Privacy Beat

Your weekly privacy news update.

Rounding Out Our First Month of Privacy Beat

We are one month in and there has been a lot happening in the world of data privacy. This week we are continuing to follow updates to CCPA, Apple’s 3rd-party tracking crackdown in Safari, new research on the monetary value of cookies in advertising (or lack thereof), data privacy violations in mobile apps, and new calls from the ad industry for a Data Protection Bureau within the FTC.

Please let us know how you like Privacy Beat and what else you’d like to see! Privacy Beat is created each week by Eva Tucker, with an assist from ITEGA Executive Director Bill Densmore. Contact Eva at

1.  New Study Shows that Third-Party Cookie-Based Behavioral Advertising Delivers Only 4% Revenue Gain for Large Publisher

What it is: New research to be presented next week  by University of Minnesota, University of California, Irvine, and Carnegie Mellon University researchers shows that publishers may only get about 4% more revenue from ads served via third-party cookies. The study also found that adtech providers get 60% of the money spent on programmatic advertising. The researchers also said that the median income of viewers shown ads without cookies was $64,324; for viewers receiving cookies it was $61,612. They surveyed traffic at more than 60 branded sites of a major U.S. newspaper and magazine publisher which they did not name.

Why it matters: Coupling this study with a 2015 report by Econsultancy that found 40% of digital publishers’ display ad revenue was stagnant or shrinking, draws into question if the loss of privacy inherent in largely unauthorized tracking is worth it to publishers or their readers.

And/But: On Wed., June 4 Alessandro Acquisti from Carnegie Mellon University will speak about the research in Boston at the The 2019 Workshop on the Economics of Information Security (WEIS2019) at the Harvard School of Engineering and Applied Sciences.

The working paper draft of the study is here:  

Also see:

Additional research: DigiDay and DMP vendor Permutive surveyed 200 publishers in the U.S. and UK  on privacy issues, including cookie usage, coming to the unsurprising conclusion that publishers need more first-party data. Permutive paid for the survey. The company provides a cloud-based service for managing user data.

There’s a thirst among publishers for first-party data to differentiate and improve both scale and insight capabilities, the report says. But, 27% of publishers surveyed believe their ability to sell with data has not been effective so far. “The DMPs they rely on are built on third-party cookies, leaving publishers blind to chunks of their audience,” the report says. “This not only limits the scale of the inventory they have available, but also hugely impacts their insights.”

Here are some other findings from the research.

  • Publishers remain focused on advertising even while they work on reader-direct revenue. Publishers surveyed rely on advertising (79%), content marketing (48%) and events (43%) now and plan to push on subscriptions in the next year.

  • Responding to advertiser/agency requests for proposals in a timely fashion is a big challenge for publishers surveyed — 40% taking a week or longer to respond.

  • Some 90% of publishers say having a single customer view is important  to their business, but only 45% have the technology to achieve it.

2.  Big Tech, Others, Seek CCPA Changes to Allow Trading of “Premium Features”  for User Data and Open Up Use of Publicly Available Info

Two important efforts to amend the California Consumer Privacy Act (CCPA) have emerged — and one of them may affect the sale of premium content. Google, Amazon, Facebook, Microsoft, Uber and Lyft are pushing at least eight amendments in the California Legislature in hopes of getting changes before the law takes effect Jan. 1, according to a report this week by Yahoo Finance.   

The most significant amendment is sought as Assembly Bill 846 — approved by the Assembly on Tuesday, May 28, it now awaits a committee assignment in the Senate. It would allow companies to use personal data voluntarily given by consumers who want to be part of a loyalty or reward or “premium”  program.

And the language of that same amendment also appears to address key ambiguity in the law as passed last year. It would explicitly state that the price of services can vary if a consumer voluntarily participates in “premium features” service.  It also deletes a phrase which states a business “shall not discriminate against a consumer because the consumer exercised any of the consumer’s rights under this title.”   The new wording is still convoluted, overall.

A second critical amendment, introduced as AB 874, would delete the “use” restriction CCPA presently will impose on data acquired from public government sources, essentially saying any public information can be used for any purpose. The bill cleared the Assembly on May 9 and is now in the California Senate Judiciary Committee. Five states — Hawaii, Maryland, Massachusetts, Mississippi and New Mexico — have pending CCPA-like bills, and three other states, New York, North Dakota and Washington — are considering bills generally on the subject of consumer privacy.

Price discrimination:

Public info use:


3. Apple’s Cat-and-Mouse Game with the Use of Tracking Cookies Ramps Up — ITP 2.2 Goes After Some URLs

More details emerged this week about Apple’s efforts to crack down on the use of third-party tracking via its Safari browsers.  This comes at the heels of moves by Google in the same direction which we wrote about last week.

Apple’s effort began in 2017 and it is called Intelligent Tracking Protection. Version 2.0 went after third-party cookies. Now 2.1 is limiting the shelf-life of even first-party cookies, deleting them after seven days if they appear to be a workaround to enable cross-site tracking.  “ITP 2.1 will likely disrupt marketers’ core efforts to track, analyze, measure, target, and personalize for Safari users,” three analysts at Forrester Research wrote last month.

Adds Ratko Vidakovic, founder of ad-tech consultancy AdProfs, and a former Centro executive: “Given Apple’s aggressive attitude toward this issue, it seems like the idea of persistent cookies in Safari, for cross-site tracking purposes, will eventually be a thing of the past.”  

That’s not all.  This week industry observers reported on a May 13 release of ITP 2.2 which will affect not only cookies, but also query-strings appends on the end of URLs if added by a major ad network. Where Apple detects such “link decoration” it will erase even first-party cookies after one day. The idea is to prevent this method of cross-site data gathering and attribution.  Query strings are used for many purposes that are benign from a privacy point of view. So it is likely Apple would use this sparingly only against big-data advertising networks.


4. Most Apps Are Still Gathering Data Without Permission

What it is: GDPR went into effect a year ago, yet most mobile apps are still harvesting user data without permission. A recent study for AdExchanger by Kochava showed little difference in this practice between the top 2700 U.S. and French-based apps in the Google Play store, regardless of where users are located. In each country nearly 60% sent user data to a remote endpoint at least once, whether consent was given or not.

Why it matters: Even apps that presented users with a consent choice often ignored their selected privacy preferences. “Bad information is collected and syndicated at scale through ad networks,” said Grant Simmons, head of client analytics at Kochava to AdExchanger. “It’s like data laundering – ad networks as willful clearing houses for nefarious publishers.”

And/But: Because of the nature of the ad ecosystem, lack of resources to pursue bad actors, and other factors — it’s not easy to catch privacy violators and ad fraudsters.

For more:

5. U.S. Advertising Interests Call for a Data Protection Bureau within the Federal Trade Commission

What it is: In a March 23 blog post on the Privacy for America website, the group stated, “As part of our efforts to push for a nationwide data privacy law, we’ve been urging Congress to create a specialized, Data Protection Bureau within the Federal Trade Commission (FTC), and to give the agency targeted rulemaking authority. Doing so will enhance the FTC’s longstanding expertise in promoting consumer protection and overseeing privacy issues. We also think it’s important to equip the FTC with the additional staff and resources it needs to exercise strengthened privacy oversight and enforcement.”

Why it matters: Privacy for America is a coalition effort of the American Association of Advertising Agencies (4A’s), Association of National Advertisers (ANA), Digital Advertising Alliance, Interactive Advertising Bureau (IAB) and the Network Advertising Initiative (NAI). The FTC has held 13 public hearings on Competition and Consumer Protection in the 21st Century since September of last year and has made similar appeals to Congress to give them more resources and regulatory power related to protecting consumer data. This latest move by Privacy for America shows ad industry support for their efforts.

And/but: The next FTC hearing will take place June 12 at the Creighton University School of Law in Omaha, NE. “The FTC has always been committed to self-examination and critical thinking, to ensure that our enforcement and policy efforts keep pace with changes in the economy,” said FTC Chairman Joe Simons.

For more:…/

Quote of the Week

“Third-party audiences are going to be a nightmare,” said Pedro Mona, managing director, platforms and engineering at iProspect. “The volumes will decrease significantly. The ability to track their own audiences outside Amazon will go down. Not necessarily on a device level as they will still have their app installed in a number of devices, and there might be a way they can still track users there. But [on web] they will see a reduction, like everyone else. Google is the only winner.”


Like what you see? Then recommend to a friend.




Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.