That’s because they may be - or at least monitoring your moves on the internet.
In an intensely competitive economy for consumer dollars, more and more companies are turning to “behavioral advertising.” More or less, this is when advertising companies monitor your surfing on the internet so that they can provide a more “personalized” advertising experience. Or at least that’s how they describe it. Outraged consumers call it spying.
The practice raises interesting questions about internet privacy laws and whether companies should be made to reveal that they are tracking - and in some cases, sharing - your internet behavior.
How specific is the information? In a hearing before Congress in the summer of 2008, Internet service providers (ISPs) discussed a practice known as “deep-packet inspection” (DPI). The practice, which is usually done without consumer notification or approval, tracks every web site that consumers visit and can provide details from what was purchased to what credit card was used for the sale.
Opponents cried foul, and a class action lawsuit has already been filed against an advertising company that engages in the practices, claiming that it is an invasion of privacry. However, supporters of the controversial practice note that companies do not keep personally identifiable information. They note that DPI is usually automated and is based on criteria set by the network operator - not monitored on an individual level.
If that’s true, the concern is that the information won’t stay anonymous for long. The information is more valuable if there are personally identifiable details attached to the data. Is that something that might be coming down the road? Right now, there’s really nothing to stop it.
Internationally, the practice is heating up in countries that traditionally have protected consumer privacy like the UK. Communications giant British Telecom has admitted to using DPI technology over a two year period as part of an advertising arrangement with Phorm, Inc., a self-described “innovative digital technology company… focused on creating a new “gold standard” for user privacy, a more relevant Internet experience, and more value for advertisers, publishers, Internet Service Providers and others in the online ecosystem.”
The practice is already ongoing in the US. Google has decried the use of DPI publicly (in a letter to Congress, posted on Google’s blog). However, the very popular Gmail (managed by Google) has reportedly used DPI to deliver targeted ads based on email content for years.
What’s allowed to happen to your data is, as a result, kind of fuzzy. The Federal Trade Commission (FTC) has taken a “we’ll trust you to do the right thing” kind of approach. They are encouraging transparency but leaving the finer points to the companies. In other words, there’s no real regulation.
But as the lawsuits heat up, expect that to change.
{ 1 comment… read it below or add one }
Use of DPI by marketing companies is wiretapping.
What else would you call interception of private communications between two parties? (Communications between web sites/ecommerce business and their visitors/customers).
It is flagrant industrial espionage; using the content of private communication traffic to identify a business’ customers, and targeting those individuals with ads for competitors.
Its also flagrant copyright abuse, by taking copyright protected literary works, and duplicating/processing to the disadvange of the author/copyright owner without licence.
How can any aspect of such processes possibly be legal?