Ethics of web tracking
October 20, 2017 1:38 PM   Subscribe

Is it acceptable for a company to track activity on its web site like this?

A company sends out an email newsletter, fully legitimate and opt-in. Its article titles link to the newsletter content, which lives on the company's web site.

Unlike a random site visitor, the newsletter visitor is known to the company, and it's easy to know exactly what interests each one.

Business intelligence is knowing who’s doing what in your market -- who’s looking to expand a shop floor, outsource HR, grow a product line, acquire a competitor? That knowledge is marketing gold for firms that provision or support such activities. Other examples abound.

But can a company ethically use its opt-in newsletters to match recipients to clicks?

If so, what permission is appropriate?

(Note that this question is not about gathering anonymous or aggregate data, or about how Google serves relevant ads w/o specific customer info.)
posted by LonnieK to Technology (9 answers total) 1 user marked this as a favorite
 
I don't know anything about ethics in business, but I will note that every mass email campaign I'm aware of has the capability to do this. Although the information isn't always used, it is almost always collected.
posted by saeculorum at 1:43 PM on October 20, 2017 [3 favorites]


We are asked to consider personalized tracking of clicks via opt-in newsletter, wherein the business engages in selling or otherwise exploiting this business intelligence.
I'm sure some people find that unacceptable and unethical, and some would find it fine. I suspect it may be illegal in some jurisdictions unless the small print explaining said usage is provided to the customer at time of opt int. But I'm also sure this is not illegal in many places.

But I'm not clear on what you are looking for, because reasonable people differ in what they find acceptable when patronizing businesses.
So: do you want our opinions as a straw poll? Legal information appropriate to some location? Resources on debating the ethics? Other? Some clarification may help you get better responses.
posted by SaltySalticid at 1:48 PM on October 20, 2017 [2 favorites]


But can a company ethically use its opt-in newsletters to match recipients to clicks?

What you're describing is built-in feature of MailChimp, Constant Contact, and a few other newsletter services I've used.

I think the technology can be used ethically - to promote related products/services/articles that the recipient might actually be interested in. It can also be used unethically, say to discriminate against a recipient because of the types of articles they prefer.

I don't think any permissions are necessary. Either sign up for the newsletter list or don't. Even if you did ask for/show some kind of privacy statement, nobody would read it.
posted by paulcole at 1:48 PM on October 20, 2017 [1 favorite]


Ethically, if you disclose that you're doing this in your privacy policy when a user signs up, then I don't see a problem. You should have a privacy policy that you've vetted with a lawyer though.

Legally, you should talk to your lawyer about what privacy laws exist for this scenario; generally if you get opt-in consent for tracking via the aforementioned disclosure, you should be in the clear, but IANAL and TINLA. This kind of tracking is the rule, rather than the exception though; at minimum people sending email marketing campaigns (including newsletters) want to track things like click-through rates and the like.
posted by Aleyn at 1:49 PM on October 20, 2017 [1 favorite]


If you're looking for a pretense under which to do it, I'd think that a common one would be that you want to "personalize the experience" of visiting the web site for the newsletter recipient.
posted by XMLicious at 1:51 PM on October 20, 2017


Ethically, I dunno. But many many businesses do it. I even know one that rates customers over time by number of times they've opened emails, among other things.
posted by miyabo at 1:51 PM on October 20, 2017


I think the ethics come into play when you start using this type of data, many big companies head blindly down the "Business Intelligence" route until they do something truly dumb and/or illegal like charging higher prices to registered customers.
In other words you can't just say at the point of collection, OK we collected this data ethically so now it's open season, we can mix it up with purchase history, credit references etc etc and do whatever we want.
posted by Lanark at 2:57 PM on October 20, 2017 [1 favorite]


Please don't distinguish ethically between collecting and using this information. Once you have collected it, it's likely that the choice of using it becomes someone else's. The person collecting it is not the same as the person in charge of marketing, who is not the same as the CEO, who is not the same as an ambitious new intern, who is not the same as the chair of the board.
posted by Hypatia at 7:21 PM on October 20, 2017


> But can a company ethically use its opt-in newsletters to match recipients to clicks?

A web-based entity (whether that's a merchant, charitable organization, bank, etc.) has, depending on the extensiveness of their user analytics infrastructure, already singularly identified you based on your behavior on sites (the browser(s) and device(s) you have used, the searches you made, links you have clicked, links your mouse hovered over for a significant period without clicking, how far you scrolled down certain product pages; all of which is evaluated to estimate your interest in particular products or types of products). When you return to that site, even if you use distinct and separate Incognito or Private browser tabs for each visit, you still run a variable risk of being identified as a return prospect based on available correlations between your browsing behavior and some of the (relatively) identifiable characteristics provided by your computer, tablet or phone to the vendor -- the usual difference is instead of being treated positively as a return customer, you're treated as an unknown user with a high statistical correlation in those interests and behaviors.

If that web-based entity has brick-and-mortar locations, hosts events, or otherwise has a hand in things outside of its website, any data collected on you there is incorporated into your profile as well. The entity can also purchase customer/prospect data from similar entities or from marketing firms (which is probable for any mid-tier vendor), they have pre-existing records on your interests, and so on; this can include (depending on the marketing data being purchased) not only your online purchase habits but your credit, geographic location, residence, vehicles owned, shopping habits, travel activity, magazines read, TV shows watched, dining preferences, and so on.

One key difference between general commercial email and spam is that the former addresses interests that they're aware you may have, while the latter is blind. ("general commercial email" for this argument includes everything from BUY NOW! advertisements to newsletters from non-profit organizations, whether opt-in or opt-out) That tracking is instrumental to making the commercial email nominally useful and interesting to the recipient, by contributing to those user activity records.

Email analytic tools seem highly intrusive, but all they're really doing is normalizing email-user-activity tracking to the level already available within websites. Any entity can choose to collect less data, or to retain less data than it is able to collect (for example, use unique identifiers in incoming links but not store them in browsing activity records), but there's no assurance that the bulk email service that entity used does not, themselves, store the data for later use. For example: MailOrangutan know that you opted into emails from charitable organizations A, B, C, small businesses D, E, and private newsletters from person F, and knows when you received them, which ones you opened, when, and on what device you used, and whether you clicked on any links in them; this is arguably more information about you than entities A through F can have because MailOrangutan can aggregate the breadth of that data to profile you, and the onus is on MailOrangutan to not exploit that data for further gain (whether by reselling the info -- discrete or aggregated -- to entities A-F, or by selling batches of user records to other third parties)

So as Lanark says, the ethics question is not with regards to whether it should be done, but how the result is used. And the utility of a single identified click is only useful as a contribution to the datasets (of the behavior of each individual) and analytics (of how that newsletter link succeeded or failed for the duration of the newsletter campaign).

So you have a valuable question about email tracking, but I don't think email tracking is an issue separate from the ethics around the large-scale user data aggregation of which it is a part. The tracking in a unique identifier provided in an email has relatively little value if there's nothing to correlate it with; its value is its contribution to the volume of extant data about you and what can be gleaned from that. Removing the tracking information in the email will make it more difficult to glean the specifics of user behavior but will only make vague, rather than eliminate, how any given user or the aggregate of users responded to an email campaign. Therefore the ethical question is not whether the user should tracked, but how an entity conducting the campaign should use the breadth of tracking data.
posted by at by at 6:52 AM on October 21, 2017 [1 favorite]


« Older 48 hours in Redmond   |   Is there a dark side to Habitat for Humanity Newer »
This thread is closed to new comments.