Peeking for Profits

Balancing targeted marketing with privacy, retailers walk a tight rope trying not to be creepy.

Paul Demery

Zappos.com, the footwear and apparel e-retailer, knows something about making money, having surged to $1 billion in annual online sales within its first decade before getting acquired by Amazon.com Inc. in 2009.

And it could make even more if it peeked into the personal interests its customers have shared on the web in order to target them with highly personalized ads—such as a display ad that greets them on their favorite news site with an offer for the exact pair of running shoes they recently viewed but didn't buy on Zappos.com, says Darrin Shamo, the footwear retailer's director of direct and online marketing.

But Zappos, which has built a reputation for a high level of customer service, prefers not to get too personal—or "creepy" —in the way it markets to customers, Shamo says. Instead, Zappos takes the analytics data it gathers on what customers view on Zappos.com and "dumbs it down" through its product recommendation engine to pitch in ads a general range of products a consumer is likely to buy. A shopper who showed a clear preference for a pair of Nike "Free Run+ 3" running shoes in gray and red trim, for instance, may see a retargeted ad for similar products in multiple brands and styles—but not the exact same Nike shoe she checked out on Zappos—while subsequently visiting another web site within one of the advertising networks Zappos uses.

"Showing people exactly what they had seen, and producing more targeted ad content always converts better," Shamo admits. "But we back away from the revenue opportunity for the sole purpose of improving the customer experience. We feel that, long term, we'll get more customers and more sales."

Pushing the privacy envelope

But Zappos also has another motive for shying away from displaying the most personal of ads. And that's to avoid adding fuel to the debate already raging around how marketers collect data about online consumers and use it to present targeted advertising. Legislators in Congress have introduced several bills about online privacy, and the Federal Trade Commission has also weighed in. The online advertising industry, meanwhile, is arguing for self-regulation. "If online marketers do more relevant marketing without getting too creepy, then we don't need legislation" or stricter industry guidelines, Shamo says.

If marketers go too far in pushing the privacy envelope, Shamo and others say, it could lead to a new combination of laws, industry guidelines and consumer practices that could not only blunt the effectiveness of targeted marketing campaigns, but also impede how retailers make it easier to shop their e-commerce sites.

At the core of these concerns is how online marketers and web site operators rely on software code, or cookies, they place in consumers' web browsers to track what consumers do on the web, and then use that information. Research shows that consumers already make an effort to limit their cookie intake and what information they let companies collect. About 30% of consumers routinely delete software cookies from their computers, and at an average frequency of four times per month, according to web measurement firm comScore Inc.

In addition, 57% of U.S. consumers who use mobile apps have either refused to install an app or uninstalled one after learning that it would collect more personal information than they wanted to share, according to a March 2012 study of 2,254 adults by the Pew Research Center's Internet & American Life Project.

Worries about e-commerce

If efforts by legislators and privacy advocates successfully push for stricter privacy rules or standards, online marketing and e-commerce sites themselves could undergo significant changes, experts say.

And if privacy advocates convince more consumers to block or delete cookies more routinely, it could hurt e-retailers because they would not be able to provide services, such as recognizing a returning customer, that online shoppers have grown to expect, experts say. "There's a consumer expectation for a certain degree of personalization in the e-commerce site experience," says Eoin Comerford, CEO of Moosejaw Mountaineering, which sells outdoor sporting goods through stores and online. "If we're not careful and let politicians handle this, and more consumers say they don't want to get tracked at all, it will hurt online retailing."

Comerford and others assert that software cookies—both the first-party cookies retail web sites set to track activity and tailor what consumers see to their browsing behavior, and the third-party cookies set by ad networks and data-collection companies that log consumers' behavior all across the web—could be compromised if trends in privacy rules lead consumers to block or delete cookies in large numbers. "I'm concerned that an overreach in privacy legislation will hurt some benefits customers experience in more personalized, more relevant merchandising and marketing," says Kevin Ertell, vice president of e-commerce at kitchenware retailer Sur La Table.

While no one is expecting a ban on tracking cookies, privacy trends could still lead to fundamental changes in how e-commerce sites operate. Already the web browser software consumers use is changing as a result of the privacy debate.

The Google Chrome browser, for example, offers several options for controlling cookies. One option lets users allow cookies set by a web site to track click activity only during a visitor's session, then automatically deletes them once the visitor closes her web browser. This wouldn't affect in-session activity; a site could still show a shopper who views a blouse matching pants during the same session and could retain her address and payment card information through the checkout flow.

But with cookies deleted at the end of every browser session, "the site would have no way to recognize visitors upon return, so the return experience cannot be personalized, shopping carts are not saved, recently viewed items are not saved," Comerford says. Moreover, he adds, this could also make it harder for marketing managers to understand consumers' paths to purchase, such as how many times a consumer visited a product page, read a review or watched a video before ultimately purchasing. That's because there would be no record of any pages viewed during a previous session.

In addition, Comerford says he's concerned that Chrome also allows users to block all third-party cookies. That includes cookies that allow a retailer to target a shopper who leaves its site with relevant ads when the shopper goes to another web site, and cookies set by service providers to recommend products to a consumer on a retail site based on the products she's viewed. Google did not return a request for comment, but a person familiar with Chrome said its blocking of third-party cookies does not distinguish between cookies that support web site services such as product recommendations and those used to target advertising.

Meanwhile, Microsoft Corp. earlier this year took cookie controls to a new level when it announced that its newest Internet Explorer web browser, IE10, now in a preview release, comes with a built-in do-not-track feature. This feature automatically requests web sites to honor do-not-track requests unless turned off by users.

Unless a user of IE10 opts out of the feature, the browser automatically sends a do-not-track request to the web sites reached with the browser. Site operators are then expected, but not legally required, to deactivate tracking cookies for that consumer. Microsoft makes available through Internet Explorer "tracking protection lists" that let consumers block or accept cookies from individual web sites, including hosted services that provide web site content such as recommendations as well as targeted ads, according to Microsoft.

Avoiding regulation

Mike Zaneis, senior vice president and general counsel for the Interactive Advertising Bureau, a trade group for online marketers, says that IE10's do-not-track requests won't be widely honored by web sites without a law requiring such action. But the advertising industry contends Microsoft's move, by making do-not-track requests common unless consumers override them, could pave the way for broad cookie blocking and deletion if pending and complementary federal legislation is passed requiring web sites to honor do-not-track requests. Microsoft's chief privacy officer, Brendon Lynch, counters that IE10 is designed to provide consumers the control over privacy they want while using the Internet, and that this can only improve the overall experience consumers have on the web.

Shamo of Zappos says an increased focus on online privacy could lead more consumers to become more acquainted with browser controls that act against cookies, but he asserts that consumers would have little desire to block or delete cookies if marketers avoid pushing behavioral marketing too far with highly personal ads, particularly ones shown to consumers repeatedly.

"If marketers just think about how to improve the user experience, privacy regulation wouldn't be required," Shamo says. "It comes down to that people want to see offers for relevant products, without the ads getting too personal and creepy."



Targeting ads in the race to the White House

When it comes to targeted online marketing, few organizations know more than the reelection campaign of President Barack Obama—except, perhaps, challenger Mitt Romney.

"Obama's campaign used digital micro-targeting very effectively in the last election, and we're seeing even more of it this year," says Mike Zaneis, senior vice president and general counsel, public policy, at the Interactive Advertising Bureau, a trade organization for online marketers.

The IAB, in a white paper released last month titled "Big data delivers on campaign promise: Microtargeted political advertising in Election 2012," cites estimates from Borrell Associates that election campaigns in the United States this year will spend about $160 million for online advertising. That's a tiny portion of total political ad dollars of $10 billion, but more than a six-fold increase over the $22.2 million spent on web ads in 2008.

And what do Obama, Romney and others get for all that spending on Internet ads? They get sophisticated campaigns that combine data from multiple online sources—including how often someone has visited an Obama or Romney campaign web site, the political views he's expressed publicly on Facebook or Twitter, and his interests in consumer products and services, the IAB says. The campaigns then mash that all up with data from offline sources, such as the individual's congressional district and the polling location where he votes.

The campaigns can then target consumers with fundraising pitches or requests to volunteer in get-out-the-vote efforts. Or they can combine them with helpful information, such as the location of an individual's voting location, so that when a voter surfs the web Nov. 6, he sees a candidate's ad telling him where to go to vote.

The tracking and targeting typically begins when an individual first visits a candidate's web site, triggering the placement of a software cookie in her web browser and enabling the candidate's campaign to serve up ads to the individual on other sites in an advertising network.

Neither the Obama nor the Romney campaign returned requests for information about their targeted online marketing campaigns. Buxton Co., a Fort Worth, Texas, digital marketing firm that has done work for Romney, declined to be interviewed.

The IAB's white paper notes that political campaigns shy away from using personally identifiable information from consumers who haven't agreed to provide it. But it also asserts that political campaigns may still need to learn how to better balance consumers' concerns about online privacy with their goals in targeted online marketing. It notes that a study by the University of Pennsylvania's Annenberg School for Communication last summer found that 86% of consumers prefer not to receive political ads tailored to their personal interests.

Perhaps the big winner on Election Day will be the candidate who manages to strike the right balance between privacy and targeting. It's a strategy retailers should consider in efforts to win over loyal customers.