We know where you live

An almighty row has broken out in the US about privacy. DoubleClick, the world's largest Internet advertising company, which serves up over one billion online ads a day, is being painted as the spawn of the devil. It's crime? It paid $1 billion for Abacus, a direct marketing company with shopping details of 100 million Americans in its files. When news got out that DoubleClick planned to link the anonymous information it stored about people's online shopping habits with their real names, addresses and their real-world preferences, all hell broke loose.

An almighty row has broken out in the US about privacy. DoubleClick, the world's largest Internet advertising company, which serves up over one billion online ads a day, is being painted as the spawn of the devil. It's crime? It paid $1 billion for Abacus, a direct marketing company with shopping details of 100 million Americans in its files. When news got out that DoubleClick planned to link the anonymous information it stored about people's online shopping habits with their real names, addresses and their real-world preferences, all hell broke loose.

The company is being investigated by Federal authorities and by several state authorities; it has had law suits brought against it; it has had hundreds of negative stories written about it; and has seen its share price drop over 30 per cent since the start of the year. At the end of last week the pressure got too much. Kevin O'Connor, the company's CEO, was forced into a humiliating climb-down and issued a grovelling press release.

"I made a mistake by planning to merge names with anonymous user activity across Web sites in the absence of government and industry privacy standards," the statement read.

"... We commit today, that until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across Web sites."

But do we really need as much protection as the more hysterical parts of the US press claim? Wouldn't better targeting of advertisements benefit everyone?

In the early days of the Internet, adverts were delivered pretty much as they were in other media. A car site might carry adds about cars or car insurance or perhaps lifestyle advertising from British Airways. A site in France would carry French advertising, a site in The UK, UK advertising and so on.

But it did not take long for a couple of clever people, notably Kevin O'Connor and Kevin Ryan, the founders of DoubleClick, to think that the inherently flexible nature of the medium might be used to deliver a slightly more flexible message.

The key to this transformation are tiny files called "cookies". A web site can put a cookie on your hard disc when you visit it. If you go back to that web site again it can check if you have a cookie and say "Welcome back". Yet unless you register, the site has no way of knowing who you are - your address and phone number, etc. This is where DoubleClick has got itself in hot water.

Some sites using DoubleClick-delivered ads did ask for visitors' names and addresses and these could be passed on. Even worse in many people's eyes, the company created a sweepstake site called NetDeals.com expressly for the purpose of gathering people's names and addresses. And then there was Abacus.

Traditionally, Internet advertising information has been stored as "non-personally identifiable information" (NPII). DoubleClick and other advertising agencies store a cookie with a code number on your hard disc and details about your browsing habits on their computer systems. The only link between you and the information is the code number of your cookie and there has been traditionally no attempt to make any further link.

The advantages of some form of targeting for both advertiser and Internet users are potentially huge. By identifying you as a specific user, the next time you come to a DoubleClick site, the company's computers can tailor the advertising to the recipient. At its most basic that could be to say that you have already seen an advert six times, so better not show it again. Or, in a more sophisticated variant, it might say, well, he has been visiting house-buying sites, so lets show him an online mortgage- agency advertisement.

If you end up getting your mortgage cheaper at an online broker you might not have otherwise found, this would be a real benefit. If DoubleClick knew where you lived, it could even show adverts for estate agents in your local area which could also be very useful. This is where DoubleClick's rather inelegant handling of the situation may in fact be to consumers disadvantage in the long-term.

Targeted advertising can very often be appreciated by customers. Wouldn't you like to know what is showing at your local cinema, be informed about special offers at your local super market, perhaps even be told about local school events?

Engage is probably the second largest targeted advertising service. The brainchild of an honest-to-goodness rocket scientist, its whole structure is based around maintaining the anonymity of individual customers. It also claims to have even more sophisticated methods for modelling the habits of net users than DoubleClick.

It splits sites into 800 main subject areas and stores information about your overall interests and your current interests. It uses patented algorithms to give differing weight to different characteristics of your browsing. The company studies the recency (how recently you visited a site), the frequency of visiting sites of that type and the duration of your visits. From this information it delivers advertising that it thinks will appeal to you and will be relevant to your needs.

Engage can also store a lot more information about you, including where you live - but only the general area. "We operate a double blind policy," says Peter Chaplin, international vice president of Engage. "We have always worked from the principal of data protection first and information second".

That means that Engage will take addresses if you register at a participating site (which must display a privacy policy prominently), but it will only use the first four digits of your post code. "In any real sense that will maintain customers' anonymity while at the same time allowing us to offer locally based information," says Mr Chaplin.

In the UK DoubleClick has not started to try and link up real world information with database material. Abacus does have a joint venture with international magazine publisher VNU in the UK but, following DoubleClick's mauling in the US, it looks unlikely that it will try and bring the two companies together.

So does that make Abacus a worthless purchase? Not at all, according to a bullish Kevin Ryan, DoubleClick's president. He believes that just as dot.com companies have used traditional advertising, so they will turn to that other tried and tested method of communications - direct marketing. But this does not mean necessarily that our doormats will be deluged with vast numbers of dot.com envelopes.

"We have had tremendous success with e-mail as a direct market tool," he said. But as to linking up addresses and online data that will have to wait. "Targeted advertising is good for both sides but we do need to protect privacy."

For the moment the company is keeping its head down. Nothing is going to move forward until the US government and the Internet industry can agree how to proceed. That, Mr Ryan seems to think, will come in the next two months or so, but some pundits believe it may take years. In the meantime, DoubleClick is beefing up its opt-out options so you can avoid being monitored at all, is advertising for a privacy czar, has appointed Pricewaterhouse Coopers to perform privacy audits and is generally licking its wounds.

The company certainly feels a little hard done by. After all, points out Mr Ryan, if you buy a sweater in a store using a credit card that is noted in several databases, you are not given the option of opting out of that.

"For the moment people have been focusing on the down side and that is a pity," says Mr Ryan. "Consumers are certainly better served by targeted information. That is a fact. The online advertising market has progressed a long way from its rudimentary beginnings. While we have to have privacy at the top of the agenda, I really do believe that customers will welcome a more rigorous advertising environment where they are offered less irrelevant advertisements and more advertisements they are actually interested in. It might take a while for us to move forward but I believe the need for more targeted advertising is absolutely compelling."