The Elasticity of Analytics Ethics
A recap of the virtual Web Analytics Wednesday Copenhagen hosted by IIH Nordic on August 26, 2020.
Updated September 18, 2020
I was really looking forward to visit Copenhagen, renew with old friends and get to meet people I’ve only known virtually… but that will be for another time!
You can find a recording of the session — although for some reason there were technical issues even though I have a super-fast fibre-optic connection and never had issues with other software. The presentation itself is available on SlideShare.
Quick Polls on Privacy & Ethics
Some of the data shown in the presentation come from the “Personal or nut?” game I’ve been posting on LinkedIn. Every weekday I post a new quick poll which is open for two weeks. I add my personal (nonlegal) opinion in the comments, along with some references. The most important aspect of this exercise is to take a step back and think about the ethical use of data for marketing and analytics purposes. Some are less obvious than others and they can initiate pretty interesting conversations. With hindsight, I realize in some cases the question should have been narrower and my own point of view might evolve — which is a good thing!
Here’s the list of all the Personal or Nut quick polls. Some results are in — make sure to check the comments too!
- Name, address, phone
98% said it’s personal data (n=194)
91% said it’s personal data (n=122)
- Social media handle
73% said it’s personal data (n=143)
- IP address
79% said it’s personal data (n=153)
79% said it’s personal data (n=151)
- Cookie identifier (this one should have been split in different use cases…)
47% said it’s personal data (n=133)
- Browsing & search history
84% said it’s personal data (n=109)
- Government selling anonymized medical records to pharmaceuticals?
77% they would do it (n=110)
- Working around cookies to continue tracking
70% said it’s unethical (n=98)
- Working with anonymized profiles to optimize campaigns
57% said there’s always a risk (n=56)
- Ad blocker usage
56% said they use an ad blocker (n=167)
- Ad network tags on a health-related website
68% said it’s unethical (n=71)
- Ad network tags in the secured section of a financial website
74% said it’s unethical (n=78)
- Religion derived from another data point (65% said it’s unethical, n=94)
- Anti-fraud scripts (51% said it’s ok, n=55)
- Facebook custom audience using your own list (ethical=66%, n=68)
- Mobile sensor API, no consent asked, for marketing purposes (unethical=79%, n=73)
- Contextual adverting is more privacy-conscious? (yes=73%, n=48)
Q&A from the webinar
What are your thoughts on anonymized data? Is that a valid way of analysis?
I’m much more comfortable with an anonymized tracking on the website itself for the purpose of optimization than any ad network tracking the hell out of me everywhere I go on the interwebs. In a way, I expect to be tracked on the websites I visit (if not, I might even wonder the seriousness of the people handling those websites!) Ad networks will go to any possible extent to track as much as they can because data is the raw material they need to make money. At the end of the day, even if it’s anonymized, there’s only one “you” in the Big Data Swamp of any ad network…
I make the analogy to your DNA. On its own, a single DNA entry isn’t very exciting, yet, most people will say it’s highly personal. Companies providing genetic genealogy claim the data is anonymized and secure… The true value for them stems from millions of DNA entries revealing patterns and anomalies. Individually, each one can easily be de-anoymized (like this famous story of how genetic genealogy helped crack the 1996 murder of 18-year-old Angie Dodge).
In the same way, your online behaviour is your digital DNA, it uniquely identifies you and can also be de-anonymized as revealed by this shocking study from Mozilla which just came out.
What do you think about mandatory consent? For example, to be able to attend this webinar I had to give consent to use my data for marketing. I didn’t have an option to say no, otherwise I couldn’t join this webinar. Is this GDPR compliant?
Great point! Three words: transparency, purpose, control. It was transparent, the purpose was stated, but the control wasn’t there. Sadly, we often see this with webinars and white papers… In theory, the ethic (and the law?!) is you can’t discriminate based on whether someone agrees to be marketed to or not.
It might be legitimate to know who is registering to the webinar, but it’s unethical to imply it’s a green light to market to those people afterward. The proper way to handle this is to have a checkbox to opt-in to marketing. We also have to think about it in terms of “exchange of value”. The event organizer engaged resources to bring this free webinar to you and the “trade” is the permission to contact you afterward. A webinar isn’t “essential”, so if the value exchange seems unfair and benefiting the provider too much because you don’t agree with their marketing practice, nobody is forcing you to enrol… or you can fill in junk data, find another way to gain access, and potentially complain on social and hurt the brand!
This happened no later than yesterday when I wanted to watch a webinar about ethics and there was a registration form using dark patterns! Not only did I have to whitelist the site on Brave, but all fields mandatory (with nothing saying so beforehand) and the submit button only showed when they were all filled! There was no transparency, no disclosure of purpose, and no control. Of course, today I received their newsletter because I was auto-subscribed to it...
Do you believe browsers’ changes are meant to do good to the final user?
Yes, I believe so — they aim to counterbalance the growing abuses and recognize most users are not “technically literate” enough to understand all the controls available to them.
I use the car analogy: in the early days, vendors might have said, “doh! the driver was too stupid to stay on the road and he hit a lamppost. Not our problem!” Nowadays, you can drive and trust the seatbelt, airbags and frame of the car are all there to reinforce your security. You don’t need a master in physics nor do you have to understand how the material and the width of the seatbelt, when positioned just above your hips and over your shoulder, will protect you in case of a collision at speed X, but not at speed X+Y…
I cringe when I see privacy policies telling their users, “You can control your privacy by going through loops, jumping around, spinning on your head to block cookies”… instead of being transparent, indicating purpose, and giving control right there…
Should it be accepted that an online retailer can be forced to serve people “blindfolded” — While a physical store can see the customer and thus estimate age, gender, interests… and improve customer service based on this. Would it be ethical to enforce own tracking at a level similar to a physical store?
This comparison has been used many times, along with all sorts of variations on the same theme. Personally, I don’t see an issue with a website tracking my behaviour for the purpose of optimizing my experience and their business — as long as it’s transparent, the purpose is clear, and I can opt out (although the current scenario, in most cases, is “opt in” because of legal requirements…). If we take the physical analogy, this is akin to passively observing client’s behaviour in the store, whether they purchase or not, what they look at, what they touch, what they purchase; their estimated age, gender, or even revenue level just from observing their clothing! (With all the errors and misjudgements it implies!!!)
What’s happening today is closer to this: you enter the store and a clerk jumps at you. “Can I help you?” — “Thanks, I’m just watching”… but the clerk keeps following you, breathing down your neck, trying to befriend you — “oh! This one is so nice on you!” / “people love this one!” / “Look here, this one is much better”… to the point of being so annoying that you just leave the store in a hurry and never come back…
Comments? Thoughts? Please do!
Stéphane Hamel is a seasoned independent digital marketing and analytics consultant, innovator, teacher and speaker with a strong interest for user privacy and the ethical use of data.
If you enjoyed this article, you should connect on LinkedIn and while you’re at it, why not click the nice little clapping hands on the left and follow me on Medium!