The exciting potential of R(eal) T(ime) M(arketing) and other new tools that use computer algorithms: just don't forget about some legal implications.
By Keri S. Brucei and Felix Hoferii
Recently we found ourselves debating the explosive attention marketers and related businesses have dedicated, over the past 12 months, to new techniques to target more efficiently their existing or prospective customers. Every day, numerous articles discuss the rapid expansion of the use of Real Time Bidding (RTB), Real Time Marketing (RTM) or some other programmatic buying system. New magazines are even specifically dedicated to the topic. Increasingly, similar words are coined at impressive speed, according to the perspective chosen for approaching the topic.
In the end, however, all these terms and acronyms simply stand for the concept of "delivering the right commercial communication, to the right person, at the right moment (or place) through the right device." Nothing exactly revolutionary or new, as many advertisers have been using advertising that employs online behavioral advertising (OBA) for some time.
The key to RTB is its algorithms. These algorithms, like those that are used in financial high-frequency trading, are subsets of computer programs that make calculations and process and analyze data in real time. In the context of RTB, these algorithms enable marketers to buy media automatically in real time, aggregate the results of a buy, and build on those results over time to identify connections, gain knowledge and optimize marketing plans. It is becoming a game changer for marketers. The technical progress in using very large, diverse data (often referred to as "Big Data") to deliver commercial communication provides not just advantages, but also challenges for advertisers and media and advertising agencies, as well as search engines and Big Data companies.
On one hand, traditional media, such as radio, television, press, outdoor, and sponsored links, face tough competition from new devices (and their applications) such as smart phones and tablets, and new media platforms, such as social media. It has been reported that RTB will grow at a rate of 53 percent per year in the United States between 2011 and 2016i, and that in 2012 RTB accounted for nearly 13 percent of all U.S. display advertising spending.ii According to recent studies, at the end of 2013, mobile search clicks are likely to attract approximately 20 percent 25 percent of the total amount of search clicks. Not such an impressive number by itself, but up by a double-digit number compared with the past year (and deemed to increase at similar speed in near future), which is very impressive.
On the other hand, new technology always goes hand-in-hand with an increased level of sophistication and a need for refined strategies: "predicting" search terms or content will soon be increasingly more important for efficient marketing in an on-line environment. Exciting times are definitely ahead for the advertising industry. But, not all that shines is necessarily made of gold.
The legal implications raised by these more advanced technologies are continuing to get lots of attention from regulators and law makers around the world. Advertisers, agencies, exchanges, publishers, search engines and the like that are taking advantage of RTB should understand the current legal landscape and should properly minimize risk before diving in.
The United States approach
While myriad legal issues can arise when using RTB, regulators, consumers groups and class action lawyers in the United States continue to be highly focused on privacy and data protection in online and mobile environments. The focus on this area is driven by many factors, including the general anxiety consumers have about being "tracked" and wanting to ensure their personally identifiable information (PII) and personal and private data is kept safe. and that it is not shared or used in ways that were not intended or disclosed. While anonymization and aggregation of data has provided some comfort in the past to data sharing, it's not perfect. There are real-life examples of where anonymization of data has failed, thereby allowing such information to be re-identified.iii Further, with the rapid advancement of technology, there is the possibility that re-identifying data may become easier.
While privacy and the protection of PII is already subject to a variety of U.S. laws and regulations, such as the Graham-Leach-Bliley Act (governs personal information collected by financial institutions), the Health Insurance Portability and Accountability Act (which regulates medical and health information), and numerous state laws, such as the California Online Privacy Protection Act, the online and mobile industries continue to be targeted for new legislation and regulations. In February 2013, U.S. Senator Jay Rockefeller introduced a law coined the "Do-Not-Track Online Act of 2013," which would require all web browsers, online companies, and app makers to give users a choice of opting out of being tracked online.iv In addition to laws and regulations directly relating to data protection in certain industries, other federal laws come into play and have been the basis of litigation and regulatory investigations, including:
Electronic Communications Privacy Act (ECPA), which prevents tracking and access to user behavior without consentv Federal Wiretap Actvi, part of the ECPA that provides for statutory damages if the contents of electronic communications are intentionally intercepted using a device Stored Electronic Communications Actvii, which provides penalties for anyone who "intentionally accesses without authorization a facility through which an electronic communication service is provided or ... intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system" Computer Fraud and Abuse Actviii, which is an anti-computer hacking law that prevents tracking of user behavior if it causes economic damage of $5,000 or more Section 5 of the FTC Actix, which prohibits deceptive acts and practices Children's Online Privacy Protection Actx, which was updated in December 2012 to expand privacy protections for children In addition to data and privacy issues, anti-competition concerns can come into play. We've already seen one major investigation by the FTC into whether a search engine's search algorithms and restrictions on use of certain data by advertisers across competitive platforms resulted in anticompetitive practices.xi While anti-competitive practices in the area of RTB may not necessarily pose direct liability for advertisers and agencies, the practices can nevertheless cause harm (and frustration) to advertisers and agencies.
So, what should advertisers and agencies do to manage risk as they delve into RTB?
Disclose and Abide By Privacy Policies