Wednesday, September 22, 2010

Web analytics, privacy and the WAA code of ethic

The Wall Street Journal did a whole series on “What they know”. Online marketers - especially when it comes to ad networks, web analytics and behavioral targeting – are depicted as evil spies and Cookie Monsters. Call it sensationalist, biased or even lies and fallacies; it depicts what is generally perceived outside of our little web analytics industry. If we listen to the WSJ, even underlying concepts of Web 2.0 such as embedding widgets on a website is evil. Their analysis revealed content (and most likely, cookies) being served by a 3rd party… Bad, bad, bad! It goes beyond web analytics, but when threatened and called upon, people react and as is often the case, external events forces us, web analysts and the WAA, to act.

A fundamental misconception of web analytics

Over the year I have taught over 700 people on the fundamentals of web analytics trough courses at UBC, ULaval and my workshops. Oftentimes, a fundamental misconception about web analytics takes the form of "With the help of Google Analytics (or whichever tool), I can find dimensions such as number of visitors from a city, the source and frequency of their visit, recency of visits, keywords used, etc., however, how can I find "who these visitors are?" How can I find their contact details so as to start a personalized initiative?"

First, we need to understand the fundamental difference between Web Analytics and Customer Relationship Management (CRM).

Web Analytics

Web Analytics is about a “statistical population”, "segments", "margin of error", "outliers", etc. The goal is NOT and should NEVER be to identify unique people, but to look a trends and patterns of online behavior shared by different groups of visitors. Web analytics pertains to the realm of inbound and onsite marketing and customer-facing optimization: campaigns, web sites, social media, etc. Period.

We are not in the business of tracking users’ journey on the Interweb.

Behavioral targeting

Behavioral targeting doesn’t necessarily look at unique users; it looks at pattern of similar user behavior to determine what worked and what didn’t. However, admittedly, there are more advanced solutions where specific individual behavior is analyzed and the persuasion scenario tailored accordingly.

This can be done without ever using any PII.

Customer Relationship Management

CRM is about one-to-one customer relationship, keeping track of “touch points” for each individual person, regardless of the communication channel they use – phone, email, web, etc. At its core, the goal is to improve the relationship with prospects, clients & customers by optimizing processes around all communication channels, all touch points, at all time.

We are at the opposite end of the spectrum: Personally Identifiable Information (PII) such as name, phone, email and even more are critical to CRM.

Ethical & legal aspect

It is unethical and illegal in most cases to collect uniquely identifiable information such as contact details (phone, name, SIN#, complete address, etc.) without express user consent. Although it is technically possible, especially with advanced solutions, to collect custom data such as PII, contact details should be collected within corporate systems and used within the limits of the applicable laws (US, Canada and the European Union have laws & guidelines regarding when, how, for which reason and what you do with the collected personal information – see Privacy and PIPEDA for examples).

Offering a customized experience on Amazon because it recognizes you is CRM, not web analytics. Facebook happily using all the data you give it, reselling it or making whatever they want with it is CRM, not web analytics – risky business, but done with user consen – well… kind of. Services using Flash Cookies, be it ad networks, web analytics tools or web sites themselves storing data without user consent and rebuilding it even after the user consciously deleted it is illegal in my book… and it seems I’m not alone thinking that.

My take

Eric Peterson drafted a web analytics code of ethic and I’m glad he accepted to publish it under the umbrella of the Web Analytics Association instead of on his own. After calling on the WAA to be the voice of the industry, it would have been awkward to do otherwise! Lots of people talked about it on Twitter, commented on the blog, bloggers posted their own point of view and some vendors, like Webtrends, publicly took a stance (tip of the hat to them!). On my end, I updated my privacy policy to reflect the proposed code of ethic.

Certainly all good things. However, the WAA as an organization has about 1500 members, the whole web analytics engaged practitioners and consultants’ base represents about 5000 people worldwide. Let’s be realist… The WAA is a small fish compared to other, well established organizations such as the IAB, and honestly, pretty much insignificant when faced with structured privacy lobbying groups. It seems web analytics vendors are still more interesting in competing, purchasing and killing one another than joining a coalition and lobby for the future of the industry.

Other associations are already ahead, like the IAB Privacy self-regulation compliance icon which is being developed in collaboration with the Future of Privacy Forum. The WAA simply doesn’t have the resources and lobbying power. Considering Microsoft, Adobe and Yahoo are already members of the Future of Privacy Forum, I think the WAA should simply rally the IAB and the FPF.