Accessing a device allow storing or accessing information on a user’s device.
Advertising personalisation allow processing of a user’s data to provide and inform personalised advertising (including delivery, measurement, and reporting) based on a user’s preferences or interests known or inferred from data collected across multiple sites, apps, or devices; and/or accessing or storing information on devices for that purpose
Analytics allow processing of a user’s data to deliver content or advertisements and measure the delivery of such content or advertisements, extract insights and generate reports to understand service usage; and/or accessing or storing information on devices for that purpose.
Content personalisation allow processing of a user’s data to provide and inform personalised content (including delivery, measurement, and reporting) based on a user’s preferences or interests known or inferred from data collected across multiple sites, apps, or devices; and/or accessing or storing information on devices for that purpose.
Matching data to offline sources combining data from offline sources that were initially collected in other contexts.
Linking devices allow processing of a user’s data to connect such user across multiple devices. Precise geographic location data allow processing of a user’s precisegeographic location data in support of a purpose for which that certain third party has consent.
Purpose versus Feature
Purpose is a data use that drives a specific business model and produces specific outcomes for consumers and businesses. Purposes must be itemised at the point of collection, either individually or combined.
Feature is a method of data use or data sourcing that overlaps across multiple purposes. Features must be disclosed at the point of collection, but can be itemised separately to cover multiple purposes.
Smart TV; Federal Trade Commission (FTC); 2016-12-07.
Surely they said something of import.
Justin Brookman is Policy Director of the FTC’s Office of Technology Research and Investigation (OTECH)
Ian Klein is a graduate student pursuing an MS in Computer Science at Stevens Institute of Technology,
Josh Chasin is the Chief Research Officer of comScore.
Jane Clarke is the CEO and Managing Director of the Coalition for Innovative Media Measurement (CIMM).
Shaq Katikala is Counsel and Assistant Director of Technology & Data Science at the Network Advertising Initiative (NAI).
Ashwin Navin is CEO and co-founder of Samba TV.
Mark Risis was the Head of Strategy and Business Development for TiVo Research through 2016-11.
Serge Egelman is the Research Director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), is “lead” at the Berkeley Laboratory for Usable and Experimental Security at the University of California, Berkeley.
Claire Gartland is Director of the Consumer Privacy Project at the Electronic Privacy Information Center (EPIC).
Dallas Harris is a Policy Fellow at Public Knowledge.
Emmett O’Keefe is Senior Vice President of Advocacy at the Direct Marketing Association (DMA)
Maria Rerecich is the Director of Electronics Testing at Consumer Reports (CR).
Ibrahim Altaweel, Nathaniel Good, Chris Jay Hoofnagle; Web Privacy Census; In Technology Science; 2015-12-15; separately noted, separately filled.
tl;dr → there are lots of (HTML4) cookies; cookies are for tracking; cookies are bad. factoids are exhibited.
<quote>if a company has a big data algorithm that only considers applicants from “top tier” colleges to help them make hiring decisions, they may be incorporating previous biases in college admission decision</quote>, page iv (page 12)
Jessica Rich, Director of the Bureau of Consumer Protection, Federal Trade Commission.
Lesley Fair, bloggist, George Washington University, Federal Trade Commission.
What’s the state of the art?
How are companies tracking consumers across different devices?
What are the pros and cons for consumers and advertisers?
What does the privacy and security landscape look like?
How can companies be more transparent about what they’re doing?
What can be done to give consumers more control?
How do existing industry self-regulatory programs apply?
<quote ref=”presser“>The use of multiple devices creates a challenge for companies that want to reach these consumers with relevant advertising. The traditional method of using cookies to track consumers’ online activities are proving to be less effective. A cookie may not provide a complete picture of a consumer who uses different web browsers at home, at work and on their mobile device, for example.
Industry has adopted different approaches to address this issue, from simply having consumers log in to be able to use a site or service from a different device, to methods that rely on various characteristics about a user to match their behavior from one device to another – often without the consumers’ awareness or control.</quote>
A definition of Personally Identifiable Information (PII) is enumerated
<quote>“Personal data” means any data that are under the control of a covered entity , not otherwise generally available to the public through lawful means, and are linked , or as a practical matter linkable by the covered entity, to a specific individual, or linked to a device that is associated with or routinely used by an individual , including but not limited
(F) any unique persistent identifier, including a number or alphanumeric string that uniquely identifies a networked device; commercially issued identification numbers and service account numbers, such as a financial account number, credit card or debit card number, health care account number, retail account number; unique vehicle identifiers, including Vehicle Identification Numbers or license plate numbers; or any required security code, access code, or password that is necessary to access an individual’s service account;
(G) unique identifiers or other uniquely assigned or descriptive information about personal computing or communication devices; or [anything else] </quote>
In archaeological order, derivative works on top, more original output below…
Latanya Sweeney (FTC); Online Ads Roll the Dice; In Their Blog; 2014-09-25.
Latanya Sweeney is Chief Technologist at the Federal Trade Commission (FTC)
Teaser: Online ads, exclusive online communities, and the potential for adverse impacts from big data analytics
tl;dr => content targeting is bad, audience targeting is insidious.
Self-Regulatory Principles for Online Behavioral Advertising
Self-Regulatory Principles forMulti-Site Data.
<quote>The trade associations that lead the DAA do not believe that Microsoft’s IE10 browser settings are an appropriate standard for providing consumer choice. Machine-driven do not track does not represent user choice; it represents browser-manufacturer choice. Allowing browser manufacturers to determine the kinds of information users receive could negatively impact the vast consumer benefits and Internet experiences delivered by DAA participants and millions of other Web sites that consumers value. In addition, standards that are different than the consensus-based DAA Principles could confuse consumers and be difficult to implement. A “default on” do-not-track mechanism offers consumers and businesses inconsistencies and confusion instead of comfort and security.</quote>
<quote>The DAA Principles, self-regulatory program, and consumer choice tool is the only mechanism in the marketplace that truly provides consumers with clear transparency, choice, and meaning about how their data will and will not be used. For these reasons, the DAA’s constituent trade associations continue to support these efforts by the DAA.</quote>
Philippe Golle; Revisiting the Uniqueness of Simple Demographics in the US Population; In Proceedings of WPES; 2006-10-30.
Abstract-of-Abstract: The results generally agree with
the findings of , although we find that disclosing one’s gender, ZIP code and full date of birth allows for unique identification of fewer individuals (63% of the US population) than reported previously.
L. Sweeney; “Uniqueness of Simple Demographics in
the U.S. Population”; In Proceedings of LIDAPWP4; Available from Carnegie Mellon University, Laboratory for International Data Privacy; Pittsburgh, PA; 2000.
Arvind Narayanan and Vitaly Shmatikov; Robust De-anonymization of Large Sparse Datasets; 2008.
Abstract-of-Abstract: We apply our de-anonymization methodology to the Netflix Prize dataset, which contains anonymous movie ratings of 500,000 subscribers of Netflix, the world’s largest online movie rental service. We demonstrate that an adversary who knows only a little bit about an individual subscriber can easily identify this subscriber’s record in the dataset. Using the Internet Movie Database as the source of background knowledge, we successfully identified the Netflix records of known users, uncovering their apparent political preferences and other potentially sensitive information.
Center for Democracy & Technology (CDT); Consumer Protection from Behavioral Advertising; 7 pages; 2007-10-31; Submitted to: Donald S. Clark; Secretary, Federal Trade Commission; In advance of the FTC Town Hall, “Behavioral Advertising: Tracking, Targeting, and Technology,” 2007-11-01 & 02 in Washington, D.C.