in Scotland.
Unlike Personal and Azigo, Singly—which has yet to launch its Locker Project—isn’t offering a full data-management service. Instead, it’s creating an open-source platform that collects so-called “digital exhaust” from people’s online activities and then lets people secure copies of it in digital data lockers. The plan, according to the company, is for third-party developers to build on the platform with applications designed to help people leverage their personal data.
Mydex also differs from the commercial data lockers stateside. It says it can act like a commercial organization and make a profit, but is primarily interested in (and legally obligated to) help people organize and benefit from their data.
The concept of a hub for personal data control isn’t new. Michael Fertik, CEO and president of online reputation and privacy management company Reputation.com, points out that Microsoft tried out a similar idea about a decade ago with its Passport service. Launched in 1999, the site was intended to be a digital destination for storing personal information. But industry observers say it failed for a variety of reasons, including security flaws and a lack of consumer trust.
According to Fertik—who says 2012 might be the year he takes the wrapper off his own data locker—a successful data vault needs users to supply the data; insights that make the data valuable to vendors; and vendors who give the users ways to make their data work for them. But previous attempts like Passport, he says, didn’t attract enough users and, critically, were not able to generate the insights to make their data competitive with the data sets already available.
“I have to make my information about you more interesting to Amazon than Amazon’s information about you,” he says. “Which is staggeringly difficult because you [likely] have such a strong connection to Amazon.”
Fatemeh Khatibloo, a Forrester Research analyst who recently wrote a report on the emerging field of consumer-managed data, believes the climate is ripe for such companies. It’s basically impossible, she notes, to talk about data—which is created by multiple parties, and shared with and managed by other parties—in terms of exclusive ownership. But the consumer-managed model, she says, wisely promotes the notion of data rights. Beyond consumers feeling intruded upon by the online ad business, she says she’s observed anecdotally that people have begun to recognize that their data is the currency of a booming industry—an issue magnified by the multi-million dollar data breaches suffered by Sony and Epsilon in the past year. “It’s a totally different game, and I think consumers are now paying attention,” Khatibloo says.
Patrick Moorhead, head of mobile operations for the digital group at DraftFCB, notes that these new companies introduce some needed competition into a marketplace dominated by data goldmines such as Facebook, Google and Amazon. “To the extent that those guys can gain traction, it could force the bigger players . . . to implement policing,” he says. “The more interests trying to meet these needs, the better off we’re going to be.”
Of course, it’s possible that some of the big data-rich companies, seeing an opportunity to enhance their customer relationships, could offer data lockers of their own. So far, Experian, which bought the identity management tool myID.com last year, is the biggest company to move into this space. MyID.com helps users monitor their digital footprint and build an online profile of their private data, but Mark Kapczynski, Experian vice president, says it could ultimately work with marketers to bring consumers deals through the site. Analysts say other large tech companies may also be working on similar offerings.
As European lawmakers and privacy advocates stateside continue to pressure the FTC to act on consumer privacy, some data rights advocates say the personal data locker model might be a workable compromise between government and industry. While none of the recent consumer privacy bills proposed in Congress has gained enough momentum to pass, FTC interest in privacy issues and the “do not track” arguments are not expected to let up anytime soon.
“Neither side in this ‘do not track’ vs. business as usual debate is right,” says Kaliya Hamlin, who founded the Personal Data Ecosystem Consortium, a nonprofit group promoting businesses and systems that give individuals control over their data. “[The data locker models] are stepping out of the two ends of the spectrum and saying there’s a middle ground.”
Not everyone believes in the potential of user-centric data platforms. For instance, there are some digital advertising leaders who believe there’s a big flaw in their underlying thesis. While people may get worked up after a major data breach or newspaper exposé, for the most part, they say, they don’t want to bother with the hassle of minding their data.
“These types of business models . . . have never really worked because my theory is consumers are apathetic,” says Mike Baker, CEO of digital marketing management platform DataXu, pointing to research stats showing that opt-out rates for do-not-track browser options are in the low single digits. In November, for instance, Firefox-maker Mozilla said that just 5.6 percent of its desktop users have turned on do-not-track features. (However, possibly suggesting more consumer concern around mobile tracking, the company said that more than 17 percent of mobile users have activated do not track on their mobile browsers.) People find the industry complicated, says Baker, and they “have more important things to do with their time.”
Still, research does also indicate that people are increasingly willing to share information when they perceive a benefit. According to a KPMG report last month, 62 percent of consumers said they were willing to be tracked by advertisers, as long as they gained value from it. That’s up from 50 percent in 2008, and the percentage is even higher for people between the ages of 16 and 24.
Another concern, however, is security. Right now, much of the personal data most valuable to advertisers is aggregated and anonymized so that, ostensibly, it can’t lead back to specific individuals. But personal data vaults conceivably would house personally identifiable information (PII) and financial data, transaction histories and more, making them enormously appealing to hackers. Assuming they can safeguard their sites, commercial lockers still have to make sure that data doesn’t leak out in other ways. Personal, for example, says companies are not allowed to share the data they acquire through the site or attempt to reverse engineer data to identify individuals—but it will have to prove that those policies will be enforced.
There’s obviously another side to the equation. These consumer-oriented data companies must convince marketers that they provide the best channel for reaching people. The prevailing perspective among privacy-minded online advertisers is that the current data machine, including data-tracking companies, ad networks and data brokers, can continue to support targeted advertising as long as the industry provides more transparency and tools for turning off tracking. The sophisticate in New York can get ads about the latest luxury goods sale, or can opt-out and risk seeing fly-fishing offers. As long as she has the option to install a Web browser plug-in or check boxes on a website to tell companies that she doesn’t want to be tracked online, they say, that’s enough.
Andrew Altersohn, president of Havas Digital N.A., says that while the idea of commercial data lockers is interesting and potentially valuable, they need widespread consumer and publisher adoption to be effective. “If these kinds of data vaults were operating at scale, secure and well maintained, they could definitely be helpful,” he says. “However, until that time, they’re more of a nice to have, not a need to have, for marketers.”
As to their value to consumers, some say that although these models finally give Internet users a much-needed seat at the table, they may not go far enough.
Joseph Turow, an Annenberg School for Communication professor and author of a new book on targeted advertising, The Daily You, says giving people a platform for creating direct relationships, while a start, doesn’t pull back the curtain on a world in which companies like Experian, BlueKai and eXelate sell and exchange personal data with minimal consumer awareness and consent. Discounts and deals may be attractive, he says, but only as a part of a larger movement that really educates people about the data industry and how it’s increasingly defining our world.
“It’s not just trading your data and knowing your data, but really understanding the dynamics of your data,” Turow says. “Where does it come from? Who is doing it? Why are they doing it? How do they make the inferences about me?”
It will likely take some time before the average data-rich individual realizes she can cash in on her digital identity. But even some giants of today’s data economy say that world is on its way.
Omar Tawakol, CEO and founder of BlueKai—which aggregates consumer data from shopping and browsing habits, and has companies buy it on an online auction—says he’s had his eye on a consumer-facing, loyalty-like business since the company’s launch five years ago. The key, he adds, is providing it when consumers will be able to get tangible value from it. Airline loyalty programs are valuable, he says, because consumers, for example, can earn a $300 trip to Hawaii with mileage accumulated in one year. For consumers to get similar value from their data activity, he says, the market still has to get much bigger. The data marketplace expands every year, but Tawakol thinks it will take another five years before it gets big enough for consumers to really care.
“I believe it will get there,” he says. “It’s just not there today.”