Supercookie Debate Offers a Transparent Opportunity

Recent articles in the press have outlined how sites including MSN and Hulu are now using an advanced version of the old cookie file to track user behavior. These "supercookies" are very hard to detect and delete, and can track user behavior across multiple sites, not just one.

These tricky little trackers have lawmakers pressing the FTC to investigate, and the IAB scrambling to defend industry practices. Here's coverage from Information Week, Mashable and the Wall Street Journal.

All this gives me a strong case of deja vu all over again, as the expression goes. Back at the dawn of the online advertising age I headed up communications for Advertising.com. We were right in the middle of the "cookie wars" of that time, trying to explain what they did (and didn't) do and trying to head off regulation by the FTC. More recently, I wrote back in 2008 about ISPs looking to get into the tracking business via software from companies like Phorm and NebuAd.

In that 2008 post I talked about a list of principles promulgated by groups like the Network Advertising Initiative and the Online Privacy Alliance that companies were supposed to adhere to in their online practices:

  1. Adoption and Implementation of a Privacy Policy
  2. Notice and Disclosure
  3. Choice/Consent
  4. Data Security
  5. Data Quality and Access

No question many companies are not being faithful to those principles today. But rather than focusing on the regulation issue, I'd like to suggest companies simply be more transparent with users about the current online quid pro quo — lots of information services in exchange for some personal information. Sound a bit naive? I don't think so&ndah; I think it would be smart business.

From the dawn of the online advertising age, companies have been very reluctant to clearly spell this out for users. Online consumers get lots of free or very inexpensive services and lots of convenience, in exchange for sharing information about themselves. Sometimes this sharing is explicit — registration, subscribing — but more often its done behind the scenes, using tools like cookies and now supercookies.

The Internet has become such a part of daily life and commerce that companies should find the courage of their convictions and spell this out for consumers. Stop talking about personalized advertising as if people are dying for that. News flash — most consumers want no advertising at all. But if you explain the benefits they receive in exchange for a reasonable (yes that's a flexible term) amount of shared personal information, I think the vast majority would go along.

Let's take a very basic example. Do you really want to input your ID and password at sites you visit every day? No you don't, it's convenient for that site to place a cookie on your computer so you are recognized and let right in. Companies need to spell this type of benefit out, and/or get their industry associations to do so. It would be a more effective tack than increasingly tenuous stories about the effectiveness of industry self-regulation.

To put it bluntly, the Internet is too essential to the everyday life of millions of consumers for them to turn back now. Companies should clearly explain the business model that makes so much information and so many services available online. They should also follow the principles above, including better protection for personally identifiable information. And/or, explain more clearly why some are extremely hard to do, such as providing user data quality and access.

Online companies can make this case to the public, if they choose to. When we've brought the current status quo out of the shadows and start discussing it more openly, all parties will be better off.

Written by Christopher Parente, High Tech Public Relations