By Jared Chausow
By Katie Toth
By Elizabeth Flock
By Albert Samaha
By Anna Merlan
By Jon Campbell
By Jon Campbell
By Albert Samaha
The company had planned to combine the information it already collects from anonymous Web surfers with names and addresses in the database built by Abacus Direct. The strategy would have created the most complete profiles yet of individual Netizens, allowing marketers to see for the first time exactly who customers are, what they buy, and where they live. It was just the latest in a long line of attacks on privacyby now so commonplace that even President Clinton recently said he worries about the security of his private e-mail to daughter Chelsea.
Months of backlash from privacy advocates forced DoubleClick to abandon its scheme. CEO Kevin O'Connor said his company was wrong to stake out territory not yet covered by government and industry standards. "I made a mistake," he said.
This was not an apology, but it was a reversal. The same Kevin O'Connor last June laid out $1 billion in stock for Abacus Direct. Back then, he called the marriage a "historic day" for both companies. Net activists called it a historic threat to privacy.
Such fears have always seemed overblown to a large portion of the e-commerce community. DoubleClick wanted us to imagine the Internet as something like a bakery, with the company as the friendly lad behind the counter who remembers your name and your fondness for glazed doughnuts.
Venture capitalists and small investors found this vision enticing, and who can blame them? Headquartered in New York, with satellite offices around the world, the DoubleClick outfit was poised to ride the revolution. In four years it grew to 1800 employees. Boasting 1.5 billion of its ads appear on the Web every day, the company was an unstoppable success story.
Unstoppable, that is, until privacy advocates took a closer look at the kid behind the counter, noticed the mic on his apron, and shouted, "He's running a scam!" The clerk with the fresh face, they charged, wants to sell the secret of your little vice to every baker, grocer, and chef in town! Everywhere you go, it'll be glazed doughnut this, glazed doughnut that. The pressure to buy will be made unbearable by target marketing, with the ad volume cranked to a deafening 11.
Smash cut to O'Connor's announcement last week: "We commit today, that until there is agreement between government and industry on privacy standards, we will not link personally identifiable information to anonymous user activity across Web sites."
It was the company's first acknowledgment that its dream had a nightmarish edge, but it won't put an end to the debate. "This is just page one," predicts Marc Rotenberg, director of the Electronic Privacy Information Center. "We still need to get some privacy laws in place, because it was too easy for DoubleClick to move from a model of anonymity to personal profiling."
CEO O'Connor insists DoubleClick is a privacy leader, one that allows anyone to opt out of being profiled, educates consumers about privacy rights, and has even hired a chief privacy officer.
These changes were a long time coming. For over a year, the company had been the target of repeated attacksjabs from small Web sites, orchestrated campaigns in Washingtonas activists tried every play in the handbook. But DoubleClick remained unmoved.
The first broadside came from Junkbusters' Jason Catlett, in the form of a letter he wrote soon after the Abacus merger was proposed last June. Addressing both companies, he warned that privacy advocates could mount a public education campaign about privacy risks and might even "appeal to the Federal Trade Commission to disapprove the merger."
Over the next few months, DoubleClick stock rose steadily, despite the growing criticism. So Catlett dashed off another letter, this one to the managers of six "socially responsible" mutual funds. Catlett suggested they unload their DoubleClick stock because of "the harmful social effects of the imminent merger of DoubleClick and Abacus Direct, and of the current practices of the online advertising industry, which are severely damaging the fundamental human right of privacy." Then Catlett and others began working behind the scenes, pushing the FTC to step in until laws to regulate profiling could be passed.
Lawsuits hit in rapid succession. First, a woman in California sued for "unlawful business practices," alleging DoubleClick collected vast amounts of personal data from Web sites, including "hepatitis pages, pregnancy complication pages, sexual preference pages, and mental illness pages." Then five more private parties filed claims. Michigan attorney general Jennifer Granholm alleged DoubleClick had violated state law. The FTC began an investigation.
With complaints exploding like cluster bombs, DoubleClick's stock began to tremble; each announcement sent it lower. In February, USA Today ran a story saying DoubleClick had already started tracking surfers by name and address, only to have the company defend the practice as good for consumers and advertisers alike. The New York Times and The Wall Street Journal piled on with critical editorials. "The erosion of trust could seriously harm e-commerce," the Times warned.
Privately, company officials said they were baffled by the hostility. Aren't we, after all, living in an age when credit card companies already know everything? Why gang up on DoubleClick, which provides the banner ads that keep content on the Internet free? But the situation was even worse than the company thought. As Tom Watson, cofounder of atNewYork.com, wrote, it was reasonable "to argue that [DoubleClick's] privacy policies were no worse than most large operations on the Web (true). . . . But it cannot ignore the marketplace."