Be­ha­vi­our­al targeting: tailored ad­vert­ising on the internet

Browsing behaviour can reveal a lot of in­form­a­tion about in­di­vidu­al internet users. For example, it’s unlikely that people who regularly use search engines to find vegan recipes also want to buy a pack of value sausages. For ad­vert­isers, this means that dis­play­ing ads to everyone is an in­ef­fect­ive method. A wide margin of scatter loss results in companies un­ne­ces­sar­ily wasting money. This means it is of great im­port­ance to determine the interests of in­di­vidu­al internet users - both for online retailers and for ad­vert­ising service providers.

Search engines such as Google demon­strate the ef­fect­ive­ness of targeted ad­vert­ising. Here, keywords act as an in­dic­a­tion of the user’s intention. For example, if a user searches for hotels in Barcelona, there is a higher prob­ab­il­ity that the user will be receptive to relevant ad­vert­ising. If online retailers are suc­cess­ful in orienting their adverts towards their target group, the ads will not be regarded as a nuisance, and may even be seen as helpful.

There are also other forms of ad­vert­ising that rely on col­lect­ing data from other sources outside of search engines in order to refine their target group and increase the ef­fect­ive­ness of their ad­vert­ise­ments. When the user’s behaviour is the main focus, one speaks of be­ha­vi­our­al targeting. This strategy is as popular with retailers as it is con­tro­ver­sial among advocates of data privacy.

If an online ad is ir­rel­ev­ant to the user, the clicks will also fail to ma­ter­i­al­ise. In order to minimise scatter loss, ad­vert­isers are in­creas­ingly using targeting (directly appealing to their target group). This presents various options to entice the user. Content targeting is the simplest method of ad­dress­ing target groups. This is the strategy of adapting ad­vert­ise­ments so that they resemble editorial content. This content must fit seam­lessly into the en­vir­on­ment in which it’s presented. While an advert for a chocolate company would appear out of place on a weight loss website, healthy living and fitness brands could generate great gains here. Semantic targeting goes one step further by at­tempt­ing to dis­tin­guish a website’s various themes to ac­cur­ately place ad­vert­ising in the correct section. Socio-demo­graph­ic targeting is the name given to defining the target audience by factors such as age, sex, oc­cu­pa­tion, income, or pro­fes­sion­al status. Meanwhile, when a company defines its target audience based on their physical location, it is known as Geo-targeting. This method requires the im­ple­ment­a­tion of geo-loc­al­isa­tion. Another method of selecting a target audience is through technical targeting, which allows companies to analyse the digital fin­ger­print of the website visitor. All internet users leave a trail when surfing the net. As well as their IP address, users can be iden­ti­fied by their user-agent string – an iden­ti­fi­er attached to every browser on the internet con­tain­ing a great deal of data through which users can be iden­ti­fied. The browser name, the version number, the operating system, as well as the language and font settings are auto­mat­ic­ally legible. In addition, JavaS­cript and Flash provide detailed in­form­a­tion on any installed plug-ins. Since internet users have very few resources to shield them­selves from technical targeting, this is a highly con­tro­ver­sial process, cri­ti­cised widely by experts, consumers, and data pro­tec­tion activists. However, if a user’s digital fin­ger­print is used, and the user’s behaviour is tracked over several websites, this is known as be­ha­vi­our­al targeting. However, this does not ne­ces­sar­ily have to be based on the browser signature; the use of cookies is a far more common form of user tracking. These small text files are stored on the user’s device and allow be­ha­vi­our­al targeting without the browser string being analysed. Because it can be blocked by the browser settings if necessary, the use of cookies is con­sidered the ‘clean’ kind of user data analysis.

To increase the relevance of an ad­vert­ise­ment, ad­vert­isers try to collect as much in­form­a­tion as possible about potential customers’ online behaviour by keeping track of their in­ter­ac­tions with relevant websites. For this to be effective, the main pre­requis­ite is that the user who visited a relevant website must be iden­ti­fied as the same user during later visits or when clicking on similar websites. The ad­vert­ising industry therefore primarily relies on cookie tech­no­logy and anonymous user profiles.

Cookies transfer detailed in­form­a­tion about in­ter­ac­tions and which websites an internet user visits to website operators and ad­vert­ising service providers. This data can be pooled in a central location to create a user profile. Depending on the level of detail of the data, con­clu­sions can be made about the user’s interests, pur­chas­ing in­ten­tions, and leisure activ­it­ies. This is all valuable in­form­a­tion that can help ad­vert­isers to assign users to concrete groups, and sub­sequently match them to a tailored ad­vert­ising channels. Website owners often employ the use of analysis tools like Google Analytics, Piwik, or eTracker to create detailed user profiles. These are in­teg­rated into a website’s source text via a tracking code, which enables a com­pre­hens­ive analysis of the user’s behaviour. However, in certain European countries web analytics cannot be used with their general settings. Website owners operating in Germany, for example, need to ensure that they either record data an­onym­ously or have the user’s au­thor­isa­tion to legally create user profiles. To find out how to adapt the analysis tools’ tracking code, check out our article on web analysis and data pro­tec­tion.

When it comes to ad­vert­ising tech­niques, be­ha­vi­our­al targeting is rarely limited to just one website. To show users relevant adverts, ad­vert­ising marketers like Google combine various online platforms to ad­vert­ising networks. While smaller providers work with selected partners, Google’s display network is open to any website operator. Today, it comprises more than two million websites and reaches over 90% of internet user worldwide.

Ad­vert­ising marketers such as Google Double­Click, Facebook, Ad Pepper, Trade­Dou­bler, Ligatus, and many more, function as a mediator between ad­vert­isers and pub­lish­ers; co­oper­at­ing website owners supply ad­vert­ising space, which marketers fill with their ad­vert­iser’s text and image displays as required.

The dis­tri­bu­tion of ad­vert­ising media takes places centrally through ad servers. These are database man­age­ment systems re­spons­ible for managing online ad­vert­ising space. Ad servers are re­spons­ible for the storage and delivery of ad­vert­ising media, while also allowing ad­vert­isers to analyse the success of their campaigns using quant­it­at­ive factors such as im­pres­sions and clicks.

Rather than directly embedding an ad­vert­ising banner with links to the provider into a website’s HTML code, ad­vert­ising space is provided with a script. This causes the user's browser to submit an ad request to the ad server. As such, incoming requests are matched with user profiles; the ad server searches for an ad that cor­res­ponds with the target audience and sends a response back to the browser. The selection of the ad­vert­ise­ment depends on the structure of the website and each visitor’s in­di­vidu­al behaviour. When the user clicks on a banner, they are re­dir­ec­ted to the ad server, which logs the user in­ter­ac­tion and then redirects to the ad­vert­iser­'s website.

Ad­vert­ising networks cover vast areas of the internet, providing a detailed picture of potential customers’ online behaviour. Data collected on a partner page is managed centrally by ad servers and is available for targeting ad campaigns through­out the ad network. This allows ad­vert­isers to create per­son­al­ised ad­vert­ising strategies, like re­tar­get­ing, which targets internet users with ads to the products they have pre­vi­ously shown interest in.

Pre­dict­ive be­ha­vi­our­al targeting is a variation of targeted ad­vert­ising, which des­ig­nates certain at­trib­utes to anonymous user groups based on stat­ist­ic­al forecasts. These can be de­term­ined by socio-demo­graph­ic factors such as age, gender dis­tri­bu­tion, income, and level of education, as well as psy­cho­graph­ic char­ac­ter­ist­ics such as motives, ap­proaches, knowledge and interests. When creating forecast models, ad­vert­ising is based on in­form­a­tion about online behaviour, as well as surveys and data collected by customer ad­min­is­tra­tion systems.

As well as de­script­ive stat­ist­ics, click-stream analysis and mul­tivari­ate methods and data mining methods are in­creas­ingly being used to search through the con­tinu­ously growing mountains of data for trends and con­nec­tions. The goal of pre­dict­ive be­ha­vi­our­al targeting is to acquire stat­ist­ic­al user profiles (so-called personas), through which web visitors can be clas­si­fied.

An advert is only effective if it reaches its target audience. If an ad is ir­rel­ev­ant to the viewer, it’s highly unlikely that it will result in a click, meaning the chances of attaining a con­ver­sion go from slim to zero. Among ad­vert­isers, this is known as a high scat­ter­ing loss. Targeted ad­vert­ising helps to reduce this scatter loss and increase the success of the ad­vert­ising campaign.  The aim of be­ha­vi­our­al targeting is to increase con­ver­sion rates – the central figure in eval­u­at­ing online ad­vert­ising campaigns.

Engaging with the users’ interests is key to having a suc­cess­ful campaign. If a relevant ad appears in the right place at the right time, the user is far more likely to click on it and, in the best-case scenario, will lead to a con­ver­sion. If the user has already visited the site, their data is stored and they can be re-addressed at regular intervals, unless they have ex­pli­citly opted out of this process. Cookies allow ad­vert­isers to follow customers through the network and recall ap­pro­pri­ate products or services.

Advocates of consumer rights are against cor­por­a­tions and ad­vert­isers’ methods of col­lect­ing customer data, and be­ha­vi­our­al targeting is par­tic­u­larly viewed with suspicion by these groups. Critics have expressed concerns that be­ha­vi­our­al data could po­ten­tially be linked to personal data. These fears are not unfounded; while the industry’s major players con­tinu­ously emphasise that data is recorded an­onym­ously, it would be difficult, the­or­et­ic­ally, for the owner of a small online business to compare the web analysis results with the data from customer databases.

To prevent this, there are clear data pro­tec­tion rules for selected countries. Firstly, personal user profiles may only be created with the user’s explicit au­thor­isa­tion. Therefore, websites should provide an opt-in option and ask for user’s per­mis­sion to save and process personal data. However, this does not apply to targeting measures, as in­di­vidu­al user’s iden­tit­ies are protected far more here. User profiles with pseud­onyms are also permitted in the context of ad­vert­ising or market research and for designing adverts, as long as the user is informed in advance about the data pro­cessing and given the right to decline.

If be­ha­vi­our­al targeting is used without the user’s consent, there are legal defin­i­tions of per­son­ally iden­ti­fi­able in­form­a­tion. The Executive Office of the President, Office of Man­age­ment and Budget (OMB) defines this as: In­form­a­tion which can be used to dis­tin­guish or trace an in­di­vidu­al's identity… or when combined with other personal or identi­fy­ing in­form­a­tion which is linked or linkable to a specific in­di­vidu­al The National Institute of Standards and Tech­no­logy (NIST) has supplied a more concrete defin­i­tion of this, as well as a list of examples of per­son­ally iden­ti­fi­able in­form­a­tion:

• Full name
• Home address
• Private email address
• National iden­ti­fic­a­tion number
• Passport number
• IP address (when linked, but not PII by itself in US)
• Vehicle re­gis­tra­tion plate number
• Driver's license number
• Face, fin­ger­prints, or hand­writ­ing
• Credit card numbers
• Digital identity
• Date of birth
• Birth­place
• Genetic in­form­a­tion
• Telephone number
• Login name, screen name, nickname, or handle

These details can be as­so­ci­ated with an in­di­vidu­al when the data is collected in con­junc­tion with the person's name, or if a con­nec­tion can be deduced directly from the data. By law, data is ‘iden­ti­fi­able’ if their identity can be as­cer­tained directly or through ad­di­tion­al in­form­a­tion. In­di­vidu­al details about legal entities (companies or as­so­ci­ations), however, are not regarded as personal data, and neither is stat­ist­ic­al data that bears no reference to an in­di­vidu­al user.

Whether IP addresses belong to the realm of per­son­ally iden­ti­fi­able in­form­a­tion is still disputed, with the legal status varying in different countries. For advocates of data security, the fact that IP addresses are iden­ti­fi­able (for example, through the internet service provider) is an argument for the an­onymisa­tion of IP addresses. This is re­in­forced by the Advocate General of the European Court of Justice (ECJ). This ruling from the German Federal Supreme Court concludes that IP addresses are to be con­sidered as per­son­ally iden­ti­fi­able in­form­a­tion in German law.

Cookies can also provide data that indicates the in­di­vidu­al users’ identity, as they can be used to link user’s browsing history and IP addresses together. For website operators based in EU countries, the EU Data Pro­tec­tion Directive for elec­tron­ic com­mu­nic­a­tions and the 2009 amendment, known in­form­ally as The Cookie Law, ensure that internet users are informed of the in­stall­a­tion of cookies and the pro­cessing purpose of the data collected. However, each member country has its own method of in­ter­pret­ing the re­quire­ments. Therefore, if operating a website from an EU country, it’s re­com­men­ded to learn more about how the law is im­ple­men­ted in your country.