Preview Mode Links will not work in preview mode

Privacy does really matter in Podcasting

Oct 13, 2019

(This article original was posted in Podcast Business Journal on June 6th 2019 - I am re-posting here so as to make on going updates on this topic)


There is no opt-in for podcast listeners when it comes to tracking.


When someone visits a website or blog where an ad is being displayed, there is typically an option on that page to ask the visitor if they want to opt-in to being tracked and their personal data collected and shared (okay it is not worded exactly like that, but that’s what they are agreeing to when they say yes). Remember that little thing called GDPR from 2018? Yeah it was kinda at the heart of those changes. Part of GDPR basically said you have to get people to opt-in to such tracking activities — as it should be. If you don’t remember it and are in the U.S., stick around for a bit, CCPA is coming your way in California on January 1, 2020 and it is like GDPR but even a little stricter on data collection and what constitutes personal data.

In podcasting, those listening to your episodes for the most part do so from a service/site that is not yours. Apple Podcasts is the biggest of said services — with over 60% of the market share for consumption. There is, for most listeners of podcasts, just no opportunity to ask them if they want to opt-in to being tracked and their personal data being shared with third parties.

I don’t think anyone who covers the podcasting space, or knows anything about it, would argue that your RSS feed via an aggregator app is by far the number one way content is consumed. At Libsyn, it has been over 90% of consumption from the RSS feed and aggregator apps for quite some time. And that >90% of consumption does not offer any way for people to opt-in to anything.

So given all that, I want to share some quotes I found or received from a few different services that claim they are for the podcasting space. To protect the guilty, names have been changed.

First up, this is from an email from Mr. Blue:

“When our tag fires, we are hoping to get the listener IP address as well as the listener UserAgent. We use the IP address to match to our U.S. residential device graph in order to match the exposure to a conversion coming through via a pixel or other 3rd party data.“

Per GDPR, you cannot collect personal data and share it with a third party without the person opting into such activities — and we already established there is no opt-in. Per what is “personal data”:

“Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet protocol (IP) addresses, cookie identifiers or other identifiers.”

Yeah, so Mr. Blue checks off those boxes on doing everything you are not allowed to do with GDPR and also CCPA. Brilliant!

Next, this is from Mr. Brown’s site:

“We collect behavioral and performance metrics that podcasters and advertisers need to make informed decisions. Mr. Brown gives you unprecedented detailed audience data including who, what, when, where, and how they’re listening to your podcast. Get an unfair advantage with the ultimate in podcast analytics. Data can be a beautiful thing.”

Here is a quick definition of “stalking” from Wikipedia: “Stalking is unwanted and/or repeated surveillance by an individual or group towards another person” — and that is exactly what Mr. Brown just described. There is nothing “beautiful” about letting your listeners be stalked, and when they figure it out – and figure it out they will (podcast listeners are a highly educated group) — your listeners are not going to be happy with those that set them up for said stalking.

From Mr. Blonde’s press release:

“Mr. Blonde is committed to consumer privacy, making consumers aware of how their data is being used, and providing the ability to opt-out of targeted advertising. Consumers will receive notice and have the ability to opt out of targeted advertising via a link included in the descriptions of podcasts the user downloads.”

Wait, let me get this right: their service is opt-out! Okay, tone deafness aside, that is not how the laws work, and is simply unethical (or so say 83% of people). And do you think any listeners would even see that link in the description of the podcast they download? Which means, I guess, digging into the ID3 tags if it is downloading. Yeah, that is what the average podcast consumer will do — I’ll buy that for a dollar.

And finally from Mr. Pink’s site they said the following:

“Mr. Pink’s Analytics is the first product to connect podcast downloads with on-site activity. We do this by determining who downloads via an RSS integration and matching them with onsite activity via JavaScript integration.”

Whenever a podcast analytics or hosting company use the word “who,” it is the same as saying we stalk your users and they have no idea.

It is one thing to offer up an ad in your episode — the listener can always choose to skip through it. (By the way, most listeners do not skip ads on podcasts). But it is completely different now that your listener requested an episode from your show and were opted into a third-party database and stalked online.

There is no option for your audience to opt-in to this type of activity — that is just how podcasting works. I tried explaining how podcasting works to one of the companies above, and they said, “If that is how it really works and it will not change, we might as well throw in the towel.” Yes — yes you should!

These companies, and the others that will follow, do not at all care about the podcasting space, and their actions will result in a blemish on this industry if they are adopted and used by podcasters. And the worst part about all of this is that recent reports show that targeted ads do not work any better than non-targeted ads.

So all this stalking going on is not even going to be effective.

If a service says they can tell you the who, what, when, where, and how of your listeners, it is not just creepy it is against GDPR and CCPA.

Run away. Run away.


UPDATE 1:  There are more bad actors jumping on the stalking your audience bandwagon.  One advertising network that used to just deal with mid-roll ads recently told their podcasters they need to move to a new service where ads will be inserted and per tracking - "Compatible with 3rd party pixels for verification, attribution, etc."   This is again stalking of a podcasters audience.  When you see the word "attribution" and also the words "3rd party" in podcast land that is big NO NO - it is in violation of GDPR and CCPA and again per above just wrong and creepy - don't subject your audience to this. 


Update 2: There is another bad actor in the space.  This one says the following:

  • When an individual downloads or streams a podcast episode, EVILCORP receives information from the podcast server that anonymously identifies the individual.
  • Depending on how and where the podcast is consumed, identifiers may include an IP address, timestamp, episode ID, ad ID and/or an advertising ID from the individual’s mobile device, known as “Mobile Advertising IDs.”
  • EVILCORP stores this information and later compares it against similar identity data we receive from people who visit physical businesses.

Clearly they do not understand what "anonymously" means. This process is in complete violation of GDPR rules not to mention ethically evil.