Recently you might have noticed I have talked a lot about privacy, the end of third party cookies for publishers, and the problem with Google FLoC. However, I want to clarify more about what I actually mean by all of this.
When I talk about tracking, how do I define that problem?
To massively simplify things, when it comes to privacy, there are basically three groups of people.
The first group of people are those who don't see what the problem is. Their argument is that it doesn't harm or impact anyone. Instead, all it does is to provide better ads. They say that, instead of seeing ads for products that are completely pointless, now you will see ads that reflect your interests.
What's the problem with that?
In fact, back when this whole issue started, this was also the position of the press. In the first ever (English-language) article about tracking online, published in the Financial Times in February 1996, they pointed out this new problem, but then they ended the article saying this:
The only consolation is that breaches of privacy using this technology are unlikely to have any life-and-death consequences. The worst thing that most companies will do, after all, is try to sell you something.
In other words, this is a bit of a concern, but ¯\_(ツ)_/¯
This is also the mindset of pretty much every publisher online today. While journalists might write about the problems with privacy online, as a newspaper, you are still doing all the tracking you can possibly get away with.
This has led to some really awkward moments, like this example from Wired, telling everyone how bad the tech companies are for tracking you ... but before you can read the article, you first have to accept that Wired's 316 outside partners can track you as well.
So, publishers, in general (not just Wired), are very clearly in this first category of people. You might say that tracking is bad, but you clearly don't think it's a problem. And, of course, all the tech companies are in this category as well.
Then we come to the second group of people.
The second group of people look at this very differently (and this is the group I am in). This group is saying that tracking is fine, advertising is fine, personalization is fine, and services that use our data to make our lives better, that is all fine.
But what is not acceptable is to then give all this to companies we never interacted with.
In other words, this is not about whether you believe this is causing harm or not. The discussion is instead about trust and relationships. It's about the difference between first-party and third-party tracking.
For this group of people, first-party tracking is not only accepted, but desired. We love when companies use data to create better services.
For instance, it's great when your online grocery store remembers your past orders and then optimizes the experience so that you can order groceries even faster the next time. We love it when it tells us "Your top products are on sale right now".
We also love it when a fitness app continuously tracks us, so that we can see whether our efforts to become more healthy are working or not. We love it when our running app gives us a very nice graph.
We also love that we don't have to login to the website on every visit, but that it remembers us. We love that Spotify, Netflix, or Disney+ remembers what we like, and recommends similar things to make our evening choices better.
We love the extra security of smart devices, and our cars that can identify you and automatically adjust the seating. And we also love that newspapers can track what we read, and then create an even better news experience on your next visit.
I recently talked about newspapers in Norway, and how they are creating dynamic newsletters that are optimized for what you haven't read yet, instead of sending you links to something you might have seen already.
All of this is freaking awesome!
But what we don't want is to have this shared with others. All of these amazing experiences, and the data associated with it, should only exist between the companies that we interact with directly and ourselves.
Companies that we have never interacted with directly should never be allowed anywhere near this data.
So, the discussion is not about whether tracking is causing harm or not. That's irrelevant. Instead, it's about the relationship with your data, who is getting it, and why.
And this is where we see the problem. I mentioned my online grocery store above, and how I love that it keeps track of what I buy. It's brilliant and one of the reasons I keep using them.
But, when I recently checked the data Facebook had about me, on the list of 'outside sources' that have provided data to Facebook was my online grocery store. So, this store has not just collected data about me directly, it also shared parts of it with Facebook.
This is not okay. I didn't go to Facebook to buy groceries, so Facebook does not have the right to know anything about my eating habits, and it's a massive violation of both the trust and the relationship I had with that store that they decided to share this data in the first place.
Of course, my grocery store isn't the only company on that list. Here are some other companies who have directly uploaded data about me to Facebook:
Again, it's the same problem. I'm perfectly fine with the idea that newspapers show me ads and do tracking to create a better news experience. But what I'm not fine with is when the newspapers then start to send that data to others.
And, again, it isn't about whether any harm is being done. For instance, I sometimes buy things from LEGO, that's not really a secret. And when doing so, I have created a LEGO account where I earn VIP points. These can then be used to get rewards for being a loyal customer, like exclusive sets, or cheaper tickets to Legoland.
Again, that's great. But then I look at Facebook, and I see that LEGO has also uploaded some of my customer information to them. There is no real harm in that, but this is not okay.
LEGO doesn't get to tell other companies when I buy something from them. This is not data that should be shared. Facebook should not have the ability to know this.
I, myself, might choose to post on Facebook that I bought something, but that's my decision. But LEGO, as a store, should not tell anyone outside of LEGO if and when I buy something. That is completely unacceptable.
This is what categorizes people in this second category. It's not the tracking that is the problem (tracking is great). It's the destination of the data that is the problem.
I want LEGO to remember what kind of LEGO I'm interested in (basically all the NASA sets ;)). I like getting rewards. But stop telling Facebook about it!
But this is also where we come to why this discussion often goes wrong. Because this is not how publishers talk about things. Let me give you an example.
Take the example of Wired from before. When you visit their site (from Europe), you get this dialog box:
This dialog box is useless because it completely misses the point. Remember what I just said. Tracking is not the problem. I'm perfectly fine with allowing Wired to track what I read and to use that data to give me a better experience.
What I don't want is sharing. I don't want Wired to allow 316 outside partners to also get this data. I'm fine with Wired getting the data, but don't give it to other companies!
But look at this dialog box. There is nothing here that allows you to make that distinction because this box puts Wired's first-party tracking into the same group as third-party tracking.
You put me in a position where I can't answer this question. I like Wired as a publication. It's a great publication, and I know some of the editors who work there and they are brilliant people. So, I have no problem with Wired.
But you are not asking me to accept Wired. You are asking me to accept Wired + 316 outside companies and I have no idea who they are or what they are doing with my data.
There is no way that I can agree to this. You are asking the wrong question.
It's even worse when you click on the "show purposes". Now you get this:
Each one of the categories doesn't make the distinction between whether we are talking about Wired (first-party) or their 316 outside partners (third-party).
I can't answer this, and so my only choice is to turn everything off because I don't want Wired to send my browsing data to 316 outside companies. I don't want strangers that I never interact with to have any data about me.
Here is what this dialog should actually look like.
Now you are asking the right question. Now you are giving people the choice they actually need. And, in my case, I would click on the middle button because, again, I like Wired. I'm fine with them using my data to improve what they do, whether that's improving their journalistic focus, or to deliver me better ads.
But, I would never click on the third button. There is never a situation where I feel it's acceptable that one company can just give my data to whoever they please.
And, what annoys me as a media analyst is that everyone knows this. If you are a media executive, you know this as well as I do. You know that if you actually designed the dialog in this way, then nobody would accept third-party tracking.
So, the industry instead pretends that this doesn't exist, and changes the question. This way we can all pretend that people actually do want this.
This is where we are today. Everyone knows that this system is designed to ask the wrong question. But we do it anyway.
Finally, I mentioned there were three categories of people, so what's the third one? Well, it's the type of people who don't want tracking of any kind, neither first-party, nor third-party. They believe that they have the right to total anonymity.
This group of people are often called privacy absolutists.
No, I don't agree with this group, but I can understand how they come to believe what they believe. Two decades of ad tech, which we in the press have written negatively about on many occasions (see Wired's article above as an example), and it's no surprise that a percentage of the public just don't want to have anything to do with it at all.
However, this group is also misguided, because they don't actually mean what they say. And the reason is that nothing works online if there is no tracking of any kind.
A simple example, when you go to a web shop and you put an item in your shopping cart, the only reason why that's possible is because of tracking. The site needs to track both your unique visit, as well as any product you have chosen.
If you can't track that, then you can't buy something online.
So, privacy absolutists don't actually understand what it is they are saying, because they want to be able to use the internet to buy things, and to do all the other things that would only work if you can remember people.
There is also another problem with privacy absolutism, which is that many things are two-way. For instance, if you send someone an email where you make some kind of a deal, then you can't demand that they delete it.
It's the same thing with transaction data. Every business is legally required to do taxes and accounting, and to have all the receipts available if they are audited.
So regardless of how much people don't want to be tracked, transaction data is always tracked as a requirement by law. But, again, this isn't actually a problem. Transaction data doesn't violate people's privacy as long as it is kept first-party. It's only when a shop starts to share or sell that data to others that it becomes a problem.
So privacy absolutism is not actually a thing.
However, this again links back to what I said earlier. We need to change the way we talk about these things. The problem isn't actually with tracking. Sure, there are bad things with that too, but tracking as a concept is what creates better products.
The real problem is the destinations. Having a health app track how you are doing is great. But having a health app which then shares my health data with 300 outside companies is bad.
As publishers, it's vitally important that we understand why this is different. But, as you can see above, today, publishers and ad tech companies are intentionally mixing the two as if they are the same.
The result is very bad audience relationships, and that's not where we should be.
Almost every time a news site launched something new, they also cover the same stories the same way.
Editorial analytics is the tool we use to define how to report the news.
Google wants to build tracking into the browser, and then remove personal identifiers ... but is that good?
AIs can be both good and bad, but using an AI to fake some text is always bad.
Many people in the media wants newspapers to be tax exempt, but what about the rest of the media?
When a publishers says that WhatsApp converts 12 times more people than their website, what does that actually mean?
Facebook said that it wouldn't block misleading political ads, so let's talk about that
Cookies today are doing all kinds of bad things, but did you know that the original creators wanted to stop that?
We all knew this would happen, but Google won't pay publishers for snippets.
On Twitter and in the media we have created the problem that
Founder, media analyst, author, and publisher. Follow on Twitter
"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé