Date Signed:
10/04/2016
OPDIV:
CMS
TPWA Unique Identifier (UID):
Tool(s) covered by this TPWA:
LinkedIn Advertising Services, which includes:
LinkedIn Marketing Solutions, LinkedIn Ads, and the “Campaign Manager” platform.
Is this a new TPWA?
Yes.
If an existing TPWA, please provide the reason for revision:
Not applicable (N/A).
Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act?
No.
If yes, indicate the SORN number (or identify plans to put one in place.):
N/A because CMS is not collecting or storing any personally identifiable information (PII).
Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)?
No.
If yes, indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.)
OMB Approval Number:
N/A.
Expiration Date:
N/A.
Does the third-party Website or application contain Federal Records?
No.
Describe the specific purpose for the OPDIV use of the third-party Website or application:
CMS will use LinkedIn Marketing Solutions to deploy digital display ads and video ads across the LinkedIn platform to consumers. LinkedIn is a social networking site designed to allow registered members to establish and document networks of people they know and trust professionally. LinkedIn Marketing Solutions offers advertisers a platform for targeting advertising to consumers through services on the social network site based on education, experience, behaviors, interests, and other factors.
LinkedIn’s self-service ads are operated through a platform called Campaign Manager, which gives advertisers the ability to deliver relevant, targeted messages to unique audiences through “Text Ads” and “Sponsored Content.” CMS uses Campaign Manager to target advertising based on demographic information provided by LinkedIn members when they register with LinkedIn, including; Company name, Company industry, Company size, job title, job function, job seniority, member schools, fields of study, degrees, skills, member groups, gender. CMS uses Campaign Manager to deploy digital display ads on LinkedIn platform emails called “InMail” to active LinkedIn users. Through conversion tracking, CMS will receive reports including aggregated data to determine what ads will serve the public better. Conversion tracking will be in place on HealthCare.gov to enable LinkedIn to measure the actions (clicks, email sign ups, conversions) of consumers who were driven to HealthCare.gov by clicking on or viewing a digital ad that was deployed on LinkedIn.
Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use?
Yes, and the review has determined that LinkedIn is appropriate for OPDIV use, taking into account the risks posed by the following: use of cookies, web beacons, and pixels for targeted advertising based on sensitive information; targeting, retargeting and conversion tracking based on LinkedIn profile information; and LinkedIn profile information leading to identification of CMS website visitors.
Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application.
If consumers do not want to interact with advertisements from LinkedIn Ads, consumers can learn about CMS campaigns through other advertising channels such as TV, radio, HealthCare.gov, and in-person assisters and events.
Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors?
Yes
How does the public navigate to the third party Website or application from the OPDIV?
N/A.
Please describe how the public navigates to the third party Website or application:
N/A. The public may navigate to LinkedIn by visiting the platform at linkedin.com.
If the public navigates to the third-party Website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website?
N/A.
Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application?
Yes.
Provide a hyperlink to the OPDIV Privacy Policy:
https://www.HealthCare.gov/privacy/.
Is an OPDIV Privacy Notice posted on the third-party Website or application?
N/A. LinkedIn does not provide the ability to place a privacy notice within an ad on the platform, whether sponsored content or text ads. However, the sponsored content is clearly branded to distinguish the promoting party (i.e., CMS) from LinkedIn, and in doing so includes a direct link to the promoting party’s website (in this case, HeathCare.gov) where the CMS privacy notice can be accessed.
Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy:
N/A.
Is the OPDIV's Privacy Notice prominently displayed at all locations on the third-party Website or application where the public might make PII available?
N/A.
Is PII collected by the OPDIV from the third-party Website or application?
No.
Will the third-party Website or application make PII available to the OPDIV?
No.
Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the
PII:
CMS does not collect any PII through the use of LinkedIn.
Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing:
LinkedIn does not share any PII with CMS.
If PII is shared, how are the risks of sharing PII mitigated?
N/A.
Will the PII from the third-party Website or application be maintained by the OPDIV?
N/A.
If PII will be maintained, indicate how long the PII will be maintained:
N/A.
Describe how PII that is used or maintained will be secured:
N/A, CMS does not receive, use, or maintain PII from LinkedIn.
What other privacy risks exist and how will they be mitigated?
CMS will conduct periodic reviews of LinkedIn’s privacy policy to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to users’ privacy interests. CMS uses LinkedIn solely for the purposes of improving consumer engagement with HealthCare.gov.
Both visitors that are and are not registered with LinkedIn will see advertising when they visit the LinkedIn platform. However, registered users may see ads that are targeted to them based, in part, on information these registered users have shared through their LinkedIn profile such as their declared interests, age, city and state of residence, or life events they share, or other information inferred from their profile. Visitors that are not registered with LinkedIn may see ads based on different criteria, such as websites they have previously visited, the specific page they are looking at on LinkedIn, and aggregate date from third parties. The privacy risks described below primarily apply to registered LinkedIn users, who are viewing ads targeted to them based, in part, on their LinkedIn profile information, behaviors on the LinkedIn platform, and other information.
Use of Cookies, Web Beacons, and Pixels for Targeted Advertising Based on Sensitive Information
Potential Risk:
The use of cookies, web beacons, and pixels generally present the risk that a website could collect information about a user’s activity on the Internet that could be used for purposes not intended by the user. These purposes include providing users with targeted advertising based on information the individual user may consider to be sensitive, including information about the webpages a consumer visited both outside and within the LinkedIn platform.
Additional Background:
LinkedIn uses cookies to track the anonymous business demographic information of web users, such as their industry, job function, seniority, company size, and more. A cookie is a small file placed onto a consumer’s device that enables LinkedIn features and functionality. LinkedIn may use cookies to show relevant advertising both on and off the LinkedIn site, and to learn whether someone who saw an ad on LinkedIn later visited and took an action (e.g. downloaded a white paper or made a purchase) on the advertiser's site. LinkedIn advertising partners may use a cookie to determine whether LinkedIn has shown an ad and how it performed, or to provide LinkedIn with information about how consumers interact with ads. LinkedIn may also work with an advertising partner to show an ad on or off LinkedIn, such as after visiting a partner's site or mobile app. LinkedIn also collects non-personally identifiable information through the use of web beacons that appear on CMS’s pages. A web beacon (or pixel) is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page and in combination with a cookie, allows LinkedIn to collect information regarding the use of the web page that contains the web beacon. These technologies are used for conversion tracking on certain pages of CMS’s website (e.g. HealthCare.gov). This allows LinkedIn to measure the performance of CMS advertisements and to report the ad performance to CMS, for example, by reporting whether consumers who view or interact with an ad later visit a particular site or perform desired actions on that site.
Cookies and other ad technology such as beacons, pixels, and tags help LinkedIn serve relevant ads to consumers more effectively. These technologies help provide aggregated auditing, research, and reporting for advertisers to understand and improve the LinkedIn service, and know when content has been shown to a consumer. Because a web browser may request advertisements and beacons directly from ad network servers, these ad networks can view, edit, or set their own cookies, as if the consumers had requested a web page from their site.
CMS advertising displayed through LinkedIn’s desktop website will carry persistent cookies that enable CMS to display advertising to individuals who have previously visited the CMS website. In this instance, the persistent cookie will be stored on the user’s computer for up to 90 days, unless removed by the user.
Mitigation:
Both CMS sites and LinkedIn provide users information about the use of persistent cookies, the information collected about them, and the data gathering choices they have in their website privacy policies.
Tealium iQ Privacy Manager is a tool that keeps track of users’ preferences in reference to tracking and will prevent web beacons from firing when a user has opted out of tracking for advertising purposes. When a user is routed to a CMS site by clicking on sponsored InMail messages displayed through LinkedIn, and the Tealium iQ Privacy Manager is present on HealthCare.gov, users are able to control which cookies they want to accept from HealthCare.gov. Tealium IQ Privacy Manager can be accessed through information provided in the privacy policy on HealthCare.gov. Tealium IQ Privacy Manager can also be accessed within the CMS privacy policy by clicking on the large green “Modify Privacy Options” button that turns off any sharing of data for advertising.
The ability to control which cookies users want to accept from is only valid when Tealium iQ Privacy Manager is installed on the website. Another alternative is for users to disable cookies through their web browser. Separately, CMS includes the Digital Advertising Alliance AdChoices icon on all targeted digital advertising. The AdChoices icon is an industry standard tool that allows users to opt out of being tracked for advertising purposes, like the Tealium iQ Privacy Manager.
LinkedIn also offers users the ability to opt-out of LinkedIn advertising cookies through the following processes:
- LinkedIn members can choose to opt-out of tracking on third party sites by adjusting their advertising preferences in their LinkedIn account. This is the most persistent method of opting out. See https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
- Opt-out options on websites of industry self-regulation programs in which LinkedIn participates, including the Digital Advertising Alliance, offer users notice about the use of persistent cookies and related techniques.
- LinkedIn provides a link on all advertising that provides members with an option to opt-out of tracking. On all ads, users have the ability to:
- “Hide this particular update”: If a user chooses this, the user will not see the ad again. This is specific to the ad ID within the campaign only.
- For Sponsored messages, clicking on the footer at the bottom of the message “unsubscribe here.”
Targeting, Retargeting and Conversion Tracking Based on LinkedIn Profile Information
Potential Risk:
LinkedIn targets consumers based on information voluntarily provided within the user’s registered profiles for retargeting and conversion tracking. LinkedIn uses cookies and user logins, as collected and aggregated by LinkedIn, to track users across multiple sites and over time. The resulting combined information could be viewed by some consumers as revealing patterns in behavior that the user may not want to disclose to LinkedIn or its advertising clients. These patterns in behavior could enable/and or improve targeting by other advertisers who may wish to target customers within the health care sector, including targeting based on the type of data that some consumers may consider to be sensitive.
Additional Background:
Third party data targeting allows for the deployment of ads to consumers whose profiles or on-site actions (e.g., “likes” of specific pages or brand posts) match specific attributes an online advertiser is looking to target. Retargeting is an advertising technique used by online advertisers to present ads to users who have previously visited a particular site. Conversion tracking allows advertisers to measure the impact of their advertisements by tracking whether users who view or interact with an ad later visit a particular site or perform desired actions on such site, such as signing up for a program or requesting further information. CMS will engage LinkedIn to use these advertising techniques to deliver CMS digital advertising to persons who are most likely to be interested in CMS advertising content. However, LinkedIn will not share any PII with CMS from the utilization of these tactics.
Engaging an ad service like LinkedIn that utilizes third party data targeting, retargeting and conversion tracking will enable CMS to improve the efficacy of its ads by delivering them to persons most likely to be interested in the ad content. It will also enable CMS to provide further information to consumers who have previously visited a CMS website, such as deadlines, new developments, or reminders to complete a survey.
Mitigation:
Advertising technologies used by LinkedIn allow it to target advertising behaviorally, by tracking users across multiple sites and over time, and the resulting combined information could reveal patterns in behavior that the user may not want to disclose to LinkedIn. The consumer may consider their web behavior to be sensitive. These patterns in behavior could also enable and improve targeting by other advertisers who are LinkedIn customers, who may wish to target consumers for purposes related to the health insurance sector. Instead, LinkedIn collects aggregate level “interaction” data to identify consumers that are most likely to interact with an ad from a specific industry (e.g., health insurance) for the purposes of improving the ability for advertisers to reach consumers who are more likely to interact with any advertising. LinkedIn does not allow for the targeting of consumers who have specifically interacted with an ad from CMS. We received an aggregated performance report from LinkedIn to optimize our ads.
Both CMS sites and LinkedIn provide users information about the use of persistent cookies, the information collected about them, and the data gathering choices they have in their website privacy policies.
When a user is routed to a CMS site by clicking on a CMS advertisement displayed through LinkedIn, and the Tealium iQ Privacy Manager is present on HealthCare.gov, users are able to control which cookies they want to accept from HealthCare.gov. Tealium iQ Privacy Manager is a tool that keeps track of users’ preferences in reference to tracking and will prevent web beacons from firing when a user has opted out of tracking for advertising purposes. Tealium IQ Privacy Manager can be accessed through information provided in the privacy policy where Tealium IQ Privacy Manager is deployed. Tealium IQ Privacy Manager can also be accessed within the CMS privacy policy by clicking on the large green button “Modify Privacy Options” that turns off any sharing of data for advertising.
The ability to control which cookies users want to accept from a CMS site is only valid when Tealium iQ Privacy Manager is installed on the specific CMS website. However, there are industry standard opt outs that do serve the same purpose for users who want to avoid being tracked for advertising. For example, when users are routed to CMS sites without Tealium iQ Privacy Manager, and do not wish to have cookies placed on their computers, the user can disable cookies through their web browser.
LinkedIn offers users the ability to opt-out of LinkedIn Ad Services advertising cookies through the processes listed above under the previous section.
LinkedIn Profile Information Leading to Identification of CMS Website Visitors
Potential Risk:
LinkedIn’s access to both personally identifiable and non-personally identifiable data presents risk that CMS site visitors who are also registered LinkedIn users could be identified, and that data about these users could be misused by LinkedIn.
Mitigation:
CMS does not receive any personally identifiable information from LinkedIn. CMS receives aggregated performance data in the form of statistical reports, including reports on clicks, views, and impressions (exposure to an advertisement) of CMS digital advertising, that are made available to CMS managers who implement CMS programs, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties.
LinkedIn provides information on the types of information collected about users in its privacy policy, as well as choices with respect to such information collection or how it is used. Users can opt out of this tracking through the processes listed above under the “Use of Cookies, Web Beacons” section.
