• by Kate Kaye , November 4, 2005

Cyber-lawyer Eric Goldman says that by trying to distance themselves from lawsuits affecting adware, behavioral marketers could be missing the big picture. In his own studies, the assistant professor at Marquette University Law School focuses on Internet law, technology and marketing practices, and writes regularly about the legal aspects of marketing technologies on his blog. We continue with the second of our two-part Q&A with Goldman.

Behavioral Insider: What are some other legal issues everyday marketers who do behavioral targeting should be aware of?

Eric Goldman: Another thing that the behavioral targeting folks don't know is an issue--but boy, it is a big constraint on them--is general trademark law. There is a long list of cases where people are suing over using trademarks to trigger content. If I'm a behavioral targeting marketer, I'm going to use whatever insights I have into the consumer's desires to be responsive to them. And trademark law has the potential of saying, 'OK, there's this pool of data you might find valuable--the trademarks that people are interacting with --take those out of your tool kit.' And that's certainly what these state-level anti-adware laws have done.

BI: And does that stem from the brand marketers being concerned with competitors saying, 'You wrote about Coke? Well, you should be buying Pepsi.'

Goldman: There are two different ways of looking at why trademark owners are being vigilant here. One is that there are some trademark owners who believe they own the right to use this word for all purposes; we own this word. And that's just not the law. The other response is simply, 'We want to control how people perceive our brand.' And there might be legitimate harms here. Let's assume that consumers hate pop-up ads and will blame whoever those ads can be attributed to. You actually could see the trademark owner could be harmed by the adware if it triggers an ad at another Web site, and consumers become angry at that Web site. That's not inconceivable.

Things get really arcane, but if you look at the lawsuits over adware and cookies, the plantiffs' lawyers are alleging a wide variety of causes of action, and they're pretty technical. So far, at least with cookies, the plaintiffs haven't been able to get any traction. However, with respect to adware, the plaintiffs might be getting some traction and the traction could have a feedback on things like cookies.

There's the PharmaTrak case. PharmaTrak was kind of like Coremetrics. They were putting a Web bug on someone's page and giving a bunch of stats to report back on not only individual marketers' Web sites, but trying to do industry-wide comparisons. PharmaTrak was inadvertently capturing personal data into its database. Under the Electronic Communications Privacy Act, the rule would be you can't listen in to my private conversations without my permission. And things like forms in which people were disclosing their medical conditions would show up in PharmaTrak's database. So, the ECPA kicks in when somebody, for example, intercepts this private information in such forms while they're in transit. And depending on how you're collecting your data, you might catch some of that. Or the Computer Fraud and Abuse Act talks about how you cannot put something on somebody else's computer and use that to collect information without their permission.

BI: Cookies would fall into that category.

Goldman: Yes. So far none of the anti-cookie people have won. However, the adware cases might establish the proposition that putting something--anything--on a person's hard drive and using that to collect information equals a violation of the Computer Fraud and Abuse Act.

BI: And that's a federal law?

Goldman: The ECPA and the Computer Fraud and Abuse Act are federal laws. There are, however, state law equivalents [that] cover a lot of different activities, in some cases well beyond the federal laws.

BI: Is there a disconnect between the way people like you, who deal with cyberlaw, approach this stuff---and the way advertisers, publishers and ad technologists approach it?

Goldman: On some level there is, and some of that is due to the formalism of legal doctrines.... The marketers and the technologists generally think, 'I'm going to do what makes sense for the consumer, and incidentally, what makes sense for me.' I think particularly among technologists, there's this general perception that if [they] can get [their] hands on the data, [they] can do whatever [they] want with that data.... And in that respect, the law just doesn't support that way of thinking. The law says there are things that you're technically capable of doing with data that you're simply not permitted to do.

BI: Do you think the marketers are being negligent in terms of the legal repercussions of some of the things that they do?

Goldman: I think the behavioral targeting folks need to be even more aggressive about watching new developments of the law and going and shaping the discussion accordingly. If the behavioral targeting folks sit on the sidelines, there's going to be a suite of laws that will radically shape how they do their business.... Trying to distance themselves from adware is a logical publicity move, but in terms of watching the law develop, the law governing adware has significant potential for constraining what behavioral targeting folks want to do.

BI: How can marketers keep abreast of these issues?

Goldman: What I recommend to people is that they join an industry advocacy group. There are groups that will represent behavioral targeting marketers' interests, and I think those are good uses of their dollars.