Be­hav­ioral targeting: tailored ad­ver­tis­ing on the internet

Browsing behavior can reveal a lot of in­for­ma­tion about in­di­vid­ual internet users. For example, it’s unlikely that people who regularly use search engines to find vegan recipes also want to buy a pack of value sausages. For ad­ver­tis­ers, this means that dis­play­ing ads to everyone is an in­ef­fec­tive method. A wide margin of scatter loss results in companies un­nec­es­sar­i­ly wasting money. This means it is of great im­por­tance to determine the interests of in­di­vid­ual internet users - both for online retailers and for ad­ver­tis­ing service providers.

Search engines such as Google demon­strate the ef­fec­tive­ness of targeted ad­ver­tis­ing. Here, keywords act as an in­di­ca­tion of the user’s intention. For example, if a user searches for hotels in Barcelona, there is a higher prob­a­bil­i­ty that the user will be receptive to relevant ad­ver­tis­ing. If online retailers are suc­cess­ful in orienting their adverts towards their target group, the ads will not be regarded as a nuisance, and may even be seen as helpful.

There are also other forms of ad­ver­tis­ing that rely on col­lect­ing data from other sources outside of search engines in order to refine their target group and increase the ef­fec­tive­ness of their ad­ver­tise­ments. When the user’s behavior is the main focus, one speaks of be­hav­ioral targeting. This strategy is as popular with retailers as it is con­tro­ver­sial among advocates of data privacy.

If an online ad is ir­rel­e­vant to the user, the clicks will also fail to ma­te­ri­al­ize. In order to minimize scatter loss, ad­ver­tis­ers are in­creas­ing­ly using targeting (directly appealing to their target group). This presents various options to entice the user. Content targeting is the simplest method of ad­dress­ing target groups. This is the strategy of adapting ad­ver­tise­ments so that they resemble editorial content. This content must fit seam­less­ly into the en­vi­ron­ment in which it’s presented. While an advert for a chocolate company would appear out of place on a weight loss website, healthy living and fitness brands could generate great gains here. Semantic targeting goes one step further by at­tempt­ing to dis­tin­guish a website’s various themes to ac­cu­rate­ly place ad­ver­tis­ing in the correct section. Socio-de­mo­graph­ic targeting is the name given to defining the target audience by factors such as age, sex, oc­cu­pa­tion, income, or pro­fes­sion­al status. Meanwhile, when a company defines its target audience based on their physical location, it is known as Geo-targeting. This method requires the im­ple­men­ta­tion of geo-lo­cal­iza­tion. Another method of selecting a target audience is through technical targeting, which allows companies to analyze the digital fin­ger­print of the website visitor. All internet users leave a trail when surfing the net. As well as their IP address, users can be iden­ti­fied by their user-agent string – an iden­ti­fi­er attached to every browser on the internet con­tain­ing a great deal of data through which users can be iden­ti­fied. The browser name, the version number, the operating system, as well as the language and font settings are au­to­mat­i­cal­ly legible. In addition, JavaScript and Flash provide detailed in­for­ma­tion on any installed plug-ins. Since internet users have very few resources to shield them­selves from technical targeting, this is a highly con­tro­ver­sial process, crit­i­cized widely by experts, consumers, and data pro­tec­tion activists. However, if a user’s digital fin­ger­print is used, and the user’s behavior is tracked over several websites, this is known as be­hav­ioral targeting. However, this does not nec­es­sar­i­ly have to be based on the browser signature; the use of cookies is a far more common form of user tracking. These small text files are stored on the user’s device and allow be­hav­ioral targeting without the browser string being analyzed. Because it can be blocked by the browser settings if necessary, the use of cookies is con­sid­ered the ‘clean’ kind of user data analysis.

To increase the relevance of an ad­ver­tise­ment, ad­ver­tis­ers try to collect as much in­for­ma­tion as possible about potential customers’ online behavior by keeping track of their in­ter­ac­tions with relevant websites. For this to be effective, the main pre­req­ui­site is that the user who visited a relevant website must be iden­ti­fied as the same user during later visits or when clicking on similar websites. The ad­ver­tis­ing industry therefore primarily relies on cookie tech­nol­o­gy and anonymous user profiles.

Cookies transfer detailed in­for­ma­tion about in­ter­ac­tions and which websites an internet user visits to website operators and ad­ver­tis­ing service providers. This data can be pooled in a central location to create a user profile. Depending on the level of detail of the data, con­clu­sions can be made about the user’s interests, pur­chas­ing in­ten­tions, and leisure ac­tiv­i­ties. This is all valuable in­for­ma­tion that can help ad­ver­tis­ers to assign users to concrete groups, and sub­se­quent­ly match them to a tailored ad­ver­tis­ing channels. Website owners often employ the use of analysis tools like Google Analytics, Piwik, or eTracker to create detailed user profiles. These are in­te­grat­ed into a website’s source text via a tracking code, which enables a com­pre­hen­sive analysis of the user’s behavior. However, in certain European countries web analytics cannot be used with their general settings. Website owners operating in Germany, for example, need to ensure that they either record data anony­mous­ly or have the user’s au­tho­riza­tion to legally create user profiles. To find out how to adapt the analysis tools’ tracking code, check out our article on web analysis and data pro­tec­tion.

When it comes to ad­ver­tis­ing tech­niques, be­hav­ioral targeting is rarely limited to just one website. To show users relevant adverts, ad­ver­tis­ing marketers like Google combine various online platforms to ad­ver­tis­ing networks. While smaller providers work with selected partners, Google’s display network is open to any website operator. Today, it comprises more than two million websites and reaches over 90% of internet user worldwide. Ad­ver­tis­ing marketers such as Google Dou­bleClick, Facebook, Ad Pepper, Trade­Dou­bler, Ligatus, and many more, function as a mediator between ad­ver­tis­ers and pub­lish­ers; co­op­er­at­ing website owners supply ad­ver­tis­ing space, which marketers fill with their ad­ver­tis­er’s text and image displays as required. The dis­tri­b­u­tion of ad­ver­tis­ing media takes places centrally through ad servers. These are database man­age­ment systems re­spon­si­ble for managing online ad­ver­tis­ing space. Ad servers are re­spon­si­ble for the storage and delivery of ad­ver­tis­ing media, while also allowing ad­ver­tis­ers to analyze the success of their campaigns using quan­ti­ta­tive factors such as im­pres­sions and clicks. Rather than directly embedding an ad­ver­tis­ing banner with links to the provider into a website’s HTML code, ad­ver­tis­ing space is provided with a script. This causes the user's browser to submit an ad request to the ad server. As such, incoming requests are matched with user profiles; the ad server searches for an ad that cor­re­sponds with the target audience and sends a response back to the browser. The selection of the ad­ver­tise­ment depends on the structure of the website and each visitor’s in­di­vid­ual behavior. When the user clicks on a banner, they are redi­rect­ed to the ad server, which logs the user in­ter­ac­tion and then redirects to the ad­ver­tis­er's website. Ad­ver­tis­ing networks cover vast areas of the internet, providing a detailed picture of potential customers’ online behavior. Data collected on a partner page is managed centrally by ad servers and is available for targeting ad campaigns through­out the ad network. This allows ad­ver­tis­ers to create per­son­al­ized ad­ver­tis­ing strate­gies, like re­tar­get­ing, which targets internet users with ads to the products they have pre­vi­ous­ly shown interest in.

Pre­dic­tive be­hav­ioral targeting is a variation of targeted ad­ver­tis­ing, which des­ig­nates certain at­trib­ut­es to anonymous user groups based on sta­tis­ti­cal forecasts. These can be de­ter­mined by socio-de­mo­graph­ic factors such as age, gender dis­tri­b­u­tion, income, and level of education, as well as psy­cho­graph­ic char­ac­ter­is­tics such as motives, ap­proach­es, knowledge and interests. When creating forecast models, ad­ver­tis­ing is based on in­for­ma­tion about online behavior, as well as surveys and data collected by customer ad­min­is­tra­tion systems.

As well as de­scrip­tive sta­tis­tics, click-stream analysis and mul­ti­vari­ate methods and data mining methods are in­creas­ing­ly being used to search through the con­tin­u­ous­ly growing mountains of data for trends and con­nec­tions. The goal of pre­dic­tive be­hav­ioral targeting is to acquire sta­tis­ti­cal user profiles (so-called personas), through which web visitors can be clas­si­fied.

An advert is only effective if it reaches its target audience. If an ad is ir­rel­e­vant to the viewer, it’s highly unlikely that it will result in a click, meaning the chances of attaining a con­ver­sion go from slim to zero. Among ad­ver­tis­ers, this is known as a high scat­ter­ing loss. Targeted ad­ver­tis­ing helps to reduce this scatter loss and increase the success of the ad­ver­tis­ing campaign.  The aim of be­hav­ioral targeting is to increase con­ver­sion rates – the central figure in eval­u­at­ing online ad­ver­tis­ing campaigns.

Engaging with the users’ interests is key to having a suc­cess­ful campaign. If a relevant ad appears in the right place at the right time, the user is far more likely to click on it and, in the best-case scenario, will lead to a con­ver­sion. If the user has already visited the site, their data is stored and they can be re-addressed at regular intervals, unless they have ex­plic­it­ly opted out of this process. Cookies allow ad­ver­tis­ers to follow customers through the network and recall ap­pro­pri­ate products or services.

Advocates of consumer rights are against cor­po­ra­tions and ad­ver­tis­ers’ methods of col­lect­ing customer data, and be­hav­ioral targeting is par­tic­u­lar­ly viewed with suspicion by these groups. Critics have expressed concerns that be­hav­ioral data could po­ten­tial­ly be linked to personal data. These fears are not unfounded; while the industry’s major players con­tin­u­ous­ly emphasize that data is recorded anony­mous­ly, it would be difficult, the­o­ret­i­cal­ly, for the owner of a small online business to compare the web analysis results with the data from customer databases.

To prevent this, there are clear data pro­tec­tion rules for selected countries. Firstly, personal user profiles may only be created with the user’s explicit au­tho­riza­tion. Therefore, websites should provide an opt-in option and ask for user’s per­mis­sion to save and process personal data. However, this does not apply to targeting measures, as in­di­vid­ual user’s iden­ti­ties are protected far more here. User profiles with pseu­do­nyms are also permitted in the context of ad­ver­tis­ing or market research and for designing adverts, as long as the user is informed in advance about the data pro­cess­ing and given the right to decline.

If be­hav­ioral targeting is used without the user’s consent, there are legal de­f­i­n­i­tions of per­son­al­ly iden­ti­fi­able in­for­ma­tion. The Executive Office of the President, Office of Man­age­ment and Budget (OMB) defines this as: In­for­ma­tion which can be used to dis­tin­guish or trace an in­di­vid­u­al's identity… or when combined with other personal or iden­ti­fy­ing in­for­ma­tion which is linked or linkable to a specific in­di­vid­ual The National Institute of Standards and Tech­nol­o­gy (NIST) has supplied a more concrete de­f­i­n­i­tion of this, as well as a list of examples of per­son­al­ly iden­ti­fi­able in­for­ma­tion:

• Full name
• Home address
• Private email address
• National iden­ti­fi­ca­tion number
• Passport number
• IP address (when linked, but not PII by itself in US)
• Vehicle reg­is­tra­tion plate number
• Driver's license number
• Face, fin­ger­prints, or hand­writ­ing
• Credit card numbers
• Digital identity
• Date of birth
• Birth­place
• Genetic in­for­ma­tion
• Telephone number
• Login name, screen name, nickname, or handle

These details can be as­so­ci­at­ed with an in­di­vid­ual when the data is collected in con­junc­tion with the person's name, or if a con­nec­tion can be deduced directly from the data. By law, data is ‘iden­ti­fi­able’ if their identity can be as­cer­tained directly or through ad­di­tion­al in­for­ma­tion. In­di­vid­ual details about legal entities (companies or as­so­ci­a­tions), however, are not regarded as personal data, and neither is sta­tis­ti­cal data that bears no reference to an in­di­vid­ual user.

Whether IP addresses belong to the realm of per­son­al­ly iden­ti­fi­able in­for­ma­tion is still disputed, with the legal status varying in different countries. For advocates of data security, the fact that IP addresses are iden­ti­fi­able (for example, through the internet service provider) is an argument for the anonymiza­tion of IP addresses. This is re­in­forced by the Advocate General of the European Court of Justice (ECJ). This ruling from the German Federal Supreme Court concludes that IP addresses are to be con­sid­ered as per­son­al­ly iden­ti­fi­able in­for­ma­tion in German law.

Cookies can also provide data that indicates the in­di­vid­ual users’ identity, as they can be used to link user’s browsing history and IP addresses together. For website operators based in EU countries, the EU Data Pro­tec­tion Directive for elec­tron­ic com­mu­ni­ca­tions and the 2009 amendment, known in­for­mal­ly as The Cookie Law, ensure that internet users are informed of the in­stal­la­tion of cookies and the pro­cess­ing purpose of the data collected. However, each member country has its own method of in­ter­pret­ing the re­quire­ments. Therefore, if operating a website from an EU country, it’s rec­om­mend­ed to learn more about how the law is im­ple­ment­ed in your country.