Reveal a little to hide a lot: Acxiom’s consumer data portal

In early September 2013 the consumer marketing data company Acxiom unveiled a new website: AboutTheData.com. The site is billed as a resource for consumers seeking answers to “questions about the data that fuels marketing” and has been received by some as a welcome opportunity to peek under the hood of one of the nation’s largest data brokers. In the words of Acxiom’s CEO Scott Howe: “Companies like ours haven’t historically done a good job of educating people on what we do with data about them. Largely because of that, misperceptions abound.”

aboutthedata

Much of the site’s content purports to address these misperceptions, providing generalized responses to questions such as “Why is data about me important to companies?” (because we expect personalized interactions) and “How do companies get data about me and what do they do with it?” (they get it from public sources and our online activities and use it to show us relevant ads that do not waste our time). The language is sanitized and the design is excellent. No surprises here. But another component of the site offers a much more personalized experience and presents an opportunity to think a bit more deeply about the politics of data brokerage.

The site’s data portal invites users to enter their names, addresses and last four digits of their social security numbers to access their very own marketing profiles. For the first time, Acxiom is allowing individuals to see the information the company has collected about them and their households across six categories spanning demographic, residential, vehicle, economic, purchase history, and interest information. Within these categories are specific data points regarding age, gender, marital status, occupation, income, credit, home ownership, property type, and online and offline purchasing records. And this is a non-exhaustive list. Further, the portal allows users to edit their profile information and suppress the use of certain data for marketing purposes. There is also an opt-out option (more on that below).

One valuable way to understand these developments is through the lens of audience labor: the enrollment of consumers into maintaining their own marketing profiles. Acxiom’s framing of the portal as a chance for people to edit their data in order to receive more relevant advertising fits squarely within the trajectory of media consumers’ accelerating participation in the valorization of surveillance (Cohen, 2008). A related perspective, and the one I focus on here, is the broader political economy (Pickard, 2013) of data brokerage. This approach provides insights into the historical context and structural imperatives behind Acxiom’s actions and let’s us make some theoretical points about the politics of advertising and marketing more generally.

Advertising, like the commercial media system at large, is fundamentally shaped not only by media markets, but public policy as well. As McChesney (2004) and others have noted, advertising depends generally upon the existence of profit-seeking media, but also upon a set of focused policies ranging from the tax deductibility of ad expenditures to advertisers’ broad latitude to make misleading and bombastic claims. As advertising has pivoted around increasingly pervasive consumer surveillance, maintaining a public policy regime based on industry self-regulation and “opt-out” principles has become a top priority for the entire marketing complex.

Data collection practices have come under scrutiny in recent years from regulators, legislators, and the White House itself. In 2012 both the Federal Trade Commission (FTC) and the White House issued extensive reports calling upon Congress to enact comprehensive consumer privacy legislation. Each stressed the importance of establishing baseline standards for transparency, security, and choice regarding corporate data collection. Indeed, Congress introduced nearly a dozen bills between 2010 and 2012 addressing data security and transparency issues, including broad-based legislation such as the Commercial Privacy Bill of Rights Act and Consumer Privacy Protection Act. While the merits of individual proposals are certainly worth debating and none of these measures gained much traction in Congress, it is clear that Washington has become increasingly interested in the activities of data brokers.

Operating for decades without significant regulatory oversight and relatively unknown to everyday consumers, data brokers like Acxiom have become a particular focus of concern among policymakers. The FTC singled out “information brokers” as a group deserving of specific legislation regarding data transparency, while members of the Congressional Privacy Caucus opened a “sweeping investigation” into nine leading companies in the sector, including Acxiom. Representative Edward Markey of Massachusetts has pledged to “push for whatever steps are necessary to make sure Americans know how this industry operates and are granted control over their own information.”

These proposals and inquiries manifested while Acxiom and other data brokers have pursued aggressive expansion, especially into internet-based services. In 2012, Acxiom claimed to possess marketing information about 500 million individuals worldwide with about 1,500 data points per person. A year later the company upgraded these figures to 700 million individuals at 3,000 data points per person (Annual report, p. 8). In February the company announced a partnership with Facebook to allow marketers to match data gathered through shopper loyalty programs to individual Facebook profiles. Perhaps most importantly, the AboutTheData site predated the release of Acxiom’s new Audience Operating System (AOS), a cloud-based platform enabling “marketers to connect all types of traditionally disconnected data and – for the first time – to create a truly singular view of the consumer.” The AOS is meant to deliver the holy grail of the consumer data industry: one-to-one marketing.

In this context, what has been framed by Acxiom primarily as a proactive move is clearly a defensive measure meant to influence public opinion and fend off government regulation: a public relations parry based on transparency. Described by The New York Times as a “novel” tactic of openness, the transparency parry is a well worn strategy in the business of consumer data collection. Reveal a little to hide a lot.

In the late 1990s, the first generation of online data brokers used this tactic in contests with regulators and privacy advocates to determine what rules, if any, would govern internet data collection and use, broadly conceived (Crain, 2013). Though not as sophisticated as contemporary practices, online consumer data collection was nevertheless rampant by 1998 and completely outside of regulatory purview. Flush with dotcom era finance capital, companies like DoubleClick (now part of Google) and Engage (now part of Microsoft) developed massive consumer profiling and ad targeting capacities, which attracted the attention of privacy advocates, who marshaled policy-makers into action.

Data brokers, online advertising companies, web publishers, and marketers formed coalitions and trade groups to fend off regulatory threats and maintain the status quo of industry self-regulation. Their weapon of choice was the PR parry. When the FTC (reluctant leader of the regulatory effort) found that 85% of major websites collected consumer information while just 14% disclosed such practices, data brokers and the Direct Marketing Association led a campaign to encourage companies to post privacy policies. When most policies proved to be incomprehensible, data brokers created templates for general use. Even then (and still today), rather than providing genuine transparency, privacy policies “let users know as little as possible about data collection activities, in as polite but complex a fashion as possible so that they wouldn’t understand what was going on but could feel good about them (Turow, 2011, p. 83).” The introduction of privacy policies forestalled action by the FTC, which was persuaded to give industry more time to develop effective measures of self-regulation. Reveal a little, hide a lot.

The fight escalated as data brokers announced efforts to merge online information with personally identifiable offline data. With increasing public concern regarding internet privacy, Congress considered adopting “opt-in” legislation mandating that companies obtain prior consent from web users regarding data collection. Citing a renewed commitment to transparency, data brokers developed privacy portals like DoubleClick’s Privacychoices.org, which provided information about data practices and offered consumers a mechanism to “opt-out” of data collection. Though horribly broken in scope and implementation, opt-out became generalized enough to curtail opt-in proposals.

On the basis of a veneer of transparency and consumer choice, industry self-regulation was established as the default system of governance for online data collection. For a policy-making apparatus unfit to withstand concentrated commercial power, this is to be expected. However, the status quo remains challengeable, especially considering the accelerating scale and scope of corporate and governmental surveillance. Many of the privacy advocates that cut their teeth in the 1990s such as the Electronic Privacy Information Center continue to push for regulatory enforcement of meaningful data protections. For data brokers of all kinds, the PR transparency parry remains as important as ever. In 2009 for example, Google created its Dashboard privacy control center in the midst of renewed FTC investigations and Congressional hearings. Acxiom’s efforts are simply the latest installment in this historical progression.

There is a certain degree of instrumental merit to data brokers’ efforts to lift the curtain. Acxiom’s site does present a jarring, if incomplete, snapshot of the breadth of information collected about us. But the bigger picture here is that because we have an extremely limited political baseline for consumer protections, something like AboutTheData is considered “industry leading” or even progressive. A standard was set that engenders what Andrejevic (2009) identifies as an “asymmetrical loss of privacy.” Individuals grow “increasingly transparent to both public and private monitoring agencies, even as the actions of these agencies remain stubbornly opaque in the face of technologies that make collecting, sharing, and analyzing large amounts of information easier than ever before” (p. 7).

The PR transparency parry looks to defuse threats while leaving privacy asymmetry in tact. Most of the information revealed on Acxiom’s site falls into the category of “core data,” basic bits of information collected from various sources. Much less represented are “derived data,” the categories of consumption and lifestyle that are attached to consumers based on algorithmic interpretation of “core data.” Moreover, Acxiom’s implementation of “opt-out” functionality might be called flawed, but disingenuous is a more accurate descriptor. Even with full understanding that offering opt-out is low risk based on studies of consumer behavior, Acxiom’s process is complex and convoluted, requiring a long trail of clicks and multiple forms corresponding to different “services.” The online tracking opt-out mechanism uses the industry standard practice of employing a “do not track” browser cookie that gets erased if cookies are ever cleared wholesale.

The asymmetry of privacy, in conjunction with the unabashed invitation to maintain our own marketing profiles betrays the fundamental cynicism that undergirds the business model of the data broker industry. The efforts of privacy advocates and the threat of legislation have forced Acxiom to tip its cards for the first time. As we begin to examine the marketing data that has been newly revealed about ourselves, we should remember that Acxiom still has much to hide.