Last year, ads for Goodwill were served to people whose mobile phones had been spotted at thrift shops or second-hand stores in the past. The goal was to convince people who were cleaning out their closets and drawers to consider donating some of their rarely-used stuff to the charity group, and to raise awareness about its education and work training programs. Seems harmless, right?
It was one of a growing number of examples of what some mobile ad tech firms are calling Location Data 2.0. Location data isn’t just about being somewhere right this instant anymore. Today, mobile ad firms and location data players have expanded their offerings to include targeting and campaign measurement services that employ location data gathered over time, showing the patterns of people’s actual whereabouts. Did a mobile device show up in several fast food joints in the past month? Do people often stop at gas stations or convenience stores after hitting the grocery store? Or, on an arguably more sensitive note, was a device regularly spotted at liquor stores, bars or legal recreational cannabis dispensaries?
By associating consumer identifiers with patterns of physical activity and behaviors, advertisers today are gaining knowledge they never had before — information that, unlike survey research or other traditional means of understanding consumers holistically, can provide a remarkable level of insight. Needless to say, mobile tech and data firms are investing resources in creating ad products and services that take full advantage of this compiled information, and more often than not advertisers are gung ho about it.
Industry players are engaged in battle over who has the most accurate data, whose method works best for measuring a store visit or whose user panel is larger. However, what’s missing is industry self-reflection about whether it is acceptable for companies, many with no direct relationship with the consumer, to gather and use weeks’ or months’ worth of location data.
Location data firm Factual has seen its audience targeting services, which employ compiled location data to show that mobile devices have been spotted in car dealerships or fast food joints, for instance, “growing quickly,” said Rob Jonas, senior VP of revenue at Factual. The business used to revolve around consumers’ location at the moment, Jonas said. “Three years ago, proximity [related data] was the majority of our revenue — now it’s reversed.”
Looking at patterns also helps draw new connections.
“Definitely people are getting beyond the simple ‘you were at Macy’s therefore I should target you because you were at Macy’s,” said Dean Julia, CEO at Mobiquity Technologies, a firm that collects various forms of location data with a focus on visitors to shopping malls. The company is working on developing ways to use historically-compiled location data to track what it calls “the path to intent.” The data might reveal that people who visit Macy’s, for example, often stop at Starbucks after leaving the mall.
Especially in the past year, brand clients of MullenLowe Mediahub have been interested in and using services that employ compiled location data, said Daniel Davies, senior VP-director of media sciences at MullenLowe Mediahub.
“I get more questions or qualms or reluctance from advertisers still about cookie-based tracking,” he said, noting that clients express fewer concerns about building audiences based on whether their mobile devices — and by proxy, consumers — appeared in a Home Depot over the last few months. “I think we’ve scrutinized it less so far.”
Maybe it’s time for an industry gut-check.
“You’re right about that being a privacy concern,” said Kirsten McMullen, chief privacy officer and VP of compliance at mobile ad firm 4Info, regarding compiled location data. She pointed to a 2013 MIT research study that determined that it took only four data points to trace anonymized mobile phone location data back to an individual.
The company, which uses historical location data to determine the home address associated with a mobile device in order to surface offline data about that household or its residents, is “pretty aggressive about anybody trying to reidentify anybody,” said McMullen.
She said 4Info’s process for preventing reidentification involves discarding specific location information received through programmatic calls for ads to serve on mobile devices “as quickly as possible.” The more-precise location data is purged and replaced by data representing a general area, rather than a specific point on the map.
Advertisers don’t have qualms about this type of location data use, said McMullen. “Two or three years ago they did,” she said. “Everybody thought it was a little creepy.”
Not big in Europe
As advertisers in the U.S. gravitate towards using these newer forms of location data to infer audience behaviors and interests, and to measure whether their ads influenced people to shop, the practices remain controversial in Europe. Indeed, some firms operating here in the U.S. will not attempt the same practices in the EU.
In EU countries, where there are stricter privacy regulations, said 4Info CEO Tim Jenkins, “It’s pretty hard to crack that sort of granular individual level that we have here in the U.S. …. Technically, we could accomplish it, but privacy keeps us from doing it.”
With even tighter data privacy restrictions coming next year in the EU, much of what is happening in the U.S. now “is not going to fly in Europe” without “meaningful consent,” said Pam Dixon, founder and executive director of World Privacy Forum.
Today, most mobile location firms rely on the fact that people click to allow location tracking when download
ing mobile apps as user consent to pretty much any form of location data use. It’s unclear whether those “opt-ins” provide sufficient cover for the type of historical location data compiling that’s becoming the norm here in the U.S. “The compiling of location data over time is a topic in Europe and they don’t want it without consent,” said Dixon. “It is going to be a battlefield.”
McMullen said she does not believe the U.S., where the Federal Trade Commission must prove that people have been “harmed” by data practices in order for companies to be penalized, will limit historical data harvesting. “I honestly don’t think the U.S. is going to go in that direction,” she said.
“U.S. law around privacy is all based on harm, and in advertising technology the damage is mostly you got an ad you didn’t want to get,” McMullen added.
In the U.K., Stella Artois ran mobile display and video ads through mobile ad firm Blis, which used historic location behavioral data to predict that people were likely to visit a pub in the future if they had gone to one a couple or several times in the last month. The company applies predictive analytics to anonymized location data to identify patterns and create audience segments based on their predicted likelihood to visit a certain type of location.
Blis serves global ad clients including in the EU. When asked whether its data practices vary by country, the firm said it operates in the U.K. the same way that it does across all EU countries.
During the 2016 holiday season, Foursquare aimed mobile and desktop display and video ads in the U.S. for Brown-Forman’s Herradura to people whose mobile devices were found near shops, bars or restaurants where the brand is sold, or had been seen in those establishments in the past.
More recently, in honor of 4/20, the de facto holiday for marijuana enthusiasts, Foursquare also reported recently about people who frequent legal cannabis dispensaries in Alaska, Colorado, Oregon and Washington, finding that (shocker) they also prefer beer like IPAs and visit ski resorts.
Many data firms and ad tech companies have self-imposed rules prohibiting the use of data that could be deemed sensitive. Even during the early days of behavioral display advertising over a decade ago, companies including Tacoda pledged not to target ads based on sensitive information such as medical data or sexual preference.
Factual, for instance, does not allow audience targeting based on individuals or small groups of users, and does not allow the use of location data associated with family planning centers, medical facilities or adult video stores. Restrictions against targeting people based on visitations to places that could reveal that they have cancer or have undergone an abortion — or are merely a little kinky — are relatively common among companies enabling ad targeting. Should data that could indicate drinking or drug habits warrant the same protections?
“Privacy is something that Foursquare takes very seriously,” said Steven Rosenblatt, president of Foursquare. “Whether we are building consumer segments for advertising or for deep analytic studies like our recent story about legal recreational marijuana and its impact on the alcohol industry, we only share our data with advertisers in anonymized and aggregated form. Foursquare doesn’t have any revenue products that involve selling location trails at an individual or even device ID level.”
Mobile location data firms interviewed for this story stressed their dedication to encrypting data to prevent direct connections to individuals, yet there are no industry-wide accepted practices or U.S. government regulations preventing the use of such data in ways that weren’t originally intended. For instance, data reflecting drinking or drug use arguably could find its way into data models for targeting ads for health insurance plans, or even find its way into formulas used to calculate health or auto insurance rates or job eligibility.
The fact is that location data is flowing around the digital ecosystem with little control. Many of the firms that have built businesses on using mobile location data for ad targeting gather the data from ad calls made by programmatic ad systems. And audience segments like “frequent quick serve restaurant visitors” could be accessed for ad targeting as easily as they could be excluded from targeting parameters for health insurance ads, for instance. The Federal Trade Commission addressed the potential harm inflicted by discriminatory data practices during a 2014 workshop and subsequent report published in 2016.
“Even though data is used just for marketing, there’s no reason to think it will only be used just for that purpose,” said Dixon. “Those formulas — they are data hungry,” she said of data models used by insurance firms or other corporations.
There also do not appear to be industry-wide accepted practices for location data storage. For instance, Blis stores locations and other data associated with a particular device ID for up to 12 months, which it says is in line with the certification requirements of Truste, a privacy compliance company. Factual said it uses its data “actively” for 90 days, but storage length depends on client needs.
The days when search giants Google, Yahoo and Microsoft were on the hot seat for storing search data too long seem quaint now. In 2008, for example, Yahoo said it would only store search data for three months.
Today, we’re talking about data associating people’s actual whereabouts over time with identifiers that in some cases could be tied to other information about what they buy or their home addresses. But the industry is moving full steam ahead with little introspection.
“An array of hyper-local data marketing companies and their partners have helped unleash a major privacy nightmare,” argued Jeff Chester, executive director of the Center for Digital Democracy and a longtime vocal critic of what he perceives as ad industry privacy infringements. “But consumer and privacy groups are increasingly mobilizing to deal with this latest intrusion. The industry should expect strong pushback, especially at the local and state level.”