As Deadline Looms, Comments Roll In for FTC's Behavioral Ad Principles

It’s crunch time for behavioral targeting stakeholders, as the deadline looms for public comment on the Federal Trade Commission’s proposed self-regulation principles on the practice (See previous coverage or download the principles). The consensus so far, among marketers and Web companies at least, is this: The document should more narrowly define behavioral targeting, and draw a clearer distinction between first and third-party ad targeting systems.

With only days to go, only 15 parties — including individuals, companies such as Google, and privacy organizations — have submitted feedback on the principles. However the FTC expects that number to swell immediately before the April 11 deadline.

“We expect to receive most of the comments on the eve of the deadline,” a spokesperson said in an e-mailed statement. “Based on what we are hearing, we expect to receive many comments from interested parties.”

The Network Advertising Initiative, a coalition of behavioral advertising networks, told ClickZ it expects to submit its own comments on Thursday. Yahoo said it will file a response on Friday.

Google and Wunderman-owned ZAAZ are among the firms that have already weighed in on the principles.

One big worry, voiced by Google in comments submitted last Friday, is that the FTC defines behavioral targeting so broadly it could be interpreted to include contextual and keyword-based ad targeting systems. According to the FTC’s proposal, behavioral targeting is “the tracking of a consumer’s activities online — including the searches the consumer has conducted, the web pages visited, and the content viewed — in order to deliver advertising targeted to the individual consumer’s interests.”

Google made two additional observations it says add up to a risk for its core business. It said the principles don’t distinguish between personally identifiable information (PII) and non-personally identifiable information (non-PII), and it pointed out that one principle calls on sites to provide an opt-out mechanism generically for all data collection. As a result, Google said it might be required to force non-registered users to register for Google services in order to opt out of non-PII data collection.

“If the principle were interpreted to require an unauthenticated user to opt out of the collection of non-PII, the only way to be able to prove that we have given that opportunity to each of our users would be to require them to register and then opt out,” wrote Alan Davidson, Google’s senior policy counsel and head of U.S. public policy.

The upshot, according to Davidson: “Failing to define behavioral advertising precisely, or an attempt to categorize specific activities as elements of behavioral advertising (e.g., search queries, clicks and other similar online activities) could have unintended and very negative consequences.”

Additionally, both Google and ZAAZ urged the FTC to draw a clear distinction between first and third-party ad targeting. ZAAZ Senior Optimization Manager Jason Carmel called on the commission to disallow the use of personally identifiable information for “ad side” behavioral targeting (i.e. on ad networks) while allowing it for site-side targeting.

Google’s comments on site-side versus network-based behavioral targeting focused on changes wrought by the rise of widgets and other syndication technologies, and seemed crafted to protect its iGoogle personalized homepage initiative.

“In a Web 2.0 world, any web page could have any number of third party applications embedded in it — each one… providing advertising based on disparate criteria,” Google wrote. “In those cases both the application provider and the provider of the page may be first party advertisers — but only one would have the ability to provide the appropriate notice and choice called for in the proposed principles.”

A second principle advanced by the FTC broadly calls for “reasonable security” and “limited data retention” for behavioral data. While neither Google nor ZAAZ took issue with the security requirement, ZAAZ’s Carmel warned against moving toward a single standard for length of data retention. He offered the example of music retailers, which have very short sales cycles, and auto sellers, which may court customers for up to a year.

“To expect both businesses to adhere to a common principle of how long certain data types can be retained could grossly hinder both businesses in their attempts to cater to these vastly different and completely legitimate marketing scenarios,” he wrote.

Once the deadline passes for public comment, the FTC intends to review the remarks. Next steps will depend on that review, and could include revising the principles or seeking additional input. “But our course of action depends very much on the comments that we receive,” the spokesperson said.