Legal and Ethical Considerations in Personal Data Usage for Targeted Advertising
By Navita
Introduction
In today’s digital world, targeted advertising has become a common practice for businesses. It allows them to tailor their ads to specific groups of people based on their interests and behaviors. While this can make ads more relevant and effective, it also raises important ethical questions. One of the biggest concerns is about privacy – how much personal information should companies be allowed to use to target ads? Another concern is transparency – are people aware of how their data is being used? And finally, there is the issue of individual choice – should people have the right to opt out of targeted advertising if they don’t want to participate? These are all important questions that we need to consider as we think about the ethics of targeted advertising.
In 2022, Statista predicts that a big chunk of the money spent on advertising worldwide – about 62% – will go towards ads on the internet. This shift is because online ads are really good at showing the right ads to the right people. They do this by using something called targeted advertising, which relies on Big Data analytics. This means companies collect and look at a lot of personal information to figure out who might be interested in their ads. They use details like what you like, where you live, your age, and even your gender to group people into different categories.
Nowadays, most people use smartphones and tablets a lot, and these devices are where companies get a lot of the information they need for targeted ads. Because of this, advertisers can make sure their ads reach exactly the people they want them to. But while this can be really effective for businesses, it also brings up worries about privacy and keeping people’s information safe.
Mobile Advertising Ecosystem
The mobile advertising ecosystem functions through a structured exchange of information among different participants. It starts with collecting and tracking data within mobile apps, where user interactions and behaviors are logged. This data is then sent to the Aggregation server, where it is combined and prepared for analysis. The aggregated data moves on to the Analytics server, where it is examined to uncover insights into user behavior and preferences. Based on this analysis, user profiles are created, containing details like interests, demographics, and behavioral trends. These profiles are then forwarded to the Ads Placement Server (APS), which uses them to select the appropriate ads for individual users.
The APS delivers targeted or generic ads to users’ mobile devices based on their profiles and other relevant factors. App developers are charged for the ads displayed within their apps, while the Ad System bills advertisers for the ads they place, taking into account factors like ad impressions and clicks. In this ecosystem, advertising firms like Google utilize various data sources to profile users, including data from users’ Google accounts, partnerships with other advertisers, and their own assessments of user interests from interactions with Google ads across mobile apps and websites.
Many mobile apps use what is called an ad library, which usually includes analytics tools. These libraries help in showing targeted ads to different kinds of people. They gather information about users and how they behave online through special connections called API calls that are built into the app. This collection of data covers a lot of things, including figuring out what ads people see while they are using the app. Companies like Google Analytics and Flurry are examples of Advertising and Analytics (A&A) companies that work with these ad libraries. They do this to make more money by providing these libraries to app developers. As a part of this, these companies try to get personal data from users, sometimes by buying it from other sources.
This data-driven approach helps advertisers target their ads more accurately to relevant audiences, but it also raises concerns about user privacy and data protection.
Targeted Advertising
Data collected from user interactions with mobile apps and the performance of displayed ads is used by the ads analytics server to create user profiles linked to specific mobile devices and their users. These profiles include various interests, reflecting the user’s engagement with related apps, such as sports or business. Companies like the Google Advertising Network for Mobile (AdMob) and Flurry (available exclusively to app developers) contribute to building these profiles.
Targeted ads are then delivered to mobile users based on their individual profiles, though generic ads may also be shown alongside them. The Billing server manages the processes related to monetizing ad impressions (i.e., ads displayed to the user within specific apps) and ad clicks (user interactions with selected ads), with further details on ad billing mechanisms provided as needed.
For instance, imagine someone searching for running shoes on Google or Amazon. Afterward, when they scroll through their Instagram feed or watch videos on YouTube, they notice that the ads displayed are predominantly related to athletic footwear and sports apparel. This targeted advertising approach aims to influence the user’s purchasing decisions by presenting them with products they have previously shown interest in. In this scenario, the user’s search history and online behavior across different platforms are leveraged to deliver personalized advertisements, creating a seamless and persuasive shopping experience.
This example highlights the seamless integration of targeted advertising across various digital platforms, including social media and e-commerce websites. The utilization of personalized ads based on user preferences underscores the intersection of voice recognition technology and targeted advertising, wherein user profiling and data analysis play pivotal roles in delivering tailored marketing content.
Voice Recognition Technology
Voice recognition technology has made significant advancements in recent years and is now widely used in various digital products and services. It employs sophisticated algorithms and artificial intelligence to comprehend human speech, enabling devices to respond to spoken commands. This technology is integrated into devices such as smartphones, smart speakers, and virtual assistants like Siri, Alexa, and Google Assistant. As voice recognition technology continues to improve, its applications are expanding, including its potential use in targeted advertising.
However, some individuals have observed receiving targeted ads related to topics they’ve discussed in private conversations, raising concerns about privacy and security. The connection between voice recognition technology and targeted ads isn’t fully understood and requires further investigation to address these concerns.
Once companies collect user data, they analyze it to create detailed profiles. This enables them to personalize ads for individual users by identifying behavioral patterns using algorithms and machine-learning techniques. For instance, if someone has been searching for running shoes or visiting fitness websites, they may see ads for sports gear. The objective is to make ads more relevant to users’ interests, thereby increasing the likelihood of engagement with the ads.
Legal Framework & Privacy Concerns
Despite the widespread use of targeted advertising, there are significant ethical concerns surrounding the collection, analysis, and sharing of user data. Many users may not fully understand how much of their personal information is being used for targeted advertising purposes. Moreover, there are apprehensions regarding unauthorized access to this data by third-party data brokers. These concerns highlight the importance of addressing privacy and security issues within the targeted advertising ecosystem to safeguard user privacy.
The term “liberty” as articulated in Article 21 of the Indian Constitution encompasses an individual’s right to exercise control over all aspects of their life and to enjoy personal space without undue interference. The landmark judgment in Maneka Gandhi v. Union of India expanded the scope of liberty, emphasizing the need for any restrictions on liberty to be backed by a legislative procedure that is free from arbitrariness and upholds principles of justice, fairness, and reasonableness.
In the case of K.S. Puttaswamy v. Union of India, the Supreme Court of India further solidified the right to privacy as an integral component of the right to life and personal liberty. This ruling underscored the significance of protecting individuals’ privacy rights in the digital age, emphasizing the need for robust legal frameworks to regulate the collection, storage, and utilization of personal data, particularly in contexts such as targeted advertising.
Furthermore, the recent ruling by the Court of Justice of the European Union (CJEU) regarding the Meta Group’s handling of personal data for targeted advertising under the General Data Protection Regulation (GDPR) has significant implications for the AdTech Industry, including social media companies, e-commerce platforms, and search engines. Similarly, India’s forthcoming Digital Personal Data Protection Act, 2023 (DPDP Act) will require companies engaged in targeted advertising to reassess their policies to ensure compliance with the law.
While there are differences between the DPDP Act and GDPR, they both adhere to similar principles. The CJEU’s ruling provides valuable guidance on processing personal data for targeted advertising, which will be beneficial for companies navigating this issue in India. However, the DPDP Act imposes stricter regulations on data processing compared to the GDPR, requiring companies to undergo a more rigorous evaluation process.
Unlike the GDPR, the DPDP Act does not recognize contractual necessity as a lawful ground for data processing. Consequently, platforms like Meta will need to review and update their user agreements and terms of usage in India. Additionally, while legitimate interests can justify data processing under certain circumstances in the GDPR, this ground is not permissible under the DPDP Act, necessitating companies to revise their policies and agreements accordingly.
Social media platforms and other ad-supported companies will need to modify their contracts, terms and conditions, privacy policies, and user agreements to align with the requirements of the DPDP Act. The CJEU’s ruling provides guidance for companies in India to differentiate between cases requiring explicit consent and those where consent may be implied. However, given the limited options for lawful data processing under the DPDP Act, companies will need to carefully evaluate their processing activities and prioritize obtaining explicit consent from users.
To conclude, the extensive utilization of personal data for targeted advertising purposes raises significant ethical concerns, particularly regarding the breach of individuals’ privacy rights. Instances where users receive targeted ads related to private conversations highlight the potential intrusion into users’ personal lives and the exploitation of their sensitive information for commercial gain. In light of this, it is essential to uphold the principles outlined in the KS Puttaswamy judgment, which recognizes the right to privacy as a fundamental right under Article 21 of the Indian Constitution. Additionally, the enactment of the Personal Data Protection Act, of 2023, signifies a crucial step toward safeguarding individuals’ personal data privacy in the digital age. However, ensuring effective implementation and enforcement of these legal frameworks is paramount to addressing the ethical challenges posed by targeted advertising and upholding individuals’ rights to privacy and data protection. By prioritizing transparency, user consent, and accountability in data collection and usage practices, stakeholders can mitigate the risks associated with targeted advertising while fostering trust and confidence among users in the digital ecosystem.
Conclusion
The article comprehensively examines the legal and ethical implications of targeted advertising practices that leverage personal data. It highlights the concerns surrounding privacy violations, lack of transparency, and the potential exploitation of sensitive information for commercial gain. The author draws upon landmark judgments by the Supreme Court of India, emphasizing the fundamental right to privacy enshrined in Article 21 of the Constitution.
The analysis underscores the significance of the forthcoming Digital Personal Data Protection Act, 2023 (DPDP Act), which imposes stricter regulations on data processing compared to the GDPR. The article provides valuable insights into the challenges companies face in aligning their practices with the DPDP Act’s requirements, necessitating a thorough review of user agreements, privacy policies, and data processing activities.
Ultimately, the article advocates for a balanced approach that upholds individuals’ privacy rights while acknowledging the commercial interests of businesses. It emphasizes the need for effective implementation and enforcement of legal frameworks, transparency, user consent, and accountability in data collection and usage practices to foster trust and confidence in the digital ecosystem.
About Author
Navita is a law student at Rajiv Gandhi National University of Law, Punjab.