PRIVACY BEAT: Goodbye third-party cookies, hello first-party data and the ‘year of the universal ID’ — predictions for 2020

Privacy Beat

Your weekly privacy news update.

1. Goodbye third-party cookies, hello first-party data and the ‘year of the universal ID’ — predictions for 2020

In the 1990s, engineers at the old Netscape Communications Corp., maker of the first wildly popular web browser, patented an invention that they called a “magic cookie” — a file that could be stored on your computer.

The idea was to overcome a design feature — some might have thought of it as a flaw and others as an important benefit — of the basic World Wide Web — it was “stateless.” As you traveled from website to website, each new location knew nothing about you or where you came from. Without the “cookies”, you would have to enter your login or preferences over and over again — re-asserting your identity.

At first cookies solved that problem. But then marketers figured out they could “track” you across the web and store information about your web behavior without your knowledge or consent — a third-party cookie practice that helped make Google and Facebook the commercial giants they are today.

Now, the “cookies” feature is increasingly viewed as a “bug” to be fixed, or eliminated:

Privacy-first mechanisms are focusing attention on how the web manages identity. In a set of expert predictions for 2020 about identity, ExchangeWire editor Mathew Broughton included a quote from Tom Kershaw, CTO of Rubicon Project, one of the biggest ad-tech companies, who writes that 2020 “will be the year of the Universal ID.” Kershaw continues: “We predict the industry will finally rally around standardized identity solutions and adoption will skyrocket.”
Writing on the Nieman Lab website, M. Scott Havens, Bloomberg Media’s global head of digital and media distribution, says it’s time for publishers to solicit information about their users in an open and direct — “first-party” approach that doesn’t involve targeting advertising through a third-party cookie ecosystem. (see more at Quote of the Week, below).
As a result of European and California law, consumers will be able to “opt out” of third-party cookie tracking, requiring advertising brands to seek other methods to understand consumers, writes Tony Chen, on the VentureBeat website, “Contextual targeting will provide a good alternative to cookies,” Chen writes. He says new technology goes way beyond just placing ads on a page with relevant (“contextual”) content. “Brands can get very granular with context by targeting video metadata, titles, and descriptions, related keywords, audio transcripts and even comments within and surrounding content.” Chen is founder of a company that offers ad-campaign tech.
Publishers who recognize their first-party relationship with users is valuable will align with other publishers around that insight, according to Dr. Jurgen Galler, CEO & co-founder of 1plusX, writing in a year-end ExchangeWire wrapup on the ad ecosystem. “Brands and advertisements placed next to editorial content will benefit from the positive attitude that is fostered through relevant content and a good relationship between publication and reader,” he writes.

RELATED LINKS

Ad-Tech experts call for third-party verification after death of the cookie | Ronan Shields, AdWeek
How many third-party ad cookies deploy on most websites? | David A. Zetoony, Bryan Cave law firm
2019: The year that privacy got real for marketers | Greg Sterling, MarketLand
How Cambridge Analytica and the Trump campaign changed Big Tech forever | Lauren Feiner, CNBC.com
VIDEO: Marketing in a post-cookie, consumer consent world | Better Business Bureau
Simple question: What happens when cookies crumble? | Sarah Sluis, AdExchanger
How Adobe ad-tech is handling browser cookie blocking | Erin Davis, Adobe Tech Blog
Washington Post using “Zeus” to take Facebook ad dollars? | Sarah Sluis, AdExchanger

Identity gatekeepers and the future of digital identity | Nadine Shaabana, PrivacyInternational.org

Does your organization need customized privacy compliance solutions? ITEGA can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

CCPA COUNTDOWN

‘Sale’ and ‘service provider’ — two key definitions promise legal wrangling as CCPA takes effect

Two key definitions embedded in the California Consumer Privacy Act (CCPA), which takes effect Jan. 1 — are already providing grist for legal wrangling and assertions by Facebook. The words are “sale” and “service provider”.

If Facebook collects information about your web browsing, uses it to target advertising and charges for that advertising, was your data “sold”? Facebook says no. Here’s a trickier question — under the CCPA, a “service provider” can receive personal information from another company — where that company has permission from the end user to use the data for a specific purposes — and process the information for that purpose. But if the “service provider” uses the data for some other purpose, that is viewed as a violation of the CCPA’s use restrictions.

Attorney Cynthia J. Larose of the Mintz law firm explained in a Dec. 23 posting that for a vendor to process data as a “service provider” they must (a) have a written contract for the processing (2) not retain the personal information “for any purpose other than for the specific purpose” under the contract and (3) can’t disclose the information for any purpose unless it is “aggregated or de-identified.” (See Mintz’s red-lined CCPA version).

RELATED LINKS

Three legal experts don’t think Facebook’s argument will hold up | Sara Morrison, reCode-Vox
What California’s CCPA means for Facebook, Twitter users | Queenie Wong, C\Net

GETTING READY FOR CCPA

IAB CCPA compliance framework for publishers and tech companies | IAB Tech Lab
The importance of third-party vendor compliance | Alison Hill & Cody Wamsley, Dorsey & Whitney law firm
How to prove to partners you comply with CCPA | Kimberly Kiefer Peretti, Alston & Bird law firm
What are the penalties for CCPA non-compliance? | Cynthia J. Larose, Mintz law firm
Only 4% of sampled websites have “do not sell” link | David A. Zetoony, Bryan Cave law firm
CCPA regulations on verification requests and non-discrimination | Patterson Belknap law firm
What is involved in legal price discrimination under CCPA? | Bryan Cave law firm
Your essential cheat sheet for CCPA compliance | Robert E. Braun & Michael A. Gold, Jeffer Mangels law firm
Here’s what your company should be doing about CCPA | Travis Brenan, Stradling Law Firm

What to do to prepare for CCPA | Dykema Gossett law firm

PERSONAL PRIVACY

New York Times series on mobile data privacy prompts reports in other publications

The New York Times’ decision to editorially spotlight mobile data privacy concerns is continuing, and other publications are chiming in. The Times started by reporting on its receipt and analysis of 50 billion location pings from the phones of more than 12 million Americans moving about major cities. For example, the PBS Newshour interviewed one of The Times’ writers.

In a Dec. 21 segment, The Times wrote about Pasadena, Calif., a place in and around where, it headlined, “…Even the Children are Being Tracked.” It added the same day an unsigned editorial, “Total surveillance Is Not What America Signed Up For.”

“The biggest difference between then and now, is that people didn’t really think about what companies were collecting on us,” USAToday quoted Chris Jordan, CEO of Fluency, a data-analysis company, as saying. “We weren’t worried about privacy. Now we are.”

RELATED LINKS

Phone tracking: New goldrush in consumer data? | Joe Mandese, MediaPost
Watch out what you put on your car’s phone and entertainment system, Washington Post finds | Kathryn Rattigan, Robinson & Coe law firm
VIDEO: What data your smartphone is transmitting — and to whom? | William Brangham, PBS Newshour
How technology made us bid farewell to privacy in the last decade | Jefferson Graham, USAToday
Freaked out about tracking? Three steps to protect your phone | Stuart A. Thompson & Gus Wezerek, NYTimes
RESEARCH: Mobile users’ information privacy concerns and the role of app permission requests | Kenan Degirmenci, Science Direct

“Internet of things” will see increase in regulation, self-regulation | Prachi Sah, Clyde & Co. law firm
‘Too big to fail” tech’s decade of impunity | Julie Carrie Wong, The Guardian
Short-form video platform TikTok banned by U.S. Navy amid growing data privacy concerns | Shawn M. Carter, FOXBusiness

PRIVACY TECH

MIT Tech Review: Image scrambling startup D-ID raises questions about compliance with GDPR?

A Dec. 20 report in the MIT Technology Review examines the claims of an Israeli privacy company, D-ID, which says it takes video footage of faces and alters the data so that facial-recognition scans won’t identify them. The piece points out the challenges of field privacy-protecting solutions when law and practice are still evolving.

The company says its technology “anonymizes” faces so that consent is no longer needed to capture them. The piece by Angela Chen quotes company-referred experts calling the technology a “win-win” for privacy and business.

“Other experts, however, say that the company misinterprets Europe’s General Data Protection Rule (GDPR), doesn’t do what it’s supposed to, and—even if it does—probably shouldn’t be doing it anyway,” Chen writes in the article.

Ann Cavoukian, a D-ID advisory board member and former privacy commissioner for the Canadian province of Ontario, was quoted as saying she thinks there’s nothing wrong with collecting data so long as people’s exact identities are obscured.

D-ID presented its technology idea at a Sept. 13 session at Mozilla co-organized by the Information Trust Exchange Governing Association (ITEGA).

RELATED LINKS

Osano raises $5.4M in Series A for data-privacy transparency platform | HelpNetSecurity
AI has a privacy problem, but these techniques could fix it | Kyle Wiggers, VentureBeat

WASHINGTON WATCH

Proposed federal bills exceed CCPA in some respects | Luke Sosnicki & James Shreve, Thompson Coburn LLP law firm
How Big Tech manipulates academia to avoid regulation | Rodrigo Ochigame, The Intercept
Government study confirms most face recognition systems are racist | MIT Technology Review
Brookings Scholars Warn: GDPR And CCPA Are Only The Beginning | Ray Schulz, MediaPost

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

QUOTE OF THE WEEK

Massive investment in first-party data operations?

“Despite some hand-wringing about the future, the industry’s reliance on third-party data has been hugely problematic. Data inaccuracies and imperfections contribute to the messiness of today’s digital advertising marketplace, which needs to be cleaned up in order to justify continued growth. A new cookie-less world will present an incredible opportunity to innovate our digital media ecosystem; a new system rebuilt on a sound foundation of quality, first-party data. This shift will not only enable marketers to finally trust the effectiveness of their targeted spends, but will also allow publishers to strengthen relationships with their readers…In 2020, I predict we will see massive investment into first-party data operations across the industry, and early positive results on those efforts that will buoy publishers, advertisers and customers alike.”

– M. Scott Havens, global head of digital and media distribution, Bloomberg Media, writing at Nieman Lab’s predictions for 2020.

Forward

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.