You Think What Would Be Creepy?!

February 6th, 2010

On January 28, I was honored to be a part of the FTC’s second panel in a series of three that focuses on consumer online privacy. Hosted by the Berkeley Center for Law and Technology, this second of three public events was designed to explore the privacy challenges that are posed by technology and business practices that collect and use consumer data. Mine was the first panel that discussed the landscape and tee’d up additional panels that looked at privacy as it relates to social networking, cloud computing, mobile computing and legislation around ever-evolving technologies.

To listen to hear my comments which were quite colorful and got the room roaring, view the FTC’s webcast. The third FTC roundtable is scheduled for March 17 in Washington, DC.

Additionally, I was part of this year’s State of the Net conference held on January 27 in Washington, DC. My panel, “Debating the Framework for Online Privacy” also included Chuck Curran of Network Advertising Initiative, The Honorable Philip Dunne a Member of UK Parliament, Marc Groman of the House Committee on Energy & Commerce, and Ari Schwartz the VP and COO of Center for Democracy and Technology. The panel focused on aspects of Fair Information Practices that may be the basis for federal privacy legislation. The evening prior to the main event allowed for networking and education on Yahoo!’s privacy efforts (focusing on Ad Interest Manager and our upcoming CLEAR Ad Notice) to members and staffers on the Hill.

It continues to be a real pleasure for me to participate in these panels and provide insight into how companies like Yahoo! can provide a more compelling online experience while placing a premium on user privacy. By bringing content and advertising to you that is relevant and tailored to your interests, our customized “smart” services save you time and cut through the clutter. At the same time, Yahoo! is proud to be an industry leader with our commitment to data privacy, leading the way in establishing a relationship of trust with our users and implementing responsible self-regulation.

Anne Toth
VP Global Policy & Head of Privacy
Yahoo!

Posted in Privacy | No Comments »

Yahoo! Europe’s Ad Interest Manager and European Public Policy

January 27th, 2010

Yahoo! was very pleased to participate in a recent IAPP-hosted conference entitled “The New EU Cookie Consent Law – What is Your Strategy?” Rosa Barcelo, a Senior Lawyer in the European Data Protection Supervisor’s Office and Eduardo Ustaran, Partner and Head of the Privacy and Information Law Group, Field Fisher Waterhouse LLP rounded out the engaging discussion allowing me to give a company perspective on the issue.

The conversation focused on European public policy debates about cookies – what they are, how they are used to power products and services on a website, where this fits within emerging European legal framework(s) and what controls exist for users around such technologies? The group discussed where we’ve been under the earlier ePrivacy Directive, and where we may be going to reinforce website users’ meaningful control over their online experience.

An amendment to the ePrivacy Directive recently passed into law requires consent of Internet users before programs (including cookie files) can be placed on their computers. All that remains for the law to go into force is implementation on the local level by the EU Member States over the next 18 months. Over the coming year, the public policy community will look at current practices, emerging consumer transparency and control mechanisms, and the evolution of consumer privacy communications as an indicator of how Member States and companies themselves will manifest this “update” to the Directive through real consumer enhancements.

It was against this backdrop that I was glad to share the recent BETA versions of Yahoo!’s own work in this arena, in the form of Yahoo!’s Ad Interest Manager. Now available on Yahoo!’s French, Spanish, Italian, German, UK and Ireland sites, Ad Interest Manager takes an innovative approach to consumer transparency and control around interest-based advertising. As our users will see, these tools provide an unprecedented view into both the advertising categories used to choose the most relevant ads for them on our websites, but also a view into the information used to make those decisions. Powered with this information, users can exercise strong control over both the individual categories assigned for their browser and the interest-based advertising program a whole.

Thanks again to Ms. Barcelo, Mr. Ustaran and the rest of the team at the IAPP for a thoughtful and informative session!

If interested in hearing more about this conversation, the conference was recorded and is available on the IAPP website.

On a related upcoming note, Chris Sherwood—Yahoo!’s Public Policy Director in Brussels–will be speaking at a meeting of the European Parliament’s new Privacy Platform on Wednesday Jan 27th, specifically about our Ad Interest Manager project and the innovations that we’ve brought to our European consumers through these tools. The event is entitled “awareness and empowerment: the role of users in privacy protection.” Anyone interested in attending should contact Sophie In ‘t Veld, MEP.

Justin B. Weiss
Director – International Privacy
Yahoo! Inc.

Posted in Privacy | No Comments »

2009 in Review

January 24th, 2010

Happy New Year!  Yahoo! is very excited about all of the progress we made in 2009 and look forward to an equally productive year for consumer privacy in 2010.

Here is a look back at some of Yahoo!’s big wins for consumers in 2009…

User Transparency:

  • We launched Ad Interest Manager (privacy.yahoo.com/aim) which offers users unparalleled insight into their activities at Yahoo! and more control over Yahoo’s use of data for display interest based advertising.
  • We added a new footer link called “About Our Ads” to almost every page at Yahoo! so that more information about our ad personalization and serving practices – including a link to the Ad Interest Manager is just a click away.
  • We served nearly 2 BILLION public service announcement ads across Yahoo! explaining our ad personalization and serving practices – including a link to user controls for interest based advertising.
  • We refreshed the look and feel of the Privacy Center in the US and are in the process of rolling out these updates globally.
  • Yahoo!, in collaboration with the ad industry, launched experiments in new forms of user notice in close proximity to ads (check out the “AdChoice” link at http://green.yahoo.com/living-green).

User Control:

  • Yahoo! allowed logged in users to make their opt-out choice persistent.  For users who select to do so, they can associate their opt-out with their Yahoo! account – this means the opt out will be refreshed each time a user logs in on any computer or device.
  • We extended the opt-out to our mobile platform – including persistence for logged in users.  This allows user choice to seamlessly flow across computing devices.
  • We changed opt-out cookie expiration dates from the standard 2 years we apply to Yahoo! cookies to 20 years so that opt-out cookies are less likely to expire – making user preferences more durable.
  • We updated our web servers and data handling processes to remove opted-out user activity from our ad interest systems.

Data Anonymization:

  • While not strictly in 2009 Yahoo! announced a game changing user data log retention policy in late 2008 to anonymize user data log events (searches, ad views, ad clicks, page views, and page clicks) within 90 days (with some exceptions for security and fraud abuse detection and defense needs and to meet legal obligations).
  • We’ve made great strides in 2009 and are on track for implementing anonymization across Yahoo! systems in 2010.

Shane Wiley
Sr. Director – Privacy & Data Governance
Yahoo!

Posted in Privacy | No Comments »

Yahoo!’s Mobile Safety Tips

January 15th, 2010

During this holiday season, a slew of new mobile devices were brought into the home and put into the hands of teens.   And its no big surprise — kids today rely on mobile devices to engage with the Internet, consume information, and connect with friends and family members.  According to an August 2009 Pew Internet & American Life Project research study, cell phone usage among teens ages 12 – 17 is up 26 percentage points from 2004 to 2008.  And by the age of 17, eight in ten teens (84%) have their own cell phone.  With access to these powerful communication tools, teens need to be empowered and educated on how to be digital citizens, how to manage their online reputations, and how to make personal mobile safety a priority.

At Yahoo!, we recognize this need for education – among kids and parents – and we have developed this list of mobile safety tips.  We have been working closely with national child safety advocates, law enforcement agencies, educational leaders, and parents to help coach youth about protecting their online personas and creating a safer online experience.

  1. Think before you send. Stop, and think before you share a thought or forward a photo.  Imagine your grandmother or principal on the receiving end.
  2. Protect your personal information. When you send email, texts, photos or instant messages to people who are not trusted friends or family, don’t give out personal information they could use to find your physical location or exploit you. Guard your password like a hawk.
  3. Control negativity.  Think carefully about who you want to communicate with and who you should ignore.  Yahoo! Mail and Yahoo! Messenger have features that allow you to block people. If you receive abusive or harassing messages online, report the abuse where and when you see it.
  4. Use Safe Search. Yahoo! offers a default Safe Search filter to help keep inappropriate content out of your search results. While no filter can guarantee 100% removal of all inappropriate content, using a filter like Safe Search will make a big difference in keeping unwanted material out of your search results.
  5. Download applications from trusted sources only! If you download software from a third party, be sure to only download applications from developers you trust. And, read their Terms of Service and privacy policies to really understand what you’re giving them permission to do when you download their app.
  6. Never Text while Driving. This should be obvious, but you’d have to have super hero powers to be able to read, type and drive at the same time, not to mention that it’s illegal in some states.

For more detailed information about mobile safety, check out the blogs and guidelines on Yahoo! Safely, and the excellent content on texting and sexting provided by our partners at www.netsmartz.org and www.connectsafely.org.

Catherine Teitelbaum, Yahoo!’s Director of Child Safety and Product Policy

Posted in Mobile, Online Safety | No Comments »

Yahoo! Making the Internet Safer

November 20th, 2009

Yahoo! has been a long-time leader and advocate for online child safety.  Over the years we have made it a priority to protect children online by creating the Yahoo! Safely website to educate parents and children, collaborating with child safety experts and organizations, hosting annual safety summits with educators, and participating in thought leadership events.

Most recently, I attended the Family Online Safety Institute’s (FOSI) online safety conference, which brings together leaders from government, industry, education and nonprofits to discuss how to best encourage responsible use on the Internet.   As a board member of FOSI, and passionate advocate for online child safety, I was honored to participate on a panel addressing how to get kids hooked on safety when they are young.  The panel discussed safety tools for children’s websites, how to encourage digital citizenship, and resources for parents.  The best practices that were shared included:  engaging parents in the content while their kids are young, providing activities that encourage families to extend their online experience away from the computer, and integrating easy tips about Internet Safety into the content.

Additionally, I was thrilled to support my esteemed colleague, Emily Hancock, in accepting the FOSI Award for Outstanding Achievement for her dedication to make the internet safer for everyone.  At Yahoo! we are all so proud of this recognition and continue to be inspired by Emily’s dedication to helping to protect children by driving improvements to products, services, and policies.  More on this achievement can be found on Yodel Anecdotal.

I look forward to continuing to share Yahoo!’s on-going efforts to help make the Internet a safer place for children.

Catherine Teitelbaum
Yahoo!’s Director of Child Safety and Product Policy

Posted in Online Safety | No Comments »

Extending our opt-out cookie’s shelf life

July 28th, 2009

Many users of the Internet are now aware of what cookies are – small files on a computer that store preferences for the user. What many may not be aware of, however, is that every web browser cookie comes with an expiration date – much like the “sell by” date on food items you purchase in the store. Once the expiration date is reached, the cookie becomes “stale” and must be replaced with a new web browser cookie. It’s relatively rare for web site privacy policies to include cookie expiration dates but they are visible in the cookie files themselves. These dates can range from minutes to decades from the date the cookie is set. Although a decades-long cookie sounds like a long time, in practical terms most cookies don’t last for very long. Recent research from TRUSTe shows that users are being more proactive in managing their cookies either by actively deleting them (nearly half of all users clear their cookies on a weekly basis), or by using anti-spyware packages that clear cookies (including opt-out cookies) on a regular basis. In the grand scheme of things these factors makes cookie expiration dates less important but some concerns have been raised.

A few months ago, Yahoo! made changes to make our opt-out cookie persistent to address the concern that opt-out cookies may be inadvertently deleted by users. Today users can make their opt-out both persistent and portable by linking their opt-out choice to their Yahoo! ID. Under this process, the opt-out cookie (and its expiration date) is refreshed at every login.

A more recent issue has been raised by Chris Soghoian, a graduate student fellow at the Berkman Center for Internet & Society at Harvard University. Chris has asked the NAI (Network Advertising Initiative – a group of ad serving companies focused on self-regulation in this area) to set a minimum expiration date of 5 years on online behavioral advertising opt-out cookies and to post the expiration date on the opt-out page as well. We agree that this makes a lot of sense so we revisited this issue.

Yahoo! has been in the process of implementing a two-year cookie expiration date for all Yahoo! cookies. That is why the opt-out cookie for those not making their opt-out persistent is currently set to two years but we recognize that opt-out cookies should be dealt with differently from other kinds of preferences. Yahoo! will be moving forward with extending the expiration date on our opt-out cookies to 20 years (erring on the side of being conservative). Implementing the 20-year expiration date on our opt-out cookie will take us some time to deploy across the thousands of systems we have around the globe, but we aim to have this process completed by the end of the year. We thank Chris for bringing this issue to our attention.

Consumers can learn more about their system’s browser cookies and the expiration dates by visiting Internet Options in their web browser (under “Tools” in Internet Explorer). On the General tab, under Browsing history, click Settings. Then click the View Files button. In this view, you’ll see every cookie on your system and its associated expiration date. To clear a single cookie, simply right-mouse click on that cookie and select Delete.

To learn more about how Yahoo! treats cookies, please visit the Cookie module in our Privacy Center.

Shane Wiley
Sr. Director – Privacy & Data Governance
Yahoo!

Tags: ,
Posted in Privacy | No Comments »

Good Privacy Things Come In Small Mobile Packages

July 14th, 2009

Today at Yahoo!, we continue our efforts to offer personally relevant products and services with privacy protections built right in. We take privacy seriously whether our users are accessing Yahoo! on their PCs or mobile devices. Whether catching up on the latest news, sending emails, viewing the latest updates across social networks or taking and uploading photos, we believe the mobile experience should offer the same privacy protections consumers expect to find on the PC. Furthermore, management of privacy protections should be available via any mobile device, whether that’s an iPhone or a Blackberry.

We take special care to tailor our privacy features for the unique attributes of the mobile environment:

  • We have developed a mobile privacy policy which highlights privacy issues specific to mobile, so users can quickly get answers. The mobile privacy policy is easily accessible from all of Yahoo!’s mobile services.
  • We make sure to get our users’ permission before we use their GPS or cell tower information; and
  • When a signed-in user opts out of interest-based advertising on his or her computer, we respect that opt-out when that user signs into our services on the mobile device.

    • Now we have a new feature that lets our users opt out of interest-based advertising from Yahoo! right from their mobile device, making privacy choices even more accessible to our users. We believe we are among the first of our major competitors to offer an opt-out choice of this kind directly from a mobile device.

    mobile privacy

    The mobile Internet is constantly changing with new platforms, hundreds of devices and lots of exciting innovation. But our approach to privacy in the mobile environment is consistent with Yahoo!’s overall approach to user privacy. We want to maintain the trust we have built by giving our users more control and choice about how they share info with friends and customize their experience on Yahoo! mobile properties.

    Deepti Rohatgi
    Policy Director

    Posted in Mobile | 12 Comments »

    Online Privacy, Advertising, and Self-Regulation – A Move in the Right Direction

    July 2nd, 2009

    Today another important step was taken to protect privacy online and Yahoo! is proud to have played a part. The largest media and marketing trade associations in the US announced self-regulatory principles for online privacy. These groups include the Association of National Advertisers (ANA), American Association of Advertising Agencies (4A’s), Direct Marketing Association (DMA) and Interactive Advertising Bureau (IAB). Collectively, these groups count more than 5,000 member companies among them, including some of the most recognized brands and web sites in the world. These organizations collaborated with the Council of Better Business Bureaus, known for being an important voice for consumers both online and offline, and the Network Advertising Initiative, which represents the top network advertising companies that deliver the majority of interest-based ads across the Internet.

    Yahoo! is excited about this effort and what it adds to the steps that Yahoo! has already taken over the last year to protect user privacy online.

    Let me tell you why Yahoo! believes this initiative is significant:

  • This new self-regulatory effort is the first time publishers, agencies and advertisers have committed to privacy principles for data collected and used for interest-based advertising. Each of these entities plays an important role in purchasing, developing, delivering, and displaying online advertising and now, everyone is working together. Self-regulation is most effective when everyone is on board. This effort demonstrates real scale and collaboration.
  • This new effort answers the FTC’s call to industry to respond to their principles and to demonstrate meaningful self-regulation. Here, industry is doing just that.
  • While many ad networks and web sites have been offering users transparency through privacy notices and user control via opt-out links for years, these principles will lead to even greater transparency across an incredibly broad swath of the Internet’s most popular sites.
  • Perhaps most importantly, this effort will offer consumers greater control over the collection and use of data in a more transparent fashion when they go online.

    • I testified before Congress only a couple of weeks ago about these issues. In my testimony I explained that Yahoo! prefers self-regulation because it is the only form of regulation that can move as quickly as the Internet. Case in point – over the past year alone Yahoo! has announced a number of improvements to transparency, control and data retention. We have:

  • Redesigned our Privacy Center for better ease of use and navigation for users with prominent links to our interest-based advertising opt-out. Our Privacy Center remains linked to from nearly every page on the Yahoo! site.
  • Improved our opt-out to apply to interest-based advertising both on and off the Yahoo! network of websites AND allowed for it to be persistent so users don’t have to opt-out multiple times if their cookies get deleted.
  • Announced a policy to dramatically reduce our data retention period while broadening the scope of data covered. We will de-identify log file data at or before 90 days (it was previously 13 months) with limited exceptions to help fight fraud, secure systems, and meet legal obligations. We vastly increased the scope of this policy beyond search log files to our log file systems that hold page views, page clicks, ad views and ad clicks.
  • Improved as we go. In the process of implementing our data retention policy, we decided to completely delete IP address for most log file data at or before 90 days. Previously we had agreed to remove the last octet (or last section of numbers).
  • Run a consumer education ad campaign, showing on average 200 million advertisements per month across our sites promoting online privacy awareness.

    • All these steps are important to educating consumers about their choices, but this is only the beginning. There is a lot of work ahead to implement these principles to ensure that privacy is protected and industry is able to flourish. But today we began with an important step in the right direction.

    Anne Toth
    VP of Policy
    Head of Privacy

    Posted in Privacy | 1 Comment »

    Let’s talk about policy

    June 17th, 2009

    As the newest medium for expression and human interaction, the Internet adds a new layer to some of the policy questions companies have long faced — age-old matters like privacy, personal rights, speech, freedom, safety, and access for people of different abilities. At Yahoo!, we’re well aware that these are not simply abstract issues and that they have a real impact on real people. In fact, I’ve been privileged to work in this area at the company for more than a decade and have ensured that we’re thoughtful and careful in how we shape policy and manage it on our sites across the world.

    We are launching this blog today to open a dialogue about some of the work Yahoo! does in important policy areas. These posts will sometimes cover significant policy events but, more often than not, we will be sharing what we’re working on and what we’ve learned in the process. In addition to our Privacy Center, we see this as yet another vehicle for communicating with you, our users, about issues that you care about.

    So, with that, welcome to the Yahoo! Policy Blog. We look forward to posting here and engaging in a spirited discussion about the important policies that impact you, Yahoo!, this medium, and our industry.

    Anne Toth
    VP of Policy
    Head of Privacy

    Posted in General | 3 Comments »