If information is power, then DoubleClick (DCLK) is striving to be the most powerful Internet ad firm ever. But recently, the company has been caught with its hand in the online cookie jar.
In an attempt to serve clients' marketing needs, the dominant Web advertising firm has long tracked user behavior through "cookies" software code invisibly deposited inside Web surfers' browsers that tags the surfer's identity for future reference. DoubleClick has collected about 100 million consumer files in that manner.
Now the company plans to combine online data, such as your IP address, with offline data that personally identifies you by name and street address information stored in the files of Abacus Direct, a marketing firm purchased by DoubleClick last year. DoubleClick has started an "Abacus Alliance" service that combines online tracking with offline catalog purchasing histories. The combination of data sharpens DoubleClick's ability to tell Alliance members, which must be able to supply online subscriber data to DoubleClick, which specific Web site ads and content should be targeted at which individual Web surfers.
Privacy advocates and private citizens alike are in an uproar over this change in business practice, viewed by some as an Orwellian intrusion into consumers' private lives.
"Privacy is as American as Mom, home and apple pie," says Forrester Research (FORR) 's Jim Nail. But it seems that personalization and privacy mix about as well as oil and water.
"The collision course was set five years ago," says Jason Catlett, president of Junkbusters, a watchdog group that opposed the merger of Abacus and DoubleClick consummated in November 1999. "Now it's a railroad yard of wrecks and crashes."
The wreckage includes a number of lawsuits filed against the company, two of which come from women. Harriet Judnick filed suit Feb. 27 in Marin (Calif.) County Superior Court against DoubleClick, on behalf of the state. Her suit asks the court to prevent the company from using technology to collect personal information from Internet users without their prior written consent.
Nancy Donaldson (DCI) upped the ante with a class action suit Tuesday in U.S. District Court in the Southern District of New York, which alleges that DoubleClick participates in unauthorized profiling practices and seeks damages of $1,000 for each person who accessed an advertisement that DoubleClick helped to target since January 1996. Considering how many DoubleClick ads have been clicked on since then, the company could be facing stiff fines.
Adam J. Levitt, an attorney with Miller Faucher and Cafferty, the Chicago-based class action firm representing Donaldson, claims that his client's suit could have even been filed before the Abacus deal and that DoubleClick's acquisition of Abacus only exacerbates the privacy issue.
"Internet companies' undisclosed, unauthorized, and rampant tracking, profiling, and information-gathering practices are truly dangerous and incredibly invasive," says Levitt. "Companies are surreptitiously collecting vast and detailed storehouses of information that no one knows is being taken. There's something very unsavory and sleazy about that."
DoubleClick representatives like to focus on what they perceive to be the upside of their new service.
"The more info you have on users' interests, the better you can target," says DoubleClick senior VP Jonathan Shapiro. "We want to make advertising work."
DoubleClick argues that Web surfers prefer to get targeted banners, pointing to a survey commissioned by Privacy & American Business and conducted by Opinion Research Corporation (OPI) that found "of Internet users surveyed, 61 percent are interested in receiving banner advertisements that are tailored to their personal preferences."
Of course, DoubleClick just happened to underwrite the report.
Privacy advocates counter that DoubleClick is less interested in consumer privacy than it pretends to be. The company requires Alliance members to post notices giving consumers the chance to "opt-out" of having their personal information collated. But that's hard to verify empirically, because DoubleClick refuses to identify which Web sites and advertisers have signed up for the new service.
So much so, in fact, that the Center for Democracy and Technology is urging consumers to protect themselves by joining its "I Will Not Be Targeted" campaign, which is forwarding consumers' e-mail protests to DoubleClick CEO Kevin O'Connor and 60 of DoubleClick's clients, including Ask Jeeves, Drkoop.com and Travelocity.com.
"We're concerned that consumers don't understand what they are getting into," says CDT spokesman Ari Schwartz. "Our campaign is specifically designed to let consumers understand how to opt out."
And other privacy groups are looking out for consumers as well. Junkbusters, the Electronic Privacy Information Center, or EPIC, and Privacy International are preparing to file a complaint with the Federal Trade Commission on Feb. 16 against DoubleClick for "unfair and deceptive business practices."
DoubleClick has approximately 100 million files on online consumers but has maintained until recently that it only collected anonymous information from the 1,500 Web sites it tracks.
Few people agree that viable advertising should come at the cost of individual privacy.
The Abacus Alliance could represent a new trend in marriages of online and offline consumer profile data. It's conceivable that America Online (AOL) could decide to match up its subscriber data with subscription databases scattered throughout Time Warner (TWX) , once the two companies' merger is complete. Right now, company executives are publicly focusing on the mechanics of the deal rather than the fruits it may bear. When asked about the prospects for such a move, an AOL (AOL) spokesman would only say that protecting consumers' privacy will "continue to be a top priority for the combined company."
While no silver-bullet solution to the personalization-vs.-privacy debate exists, experts agree that better self-regulation is in order at the very least. Most think that legislation down the road is inevitable.
Meanwhile, the Abacus Alliance will likely come under scrutiny at the first meeting of the FTC's Advisory Committee on Online Access and Security, which the commission convened to study consumer access to online data, and information security. The committee's membership includes representatives from both DoubleClick and EPIC.