PRIVACY BEAT: Key AdTech Inventor Says Consumers Need Protection As Senate Panel Probes Privacy and Competition

1. Key AdTech Inventor Says Consumers Need Protection As Senate Panel Probes Privacy and Competition

The inventor of real-time bidding (RTB) and other online ad tech has told a U.S. Senate committee that it’s time to give consumers a bill of rights to protect their personal data and make it portable.

“I think you can draft that user agreement,” Brian O’Kelley, founder and former CEO of AppNexus Inc., testified to the Senate Judiciary Committee during an April 22 hearing, “Understanding the Digital Advertising Ecosystem and the Impact of Data Privacy and Competition Policy.”

O’Kelley said that RTB initially created a “virtuous cycle” for advertisers and publishers, who adopted programmatic advertising and fueled explosive growth of his company until 2016. Then, he said, behaviors by Google which he claimed were anticompetitive cost AppNexus business and prompted its 2018 sale to AT&T. As for Google and Facebook, O’Kelley testified: “Either break them up, or force them to act fairly,” commenting later in the hearing: “I had to sell my company. I couldn’t wait for that.” He said Google used its bundled services to “unfairly attack my startup and cripple our growth.”

Unlike earlier congressional hearings, the questions from senators were generally thoughtful, revealing of some knowledge of how Internet advertising works, and were notably nonpartisan. Members from both parties spoke of recognizing digital privacy as an important issue for which they seek legislative action soon. Other key points in the hearing:

• Behavioral targeted based not on real-time bidding but rather on first-party data should not be considered inherently bad, argued witness Johnny Ryan, of Brave Inc., the browser maker tha seeks to have users store their data within their browser and selectively release it. 
• Back-and-forth discussion about why there is no subscription alternative to Facebook.  There is, one person argued — LinkedIn.  Others debated whether marketers will pay for consumer data.  Conclusion: Eventually the premise will be tested. 

Sen. Lindsey O. Graham, R-S.C., committee chairman, declared that the issue of “federal pre-emption” – the notion that federal law should supersede state law on matters of consumer online privacy. He asked the five witnesses – two academics, two industry experts and a lawyer – if they believed federal law should dominate.   Three did not respond, indicating assent.

“Let me suggest an exception, Mr. Chairman,’ responded Ryan. “And that is if the California Consumer Privacy Act and the Vermont law and so on – if these things are floors, it’s fine, but if pre-emption is to undermine [them] the that’s a problem.”

“I would say as long as it gets the job done then that’s right,” responded witness Fiona M. Scott Morton, a Yale University professor and former chief economist for the antitrust division of the U.S. Justice Department. She added: “The states are going to want to regulate more if the federal law doesn’t protect consumers.”  

READ FULL STORY 

2.  Apple Outlines Plan for Privacy-Preserving Ad Click Attribution

What it Is: Apple has announced a new feature for Safari that will stop ads from tracking you across the web. They say that advertisers will still be able to measure the effectiveness of ad campaigns without compromising user privacy.

Why it matters:  The browser becomes a middleman of sorts, preventing data exchange directly between sites. The technique will create a time delay between relaying conversion data back to ad providers and will make it a lot more difficult to track individual users across the web. 

And/But: Apple is also pushing the technology as a standard to the World Wide Web Consortium so that other browsers can implement. The question is if it will take off, as other Do Not Track technology has failed to be honored by publishers. Also, how are adtech giants going to react to being cut off from data?

For more: https://thenextweb.com/business/2019/05/23/google-and-facebook-are-gonna-hate-apples-new-privacy-preserving-online-ads/

3. Proposed Massachusetts Law Allowing Up to $750 per Consumer for Online Privacy Violations Seen As Troublesome by Law Firm

A proposed online privacy bill sitting in committee in the Massachusetts Legislature was described this week by a key law firm as setting a high bar for a so-called “private right of action.” The bill, (S.120) introduced by the Democratic majority leader of the Massachusetts Senate, Cynthia Stone Creem,  (who represents three of the wealthiest suburbs of Boston) would allow $750 per person, plus attorney’s fees and costs, for a privacy-law violation, no matter whether it is unintentional.

Silicon Valley companies are fighting in California to reduce or eliminate the opportunity of individuals — acting alone or represented in a class action — from suing over privacy violations on the grounds that it would impose unreasonable defense costs on them.  At the same time, California’s attorney general is warning that he may not have enough staff to effectively enforce the California Consumer Privacy Act if only he and other regulators are permitted to commence litigation. At the same time, industry lobbyists in Washington, D.C., are trying to make sure a “private right of action” is not included in federal law.  Thus a conflict with Massachusetts law, if enacted, could emerge.

“Based on these key provisions, it is difficult to overstate the magnitude of class-action litigation risk the proposed law may create for businesses collecting data from Massachusetts consumers,” write three attorneys with the Portland, Maine-based law firm of Pierce Atwood LLP.  As proposed, they write, S.120 would apply to for-profit businesses that collect personal information from Massachusetts consumers if they either have annual gross revenues over $10 million or derive more than 50% of annual revenues from third-party disclosures of consumer information. It defines personal information as “any information relating to an identified or identifiable consumer” and any other information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or the consumer’s device.” It includes “DNA, palm and vein patterns, voice recordings, keystroke rhythms, gait patterns, and sleep, health or exercise data that contains identifying information,” write attorneys Peter G. Guffin, Don Frederico, and Melanie A. Conroy.

Collectively, the authors say this definition of personal information is broader than even the strict the Illinois Biometric Information Privacy Act, (BIPA) which becomes effective Jan. 1, 2020, on the same date as the California Consumer Privacy Act. (CCPA).  It provides exceptions for things like clinical trials, news-gathering protected by the First Amendment, aggregated information from which individual consumer identities have been removed (and can’t be re-identified or linked to an individual), and compliance with legal proceedings and obligations.

For More: https://www.pierceatwood.com/update/massachusetts-consumer-data-privacy-bill-could-dramatically-expand-class-action-litigation

https://malegislature.gov/Bills/191/SD341

4. San Francisco-based Quantcast Under GDPR Investigation for Breach of Privacy

What it is: Adtech company Quantcast is currently being investigated by the Irish Data Protection Commission (DPC). This comes after a November 2018 breach of privacy complaint by Privacy International with the European data protection authorities. The complaint cited the practices of 7 major companies (Quantcast, Acxiom, Oracle, Citreo, Tapad, Equifax, Experian).

Why it Matters: Quantcast and others work together to build detailed profiles of web consumers in order to serve ads. Quantcast uses AI and tracking technology across approximately 100 million websites and cross referenced with data from credit reporting agencies and data brokers.

And/But: The investigation calls into question transparency in practices for capturing user consent and marks a turning point in that regulators are beginning to go after non-consumer facing companies.

For More: https://www.cpomagazine.com/data-privacy/adtech-giant-quantcast-facing-gdpr-investigation-into-breach-of-privacy/

5. Google Tracking Purchase History Through Gmail

What it is: CNBC reported this week on Google’s detailed tracking of purchase history through Gmail. Google says that they don’t use the data to serve ads, only to “help you easily view and keep track of your purchases, bookings and subscriptions in one place.” 

Why it matters: While Google says in their privacy policy that only you can view your purchases, it also says that “Information about your orders may also be saved with your activity in other Google services.” When CNBC reporters attempted to follow instructions for turning off the tracking, they found it didn’t work in entirety.

And/But: Being that most consumers don’t know about this feature and it is difficult to turn off or delete data, transparency is called into question. They only way to remove the data is to delete each individual purchase receipt email. You can view what they have on you using this link: http://myaccount.google.com/purchases

For more:  https://www.cnbc.com/2019/05/17/google-gmail-tracks-purchase-history-how-to-delete-it.html

https://www.theverge.com/2019/5/17/18629789/google-purchase-history-gmail-email-receipts