Data capture, marketing and the Internet

Data capture, marketing and the Internet

Data capture, marketing and the Internet

Marketing has at its heart the ability to classify potential consumers – by demographics, by tastes and preferences, by lifestyle – and to provide a product or service to meet the needs of that particular segment. The ability to obtain and use data on potential consumers is crucial – think of direct mail without a list.

The Internet provides a mechanism for the marketer to capture volumes of data on the potential consumers who visit their site or sites. The data is both explicitly captured (e.g.: insert your name and address) or implicitly captured as a by-product to the visit to the site (e.g. "cookies").

The consumer is becoming increasingly aware of the data that is being taken from him or her on each visit to a Web site.

Andrew Hawker writes about this issue.

Consumer privacy on the Internet

As more and more consumers connect themselves to the Internet, it becomes possible to devise completely new marketing techniques, which take advantage of the interactive nature of the medium. One result has been to prompt a fresh wave of debate about the threats to individual privacy which could result from this. The technology makes it relatively easy for both the carriers and providers of online services to monitor the activities of the consumers they serve. In the view of many civil libertarians, this facilitates new forms of surveillance by computer. Marketing managers, on the other hand, are understandably enthusiastic about the possibilities which are opened up for improving their understanding and influence of consumer behaviour.

Paradoxically, the Internet has managed both to create this problem and to provide a platform for much of the ensuing debate about it. Keeping up with the entire debate is simply not practicable for anyone who has other work to do. Nevertheless it is a debate which those involved in marketing ignore at their peril. It is likely to have quite a significant effect on the way Internet-based marketing is perceived and regulated in the future.

Information about individual consumers can be gathered from the Net in one of three different ways:

1. 1.

   Concealed data capture. Anyone who surfs the Net leaves a trail of tell-tale entries in the electronic logs kept by Web sites and network routing systems. Much of this information is buried in different systems in different formats, making it extremely difficult to correlate. The operators of Web sites can, however, get round this to some extent, by instructing a user's browser software to create "cookies". A cookie comprises some brief codes (typically about 40 or 50 characters per cookie) which are stored on the hard drive of the user's PC. The cookie makes it possible for a Website operator to tell when a user is making repeat visits. A good explanation of how cookies work can be found at www.cookiecentral.com

2. 2.

   Implicit data capture. Those setting up in business on the Net must record details of each customer's requirements, home address, credit card details, etc. This data will be substantially the same as that collected in other types of transaction, for example those which take place in a supermarket, or over the phone. There may of course be some differences in terms of who is collecting the data, since one of the attractions of the Internet is the ability to dispense with intermediaries. It becomes possible, for example, for data to be collected directly by a manufacturer, rather than a retailer or agent. It is reasonable to expect that most of this data will have to be kept on file, but privacy questions can arise in connection with how it is used subsequently. Consumers may be particularly upset to find that certain data has already been captured – for example, if a vendor appears to have a person's credit card number on record, prior to the start of the transaction.

3. 3.

   Explicit data capture. Here the consumer is asked to provide information which is ancillary to the basic transaction. For most people there will be a threshold, when such requests move from being merely irritating ("which newspapers do you read?") to being unduly intrusive (for instance in the case of questions concerning state of health or personal finances).

In all three cases, the consumer is far from powerless. Browsers can be set to reject cookies, and if there are cookies already in place, they can be deleted. Guidance on how to do this can be found at www.junkbusters.com Following some bad press in 1999, the US-based company Doubleclick now offers an "opt-out cookie", which protects the anonymity of someone who receives its online advertising (see www.doubleclick.com). The problem for users, however, is that any attempts to restrict or modify cookie activity take up time and effort and, in some cases, require a certain amount of technical proficiency.

Several Web sites offer free software downloads which purport to help with the protection of privacy. These may create electronic aliases, or "proxy" identifiers, which conceal the identity of someone visiting a Web site. Such facilities are often combined with others, such as the storage of multiple passwords, and personal information which is needed regularly in transactions. Examples can be found at www.idcide.com www.privaseek.com and www.proxymate.com As with all downloads, the user must have complete faith in the integrity of the provider, especially when the program in question is to be embedded in the browser or operating system, and given control over sensitive information.

When it comes to information which people supply voluntarily, there is little which can be achieved by automated checks and procedures. Roaming the Internet is usually a solitary activity, and the interactions with it feel very impersonal. It is all too easy to assume that if sensitive information is typed in, this will be of little consequence. Judging by the questions asked by some sites, people will readily confide all kinds of information about themselves. For example, there is a burgeoning market in "alternative" and other non-prescription health remedies. Sites offering these products often provide some kind of diagnostic service, based on quite extensive demands for personal health details. This is a cause of some despair to the medical profession, which is constantly seeking to ensure that the very same information, when entrusted to its care, is kept under conditions of strict confidentiality.

However, anyone choosing to explain all their health problems to a Web site must be deemed to have done so voluntarily, and to have consented to the company's processing of this information. Civil libertarians can rage at this folly, but there is little they can do to intervene, since ultimately we must all be free to reveal private information if we wish. Nevertheless, wider issues of public policy arise immediately the information is passed on to another company, or used for purposes unconnected with the original order. It is here that the debate generated by the Internet is caught up in much wider discussions, which have been in progress for some time.

To sample the breadth of issues which have been caught up in the privacy debate it is best to go to one of the well-established sites, such as that of the American Civil Liberties Union (www.aclu.org) or Privacy International (www.privacyinternational.org). The ACLU site offers a long list of subject headings, including "cyber-liberties". Privacy International is perhaps not so well known. It was originally founded in the UK, and has been in action for more than ten years. Each year it holds a ceremony of Big Brother Awards, at which marketing companies have carried off a number of the prizes.

Other sites which go back several years, and which are concerned more specifically with privacy on the Internet, include the Electronic Frontier Foundation (www.eff.org) and the Electronic Privacy Information Centre (www.epic.org). EFF makes a particular effort to encourage consumer action, and has some lively pages on "defining digital identity". It also offers ideas on "the top 12 ways to protect your online privacy". EPIC also has consumer advice on offer, and provides a lengthy directory of tools which can be downloaded to protect privacy. However it devotes much of its space to details of its lobbying activities in the USA. A more recent arrival (founded in 1998) is the Privacy Exchange (www.privacyexchange.org), which includes a section devoted to privacy on the Internet. Privacy Exchange has a number of blue-chip corporate sponsors, and declares that it will be concerned only with the position of consumers in respect of their dealings with commercial enterprises, and not some of the broader political issues.

A fortnightly review of privacy issues is provided by the Privacy Times, at www.privacytimes.org. The full newsletter, issues fortnightly, is only available on subscription at a rate of £250 per year. This describes itself as being "designed for professionals and attorneys who need to follow the legislation, court rulings, industry developments and horror stories that frame the ongoing debate". For those who are reluctant to pay the subscription, various useful news reports are available on the site's free pages, particularly under the "e-commerce" thread.

Finally, the Global Internet Liberty Campaign at www.gilc.org has relatively little which relates specifically to Internet marketing, but provides some useful hyperlinks for relevant legal sources and official reports.

There is a strong US bias to all the sites mentioned so far. Comparable sites in the UK are fewer in number, and generally not so well resourced. Cyber-Rights & Cyber-Liberties (UK) can be found at www.cyber-rights.org This site, based in Leeds, includes submissions which it has prepared on legislative proposals relating to privacy on the Internet. The Campaign against Censorship of the Internet in Britain (www.liberty.org.uk/cacib) takes a more "fundamentalist" line in supporting individual freedom, and opposing regulation. Probably the best coverage of UK privacy issues is to be found at the Website of the Foundation for Internet Policy Research (www.fipr.org). This has an extensive archive of articles, and sound and video clips, but recently has signalled that it is having to curtail its coverage because of resource constraints. There is also a well-established site run by the Computer Security Research Centre at the London School of Economics (csrc.lse.ac.uk). This is mainly concerned with the mechanics of protection fore-commerce transactions, but has some material relevant to privacy.

Given the dominant influence of US companies on the content and operation of the Internet, the rest of the world is bound to take heed of the way US applies its legislative and other controls. At the same time, there are some major divergences between the approach taken by the US to the protection of personal information, and that of many other countries. In general, Americans place more faith in self-regulation. For example, Internet vendors can sign up to the schemes provided by Truste (www.truste.org) and the Better Business Bureau Online (www.bbbonline.org). In both cases, companies pay a fee, and give undertakings to abide by a code of practice. They are then entitled to display a distinctive "seal of approval" on their Web sites. While any public commitment to respect privacy principles is to be welcomed, those running the schemes have very limited power over their members. Criticisms can be found on various of the sites of the pressure groups mentioned earlier, alleging for example that the schemes cannot afford to be too rigorous, since their survival depends on maintaining a good income stream from subscription fees.

In member states of the European Union, and several other industrialised countries, the collection and use of personal information is covered by data protection legislation. In the UK, extensive information about the legal requirements can be found at the site of the Data Protection Commissioner, at www.dataprotection.gov.uk. Several of the Commissioner's recent annual reports are online. The 1999 report describes how the EU's Privacy Commissioners have begun to work closely together, now that all the member states are enforcing similar rules, as laid down in European Directive 95/46/EC. For example, they have joined forces to negotiate with other national bodies, particularly in the USA, over the conditions under which personal information may be transferred to and from the EU. The site provides advice for "data controllers" (i.e. any organisation which handles personal information), and lists conventional and Web addresses for more than 30 other data protection agencies around the world.

Each year, the Data Protection Commissioner sponsors a survey of business organisations and the public, to monitor attitudes to privacy (see, for example, the 1999 Annual Report, Appendix 5). The statistics suggest that the public is becoming, if anything, more suspicious about the way organisations handle personal information, and that while many businesses are fully aware of their legal responsibilities, there are still a substantial number (among small businesses particularly) which have only a vague idea of what is required.

It will be interesting to see how these figures unfold, as the e-commerce revolution gathers pace.

Andrew HawkerUniversity of Birmingham, UKTel: 0121 414 6675E-mail: A.Hawker@bham.ac.uk

Andrew provides an informative analysis of the privacy issue on the Internet. What does this mean for marketers?

The increasing emphasis on the ethical capture and use of consumer information and data needs to be addressed by all consumer friendly sites and marketers through explicit codes of use of data displayed on the site and through the use of concepts such as permission marketing (www.e2communications.com for example). Not to take seriously the consumers concern about the use of their data would risk loosing access to that data.

Rehan ul-HaqThe Birmingham Business School,The University of BirminghamTel: 0121 445 4715E-mail: r.ul-haq@bham.ac.uk