Tacoda Rolls Out Consumer-Friendly Cookie Recipe

It’s been about a year and a half now since the interactive ad world started worrying that consumers were deleting cookies more quickly than expected, out of concern over adware and fears for their online privacy. Other privacy-related scares have irked and energized consumers in that time: the public has learned that search engines keep persistent records of their searches; the government has demanded that the engines surrender some of those stored records; and AOL has made headlines by allowing some of that data to be released in a form that could be traced back to users’ IDs.

But there’s been a notable lack of action to redesign the cookie system that so many agencies and ad networks rely on for both ad delivery and measurement. Several industry organizations that promised information campaigns to instruct the public in the difference between useful and harmful cookies have failed to produce a single message. Safecount.org was formed to promote cookie education among consumers, but has yet to produce any concrete public awareness programs. The Interactive Advertising Bureau has made several feints at its own pro-cookie campaigns, but has pulled back each time, citing new research that indicated the public wasn’t as cookie-averse as previously thought.

It’s beginning to look like the online ad industry is waiting for consumer concern over cookies to go away.

Behavioral targeting network Tacoda doesn’t think that will happen and isn’t waiting for any industry-wide initiatives. This week, during hearings held by the Federal Trade Commission on a wide range of consumer-protection issues related to technology and advertising, Tacoda Networks CEO Dave Morgan announced that his company would take the unilateral step of voluntarily serving periodic notice that cookies have been deposited on visitors’ browsers to track their online behavior and explaining how they can opt out of that tracking system.

The new Consumer Choice Initiative will also shorten the length of the cookies Tacoda uses to one year. Behavioral networks and other companies tracking online movements typically deploy cookie text files that live from three to twenty years.

Morgan said the company is now developing technology that will enable it to recognize when Web site visitors have opted out of its tracking system. Tacoda will also avoid targeting ads using data that users could consider sensitive or too personal, such as sexual preferences, medical conditions or anything that could identify that a visitor is a child.

“We’ve long believed that how online advertising companies address privacy issues will be critical to their success,” Morgan said in an interview after his FTC appearance. “Companies that do more to earn public trust around privacy will do better. Consumers are getting more sophisticated about privacy and how data is used, and they’re going to reward publishers and advertisers that respect their privacy better. It’s not just good public policy, it’s good business.”

Morgan said the new high profile of privacy issues convinced Tacoda that now was the time to be proactive in safeguarding users’ data. “We decided it was a good time to look at our practices and see if we could do more,” he said. Tacoda already conforms to the opt-out guidelines promoted by the Network Advertising Initiative.

Tacoda’s previous policy required disclosing its use of third-party targeting cookies both on its own Web site and on the Web sites of the publishers in its network. But the new consumer initiative will make sure that visitors see ads informing them of their exposure to the Tacoda network every six months, if not more often.

“People don’t go read privacy policies every day,” Morgan said. “Maybe they check the policy the first time they go to a site. We want to make sure that people are aware of what we’re doing.” The new cookie notifications will appear in the same in-line positions as the ads Tacoda serves on publisher sites. Tacoda has the technical ability to make sure that consumers in its network see the notice on a regular basis.

On the shorter cookie length, Morgan said that while there might once have been a technical reason to serve cookies with 20- or 30-year expiration dates, that time had passed. “If you want to send consumers a message that they’re in control, you don’t deliver cookies that expire in 2026,” he said. “Issues of data retention are becoming really important, so we thought this was a good place to take a solid step forward.”

The shorter cookie life won’t pose a problem to Tacoda’s ad serving, Morgan said, because recent consumer behavior is the best prediction of receptivity to ads anyway.

The decision to avoid using sensitive data for ad targeting was also a commonsense move for Morgan and company. “There’s a lot of opportunity to sell advertising based on cancer conditions, for example,” he said. “We looked at those opportunities and decided that they just didn’t pass the creepy test.”

Tacoda is hoping that these unilateral moves will afford it some protection if another data-release incident like the AOL debacle raises calls for industry regulation, either among the public or on Capitol Hill. “We do everything we can to make sure we’re not one of the ones making mistakes,” Morgan said. “Second, we want to make sure that mistakes or bad practices of others that might cause a firestorm in the industry have less impact on us.”

Last week a couple of watchdog groups sent a letter asking the FTC to exert some control over the online marketing industry by forcing them to beef up privacy policies and investigating the use of exactly the kind of Web site tracking data that behavioral networks like Tacoda employ in serving their ads.

Morgan said the letter, from the Center for Digital Democracy and the U.S. Public Interest Research Group, was “pretty general” and didn’t offer many specific points of complaint. “But I think the sentiments in that document are ones that other people share,” he said. “In three or four months, someone doing something specific that’s not right could cause more scrutiny.”

And legalistic definitions of privacy and data ownership are beside the point in an environment where consumers have the ultimate control over ad messaging. “In the end, it doesn’t matter if [a targeting practice] is legal or not,” Morgan said. “If it’s creepy, it’s going to turn consumers off. Everybody in this industry has to recognize that consumers are in charge, and that they will vote with their mouse clicks.”

As for the lack of concrete action on the part of the IAB or Safecount, Morgan said his company simply decided not to wait for an industry wide initiative on privacy in ad targeting.

“Coalitions tend to be good at coming out with really well-thought-out guidelines and best practices, but not good at taking more aggressive steps which carry some risk,” Morgan said. “We realize that there’s a certain degree of risk in stepping out front on this issue. We’d better be holier than thou, because if we screw up, we’re really going to get hurt.

“But we also saw that progress wasn’t likely to come from groups taking action together; it was going to require individual companies taking action on their own. We were very involved in watching those initiatives go forward, and decided that there was nothing preventing us from doing it on our own.”