The DoubleClick Debacle: The Misuse of CRM

Internet advertising agency DoubleClick has the dubious honor of being the first dot com company to publicly prove that badly implemented CRM can impact horribly a company's bottom line.

DoubleClick has long collected data about consumers' online buying and browsing habits. The company used this information to display ads matched to viewers' interests on the Web sites of DoubleClick's clients.

The vast majority of the information that DoubleClick warehoused wasn't linked with viewers' real-world identities--their names, locations or even their e-mail addresses. Instead DoubleClick identified people by placing a "cookie" file on the users' hard drives, which stored data about their browsing history.

The trouble started when DoubleClick announced the acquisition of Abacus, a company that maintains a large database of consumer spending habits, along with plans to create the "DoubleClick Online Abacus Alliance." This merger would match browser data with the information in the Abacus database. Sites belonging to this alliance could ask users to log in or register for information, at which point DoubleClick could match name, address and e-mail information to the user behind the browser.

Although DoubleClick initially said it did nothing wrong since it gives visitors the opportunity to opt out of the data collection plan, reaction to the announcement was swift and furious. The Federal Trade Commission and the New York attorney general's office said they would launch separate inquiries into the company. DoubleClick has also confirmed that, as CRM went to press, it is the target of six private lawsuits involving its Web privacy practices.

DoubleClick was hit hard--The Wall street Journal reported that customers such as AltaVista and Kozmo.com were distancing themselves from DoubleClick over concerns about its handling of user data.

"This is a deliberate misuse of information," said one DoubleClick client who preferred not to be identified. "DoubleClick wants to put this data to use in new ways that were not approved by the consumers who access our site to gain information about our products."

The anger directed at DoubleClick went further than words. In what Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), called the first demonstrable case of "the privacy sensitivity of Internet stocks," DoubleClick's stock experienced a 20-point loss over a three-day period.

It wasn't until after the company publicly announced that it would hold off on its Alliance plan that the stock recovered, rising 13 points in 24 hours.

Could It Happen To You?
Manhattan-based Internet and intellectual property lawyer George Costell says that companies that use CRM on Web sites should study and learn from the DoubleClick debacle.

"When companies abuse personal information, people will find out very quickly and the news will spread," affecting their market share, Costell says. "If you are not doing full disclosure--clearly telling people what information you're collecting, and what you're planning to do with it now and in the future--you're setting yourself up for a huge problem at some point."

"Several years ago, DoubleClick said it would not collect personally identifiable information and keep anonymous profiles," said EPIC's Rotenberg. "Privacy experts applauded that approach." But then, as a result of the Abacus merger, "DoubleClick changed its mind," said Rotenberg.

Ethics aside, Costell believes that DoubleClick's biggest mistake was moving from a value-offered model, where consumers felt that they were getting something--in this case, targeted advertising--in exchange for their personal data. "Instead DoubleClick adopted a value-taking model, where the benefit balance moved heavily to the retailers' side," Costell asserts.

He points to Dell Computer as a sterling example of win-win CRM. "Dell gets the information it wants to conduct its marketing campaigns but it also returns value by correctly anticipating users' technology needs and supporting them with fast, reliable service. The company has been able to create a feeling of a mutually beneficial relationship that comes with buying a PC from Dell."

Back at the Bonfire
DoubleClick scrambled to repair the damage to its market share and profile creating a new "chief privacy officer" executive position, hiring an accounting firm to conduct privacy audits and setting up an advisory board of consumer, security and privacy experts.

Privacy advocates say that the company cannot be relied upon to monitor itself and intend to keep a close eye on DoubleClick's doings. And chances are good that this increased surveillance will not be focused solely at DoubleClick.

Former MIT professor turned privacy consultant Jeff Tomes says that companies can avoid problems by following five basic privacy guidelines:

1. Tell people that you are collecting information.

2. Tell them what you're using it for.

3. Let people opt out of being tracked. Offer services for information to people who tell you that they want to have this type of relationship.

4. Allow people access to their data so they can correct it.

5. Keep it private--"Keep that data you collect away from other companies and people's prying eyes."

Tomes says that first and foremost you need to let your users know that their privacy is important to you. Treat the information you gather with respect, and offer something valuable in return. For a good lesson in offering value, he suggests marketers spend some time on Amazon.com's Web site.

"Once you make a purchase from Amazon, the company tracks you exhaustively across its Web site, but it returns information of such value to users that no one seems to mind," Tomes points out.