Do newsrooms and media sites always understand the full implications of the data collection habits of their analytics software providers? Thanks to the murky world of ad-tech, publishers have to be vigilant about their understanding of every type of third-party software. Even well-intentioned applications can put readers’ personal information at risk.
Melody Kramer, a columnist for Poynter and a veteran of digital media, was alarmed enough by these breaches to propose a series of questions she recommended companies make sure to ask vendors before using their service. At Parse.ly, we often get asked about what features we offer, however, sometimes the people that know the needs of their newsroom for analytics software don’t realize the needs of their audience’s privacy.
As a company, it’s important to us that companies understand how we approach analytics and privacy because we believe that the modern equivalent of the Gutenberg Press in the web era is a keen understanding and application of data. Applying data to use in your operations and strategy well means committing to analytics and privacy without compromise, so in a series of posts, we’ll be answering Kramer’s questions, as well as providing tips on what to look for when evaluating other software products.
Addressing Third-Party Data Concerns: Part I
In the original piece some of these questions were combined. For clarity, we’ve broken them up here.
Q1: Has my newsroom properly vetted and assessed other options before deciding on this tool?
A1: Software users often assume they’ve vetted all the options by comparing features and prices of their various options. However, to set the stage for the rest of these questions, we encourage sites considering Parse.ly (or any other software) also assess how vendors rank when it comes to values, like privacy.
For example, on a feature by feature or price comparison, we can assure you that Google Analytics will “beat” Parse.ly but usually the reason companies work with Parse.ly isn’t because Google Analytics doesn’t have enough features – or because they’re sick of the free price tag!
However, with those features and free model, Google makes it hard to access that information for your newsroom, while using your audience data to improve their other paid products, like AdWords.
Since you are reading these questions and answers – make sure you ask them to vendors! Even if the answers are what you expect, how a company responds to them can tell you a lot about how they’ll work with you as a client. If during the vetting process certain companies won’t give you straight answers, don’t expect you’ll be able to get them later. You’re entering into a relationship with these providers, and the way they treat you and your audience’s privacy matters.
Q2. Have we considered all of the ethical implications?
A2: If you need a primer in what ethical implications you should be aware of when thinking about analytics software and adtech, we recommend Josh Stearns’ When News Reads You Back: Why Journalists Need to Stand Up for Reader Privacy. The article that originally posed these questions, Melody Kramer’s Before Using a Third-Party Tool, Publishers Should Ask Themselves These Questions, also goes into more detail about why these questions are important.
Your organization may have specific ethical implications you need to consider. Any third-party vendor you work with should be willing to accommodate you. Take for example, one of our client’s, The Intercept, mission statement:
The Intercept, launched in 2014 by Glenn Greenwald, Laura Poitras and Jeremy Scahill, is dedicated to producing fearless, adversarial journalism. We believe journalism should bring transparency and accountability to powerful governmental and corporate institutions, and our journalists have the editorial freedom and legal support to pursue this mission.
The Intercept has made sure that any relationships with third-parties it creates also supports this mission. They decided to work with Parse.ly in a way that would satisfy their need for reader privacy with their need for information about their audience’s interests.
Q3: What data is the third-party tool or platform allowed to collect? If that changes, who makes that decision? How long is the data stored?
A3: We’ll tackle these two in reverse order. By default, Parse.ly collects two years worth of data. Publishers can work with us to store more or less, though storage beyond two years of data is an additional cost to the client. This arrangement is included in the contract between Parse.ly and our clients, so any change to it would involve a change in contract terms.
Data Collected by Parse.ly’s Analytics Software
|idsite||your Parse.ly API key|
|date||ISO 8601 encoded event datetime string|
|ip_address||IP address of the visitor|
|url||URL of the page being viewed|
|screen||Client device resolution: x|
|action||Event type. Currently only
|data||user identifier, anonymized|
|title||Page title, optional.|
Parse.ly will have no obligation to, and Parse.ly agrees that it will not intentionally collect any personally identifiable information of users and visitors of the Monitored Domains (“PII”) in connection with the Parse.ly Service.
For services that do collect personally identifiable information about your users, you should be asking additional questions about the security of that information and how it will be used by the third-party.
Q4: How does a third-party tool or platform support a publisher who no longer wants to use the tool?
A4: If a client decides to no longer use Parse.ly, their data can be kept for up to two years by default. We do this in case a client needs to reactivate their service (i.e. their budget got cut one year, and then six months later they’re able to reinstate service). Data can be deleted upon request of the client.
We consider the data collected by an analytics service to be the property of the client, while the software is the property of the third-party. We do not own our clients data, and treat it as such if a client relationship ends. Make sure to find out who “owns” the data when working with third-parties.
Q5: How does the third-party tool or platform share data back to my news organization?
A5: The data collected by Parse.ly is counted, analyzed and then returned back to your news organization in a formats that make audience insights accessible to your team, whatever their role.
These formats include our dashboard, reporting suite, and mobile application which can be accessed by anyone with a password/username to your account. We can also share the data back to your organization in more ways that are useful to data science, product and development teams, specifically through our API and our raw data pipeline. Read more about how our API works.
Q6: If the third-party tool or platform works with many news organizations, is my data secure or is there a chance it is being shared with others? If so, am I being informed?
A6: Your data is not being shared with any other organizations, period. The only people that have access to your data outside of those you give explicit access to through usernames and passwords are Parse.ly employees as needed for product maintenance, troubleshooting, etc.
Because Parse.ly is used as the analytics software for so many media and news organizations, research using aggregate, anonymized data allows us to uncover network wide trends. We hope this information helps not only our clients, but the digital media industry at large. The macro picture of online news production and consumption is rapidly changing, and these network-wide reports can help sites put themselves in context of the bigger picture. This information is shared publicly, as in this recent Pew Research Report and our Authority Reports.
About Pew Research Center Pew Research Center is a nonpartisan fact tank that informs the public about the issues, attitudes and trends shaping the world. It conducts public opinion polling, demographic research, media content analysis and other empirical social science research. Pew Research Center does not take policy positions.
Q8. If there is a data breach of the third-party tool or platform, how would we be informed?
A8. To date, there has been never been a data breach at Parse.ly. We train our staff on best practices to avoid hacking, we hire top-notch devops people, and we continue to invest in security over time.
If there were a data breach, we would reach out to all account admins immediately, and alert users directly in our platform’s dashboard.
Q9. Is the third-party tool or platform sharing data with other parties? What if it’s sold?
A9. Per our terms, personally identifiable information is never collected. Privacy-sensitive parts of site traffic data is collected, but is never shared at a granular level with third parties, and certainly never sold. From time-to-time, we produce anonymized, network-wide data samples for the purpose of research (not advertising), e.g. our recent collaborative study with Pew Research.
How confident that all the third-party systems you use can answers these questions in a way that protects your audience? See the remaining questions and answers in this post.