PRIVACY BEAT: Focus of ad-tech future might shift to W3C working group; but where are publisher representatives?


Privacy Beat

Your weekly privacy news update.

Ad-tech veteran predicts publishers to benefit eventually from SSO after Chrome kills off third-party cookies

Advertising-technology blogger Radtko Vidakovic is out this week with a stunningly comprehensive and authoritative summary of what is likely to happen next after Google’s announcement it will “kill” third-party cookies in the Chrome browser within two years. 

Vidakovic is a two-decade ad-tech entrepreneur who now runs a Toronto based consultancy. His weekly email blog is read by thousands. The newsletter isn’t on the web but a subscription is free. One of his key conclusions: “Scaled publishers with premium brands and, ideally, large authenticated audiences will be the big winners in the end.”  He says that’s because “they have addressable first-party audiences at scale, making them safe, effective bets.” He predicts a mass push by publishers toward authentication and registration, accelerating interest in login alliances and federated Single Sign on.

In the latest installment, in recounting a detailed history of ad-tech and the “cookie,” he makes the following additional points:

  • In the short run, publishers may lose up to half their programmatic advertising revenue (a Google-cited estimate), as advertising targeted to individual users is increasingly distributed by Google, Amazon and Facebook.

  • User tracking alternatives such as fingerprinting and link decoration (also known as URL appends or query strings) will be constrained if not blocked by browsers. “Most DMP data will be useless,” Vidakovic writes. “DMPs will need to pivot into PII-based customer data platforms (CDPs), if they haven’t already, or risk going under.”

  • In one possible future scenario, the user’s web browser, rather than a publisher ad server, would manage the auction of ad space for an individual user, Vidakovic speculates. 

  • “The only real alternatives to the third-party cookie are the browser API proposals found in Chrome’s Privacy Sandbox…all other have some risk of being snuffed out.” Those Google-advanced APIs would support relevant rather than individual-user targeting, frequency capping, conversion tracking reporting and fraud detection. “Will Google give itself an advantage in some way behind the scenes,” asks Vidakovic?

  • He terms it a “brilliant move” by Google to head off antitrust inquiry about quelling the third-party cookie in Chrome and suggesting industry consensus-building on an open-standard alternative. A Jan. 16 story by four Bloomberg Business writers, quoting sources, said the US. Justice Department has queried at least three publishers — News Corp., Conde Nast and The New York Times Co. — with questions about the digital-advertising market and other aspects of Google’s dominant effect on them. “We’re working on standards for browser-mediated login and federated identity,” Google’s browser-tech executive Justin Schuh said in a Jan. 14 Tweet captured by Vidakovic. “There are still quite a few details to hash out, but we have solid consensus among the browsers on the general shape of the solutions here.”

In a final wrap on the situation, Vidakovic writes:

“Personalized user-ID-driven advertising, as it exists, will disappear, and most likely become highly restricted to secure environments (e.g. within the “data clean rooms” of Facebook, Amazon, and Google, or mediated tightly by the browser). Everyone else will still be allowed to run some form of relevant advertising, using the proposed browser APIs found in Privacy Sandbox. Since all the user-based details will stay on each device, in the browser, this key piece of transactional data will be eliminated. Instead, these proposed standards will make it so that every bidder receives the same data from the browser. And if every DSP is working from the same limited set of data, supplied by browsers, they will become less differentiated.”

Another key perspective came from Jordan Mitchell, head of identity and data privacy at the IAB Tech Lab — the trade association which primarily is supported by ad-tech vendors and some publishers and agencies. In a series of 12 interlocking Tweets, Mitchell asserts the end of TP cookies will cause publishers to ask for users’ email addresses as a unique identifier. He calls for innovation on a “neutral” solution, asking:  “So how do we get to privacy choices that can be managed centrally by consumers and reliably communicated to 3P platform vendors working on behalf of publishers, brands or advertisers?”  [See more at Quote of the Week, below]


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Focus of ad-tech future might shift to W3C working group; but where are publisher representatives?

The Google ideas for new APIs cited by Radko Vidakovic are neither designed nor specified yet and Google is encouraging interested parties — including publishers — to join a World Wide Web Consortium (W3C) open-standards study group to help flesh them out. It’s called the “Improving Web Advertising Business Group”.

“What might this group propose?” Wendy Seltzer, the group’s chairman, wrote in 2018 when it was formed.  She continued: “We don’t yet know. It depends upon who shows up and where they can reach agreement, because one of W3C’s core values is consensus.” Seltzer, is strategy lead and legal council to the W3C and is based at MIT in Cambridge.

2017 blog post about the group’s creation, said it would push for core Web platform capabilities and changes to more efficiently support key Web advertising use cases.  It’s mission is “to identify areas where standards and changes in the Web itself can improve the ecosystem and experience for users, advertisers, publishers, distributors, ad networks, agencies and others.” A single-sheet flyer elaborates.  It appears to have supplanted the work of an eight-year-old “tracking protection working group,” which closed a year ago. 

A posted list of participants in the group include representations of the IAB Tech Lab, but only a single individual listing any direct publisher affiliation.


British startup launches “personal data grid” with counterintuition: Privacy is sharing; what about ad cohorts?

A British startup nurtured by a longtime defense-industry entrepreneur, with $30M in funding from Swiss Re, Omidyar Network and others, has now launched what it calls a “personal data grid” that allows individuals to manage and control their personal data from a single location they control.

Digi.Me Ltd. has been working since at least 2014 on the concept, which founder Julian Ranger says is now a reality, with major partners to be soon announced in Britain, the U.S. and elsewhere. He says it is based on a counter-intuitive premise — that the best way for an individual to assure their privacy is to be part of a mechanism for sharing their personal data — all of their personal data, but from only a single location and only when they agree.

Ranger says tidbits of our data are everywhere and out of our control. Using technology concepts in part from the building of software for U.S. fighter jets, his idea is to collect all your data, normalize its formatting and language, and then act as a broker, selling pieces for a transaction fee of as little as 10 cents to third-party users you authorize.  The consumer pays nothing for the service; DigMe will make money on the transaction fees paid by data users.

“It’s like a postal fee, we don’t get involved in the value exchange; the data is encrypted and we don’t see it,” Ranger said in a Privacy Beat phone interview. “You choose Dropbox, Google Drive, One Drive or others to store it, in your location, fully encrypted with your own keys.”

One possible application he sees — a news organization could contract with hundreds of thousands of Digi.Me users, putting them into anonymous interest cohorts and offering advertisers the opportunity to target cohorts, not individuals. However, he thinks advertising is not a likely first use.

Competitors? He cites Hub of All Things in Britain, and Cozy Cloud in France and says a founding principle of DigiMe is that it will allow users to port their data in or out to other services.  “It’s been difficult to fund,” he said, because of the complexity of the data-normalizing process. “There will be competitors, but it is a hard task,” he says.  He thinks Dig.Me could work alongside the “Solid” project at MIT of WWW inventor Sir Tim Berners-Lee, who also wants to re-engineer the web to decentralize data and put it under personal control. 


Britain’s privacy office pushes back on assertion it isn’t enforcing rules over perceived real-time bidding violations

A key privacy regulator in the European Union appears to be pushing back on assertions that there is no teeth in General Data Protection Regulation (GDPR) enforcement. The comments came from the British regulator, the Information Commission’s Office (ICO).

Brave browser’s Johnny Ryan and others have formally complained the real-time bidding (RTB) ad-tech system is hopelessly non-compliant with GDPR. The ICO, largely acknowledging that a “legitimate interest” justification for data processing is non-compliant, has declined to announce enforcement.

“Every time we look further into the [real-time bidding] space it reinforces the concerns we had at the beginning of the processes,” Ali Shah, head of the ICO’s tech policy, told DigiDay’s Seb Joseph. “Those players in RTB who have ignored the window of opportunity to conform to regulation must prepare for the ICO to use its wider powers.”

Joseph wrote that Shah’s tone at an Interactive Advertising Bureau meeting in London appeared to be a subtle shift toward threatening greater investigation or fines, after multiple sets of warnings in 2019.







Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Where is ‘neutral’ replacement for third-party cookie?

“Our entire ecosystem must collaborate together to support consumers and their choices, both privacy choices and (just as importantly) the model which they choose to pay for content and services. We support supplanting 3P cookies with a suitable [neutral] replacement that fuels the Open Web, competitive innovation around consumer transparency, choice and control, while eliminating innovation around opaque / covert tracking mechanisms. This all said, the solutions discussed are still theoretical. There is no suitable replacement for 3P cookies available today, nor policy consensus, to ensure that the Open Web will continue unimpeded. We’ve been in the W3C discussions (have been mostly around proprietary browser/OS approaches). We’d prefer to see focused collaboration on improved, open privacy/tech standards supported by all browsers! … As a result, these actions will lead to 1st parties requesting/requiring an alt identifier from consumers (email, login, etc.). It’s already begun! Is this better or worse than a pseudonymous token stored within a cookie?”

– Jordan Mitchell, head of identity, data and privacy at the IAB Tech Lab, in an interlocking series of 12 Tweets commenting on the “death” of the third-party cookie.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp