Online personalisation: Why advertisers must act now to protect user privacy

By Tim Palmer | Chief Technology Officer

December 3, 2015 | 6 min read

Online privacy is an interesting topic and one that gets many people hot under the collar. Edward Snowden’s revelations about the so called ‘snooper’s charter’ in the UK and European/ US ‘safe harbour’ has left many people believing we have reached Orwell’s Big Brother society. With the recent flood of terrorist attacks, we’ve seen the bill come in to focus again.

While many would disagree, I would say that government access is not the debate we should have having regarding privacy – especially if we believe the government and its personal monitoring is for the protection of its citizens only.

Where I believe the primary focus should be is an area that has been vastly overlooked – that of compromised personal privacy, which is put at risk by personalised advertising methods, from direct mail to cross-device targeting.

Online ads have spoiled surprises

Crossing the line

There’s a conflict of interest in the way that advertising currently works. We’re told that consumers want personalisation – indeed studies have shown that one in three consumers would prefer to see personalised products or services. However, the fundamental way in which advertising works, with recommendations based on likes and interests could leave personal privacy at risk.

The details that advertisers and technology companies collect and are entrusted with may be trivial in the eyes of some, however hotel bookings, nights out with friends, and diamond rings can all be used to form the personality profile of a consumer – traits seemingly innocuous to an advertiser, but potentially revealing to friends and family. We are now seeing a push to activate this cross-device audience data, and it is here we could encounter problems.

The latest marketing news and insights straight to your inbox.

Get the best of The Drum by choosing from a series of great email briefings, whether that’s daily news, weekly recaps or deep dives into media or creativity.

Sign up

I would argue that we need to carefully consider messaging and partners used to link devices together and act responsibly now to avoid opening Pandora’s Box when it comes to compromising an individual’s privacy.

Take an email environment as an example - the space is clear and closed, one that can be logged into and logged out from. However, personalised online advertising methods such as sequential messaging, CRM retargeting, dynamic content and cross-device do not have this demarcation. The more advanced the industry gets with targeting, the more likely we are to breach someone’s personal privacy – the implications of whether the end user is the intended person. This is the same risk for personalisation across the board – from newsletters to dynamic creative optimisation (DCO) through programmatic.

For example, a friend of mine was booking a surprise trip away with his wife to Spain for their wedding anniversary. He booked the trip on their home laptop, with his own email account, and assured that he could keep the secret, was not expecting anything to slip before the big unveil at the airport. However, two weeks before their trip away, his wife saw an ad showing the temperature in Spain, asking if they had packed their sun cream, and suggesting travel insurance. The surprise was ruined.

Using an extreme case from a few years ago with direct mail personalisation, US retailer Target managed to expose a teenage girl’s pregnancy to her father. Through analysis of their first party data they were able to predict that the teenager was pregnant and was sent coupons for baby clothes and baby products. The girl’s father saw his daughter’s mail and was livid.

He approached their local store to speak with the manager, who had no idea what he was talking about. A couple of days later, the father called up the store, “I had a talk with my daughter,” he said. “It turns out there’s been some activities in my house I haven’t been completely aware of. She’s due in August. I owe you an apology.”

If we’re not careful, stories like this could become more commonplace. Your web activity, while seemingly innocuous, is still personal information. What someone browses for at work they may not want to see at home, and visa-versa. The privacy concern here is not so much the data shared with multiple companies, but more the audience and what will be revealed about their life with interest based advertising.

Responsible messaging

We know the future of marketing will have personalisation at its heart. Personalised marketing, when done well, will improve the lives of its recipients. There are a number of things marketers can and should be doing now to safeguard the practice of personalisation.

Everyone involved in data collection needs to consider its usage and how to engage consumers across devices without compromising personal privacy. Advertisers - ensure you choose your data, activation and retargeting partners carefully. You need to have a holistic view of all the partners you work with to understand how to be responsible.

Always consider the recipient of a programmatic advert may not be the intended audience – even with deterministic modelling. Respect your customer’s right for anonymity and to opt out of all advertising. Edge privacy cases will kill goodwill and generate significantly more bad publicity and damage the industry for good.

Tim Palmer is chief technology officer at The Exchange Lab


More from Advertising

View all


Industry insights

View all
Add your own content +