"Nothing in this Act shall prohibit [a publisher or ad network] from collecting or disclosing aggregate information or [personal] information that has been rendered anonymous."
That is not strict privacy governance, which means those advocating self-regulation are currently winning a war that is entering new battlefront. Though the bill is only in the first of what promises to be many iterations, one primary reality seems to be taking shape.
Effective self-regulation of network, or “offsite,” behavioral targeting has earned enough respect on Capitol Hill – enough trust – that lawmakers are clearly willing to trust advertisers with data management and usage. Interestingly, that means that the traditional gateway for businesses to push their message to consumers – the opt-in – may be turned on its ear. Marketers are applying the “ask for forgiveness, not permission” model to behaviorally powered affiliate marketing. As this rule begins to take hold within the direct digital marketing industry over the next several months, its impact may spread to other direct digital channels.
The relentless spread of social media has likely had a major influence on this first version of the bill. The amount of personal information consumers are willing to share about themselves online is increasing every day, even in light of Facebook’s ongoing struggle to protect massive amounts of data that leaves many marketers salivating. For now it seems that self-regulation is still permissible, but those advocates may lose their momentum if Facebook is unable to better protect its users. Self-regulation advocates should be reaching out to Facebook in droves right now to prevent their opponents from building an effective use case for more robust data protection.
Currently there are different rules for different direct digital marketing channels. Onsite behavioral targeting is still safe from privacy concerns, but offsite behavioral targeting now uses the opt-out as a primary option for the consumer. With email and mobile consumers must first opt-in, even double opt-in at times. As self-regulation of direct digital marketing in general becomes a more trusted enterprise by consumers and lawmakers alike, it is worth contemplating how the opt-out may eventually replace the opt-in, and not just with offsite targeting.
What do you think: With direct digital marketing having such a broad channel concentration, should the next step of industry privacy regulation be a uniform set of rules that govern all direct digital marketing?