Local Media Consortium creates roadmap for news outlets to become compliant with CCPA and GDPR

News organizations coordinating privacy-friendly data policies for their readers, users and viewers is one way forward for sustaining trustworthy journalism, says a privacy researcher and expert who has consulted to both the Information Trust Exchange Governing Association (ITEGA — this blog’s sponsor) and the news industry.

“Privacy and a robust press naturally compliment each other,” writes Michelle de Mooy in a blog post hosted by the National Cyber Security Alliance. “Both are essential to functioning democracies and both offer tools necessary for an engaged and informed citizenry…surveillance capitalism has eroded both of these ideals.

De Mooy says privacy laws such as the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPA) have turned digital advertising on its head. Many of the data practices involved in programmatic advertising, for example, are almost certainly untenable under the laws, she says.

As a result, she says, the Local Media Consortium (LMC), an association of 90 local media companies representing over 3,500 newspaper, broadcast and online-only U.S. and Canadian news outlets, last year created for its members a comprehensive roadmap for complying with the CCPA and GDPR. The roadmap offers a step-by-step guide to understanding and implementing the laws from a large and small market perspective and offers resources for building solid data governance programs on differing budgets. 

She writes the LMC has been leading a multi-stakeholder group of publishers, advertisers, privacy advocates, academics and others to rebuild revenue and trust in the news industry by embedding concepts like privacy, transparency and accountability into technology systems that will attract both users and advertisers.

“When users agree to share their data, advertisers will have access to a quality pool of real people in a brand safe environment,” de Mooy writes, adding: “This approach rebuilds trust and returns the value of content to its creators, allowing publishers to focus on delivering quality reporting to their communities.”

AD TECH

Startup and consumer data company race into cookie void — what they propose and one view of what might result

A Bulgaria-based startup company touting blockchain technology, and a mature consumer-data warehouser became the latest outfit to try and occupy the void in ad-tech that will be created when browsers stop supporting the use of third-party tracking cookies.

AdEx, the Bulgarian startup, displayed a timeline on its website showing a three-year effort, backed by the then-equivalent of $12 million raised in a crypto-currency sale, to create a technology for  storing user data on the user’s machine and then tapping it to target advertising in a method similar to that employed by the Brave browser.

Journalist Laurie Sullivan, writing at MediaPost, described AdEx’s tech as seeking a “direct connection between advertisers and publishers without targeting third-party intermediaries — uses tracking cookies, but the information remains on the device browsing the internet, rather than the ad network copying the information and loading it on its servers.” Sullivan continues in her report that “the technology matches the visitor with relevant ads by their preferences and the context of the content they interact with on the publisher’s site. The anonymized information about these preferences is stored in the user’s local storage on their device.

Meanwhile, the respected data-warehousing firm LiveRamp, the successor to what used to be called Acxiom, is pushing on something it calls its “Authenticated Traffic Solution” (ATS), an effort described by AdExchanger.com’s James Hercher as working by asking users for their email addresses and then creating more chances to match online users based on email. Publishers using ATS ask readers to submit their email for free access to content.” Then LiveRamp can create cross-site email-keyed identities for ad targeting without cookies, Hercher writes.  LiveRamp argues the request to provide an email address constitutes “consent” under GDPR and CCPA rules.

In a web post, privacy and open-source blogger (and ITEGA advisor) Don Marti speculates that the machinations of ad-tech companies and others means a bifurcated web in which a user may consent to being “tracked” within a trusted advertising network, while relying on web browsers to block “creepy” advertising everywhere else.

MORE AD TECH

• Google Chrome begins third-party cookie evolution | George Slefo, AdAge

• Healthy democracy & micro-targeted political ads: you can’t have one with the other | The Web Untangled

• “The Fifth Cookie” — Acxiom and big data’s GDPR  initiative to replace cookie tracking | 5thCookie.com website

• Teens have figured out how to mess with Instagram’s tracking algorithm and gather data | Alfred Ng, C|Net News 

• With cookies on the way out, advertisers turn to old-school measurement methods | Seb Joseph, DigiDay.com

CCPA NEXT

Behind the initiative to create “CCPA 2.0”: A deeply reported account of back-room negotiations by Alastair Mactaggert

The website Protocol.com has a long, deeply reported and revealing account on the outcome of closed-door negotiations still underway between California’s premier web privacy advocate and Big Tech.  It comes as Alastair Mactaggert, a real-estate developer who led the fight that produced the California Consumer Privacy Act (CCPA) now seeks to gather signatures for a second ballot initiative that could make CCPA even tougher — or not?

Mactaggart now has until the end of April to collect 623,000 signatures and get “CCPA 2.0” — the California Consumer Privacy Rights Act — on the November ballot, writes Issue Lapowsky, a senior reporter with Protocol.com and former writer for Inc. magazine. She writes that Mactaggert says polling shows the initiative will pass handily.

“The last time Alastair Mactaggart tried to write the rules on internet privacy in California, tech giants like Facebook, Google and Microsoft mostly ignored him and then tried to crush him — spending millions of dollars in a fight that ultimately led to the passage of the CCPA,” Lapowsky writes, adding: “No one’s ignoring him now.”

She quotes Mactaggert as saying he has deliberately talked to dozens of stakeholders — including Big Tech — since December.  The result, she writes is “a juggling act of promises kept, concessions made, power flexed and deals struck.” She continues: “Interviews with more than 20 people involved in that process reveal how at least half a dozen provisions within the new initiative — from the limits on sensitive personal information to the treatment of employee data — trace directly back to Mactaggart’s private negotiations.”

Some key issues negotiated, she writes:

• The definition of “consent.” Mactaggert says it won’t change from CCPA. 
• What constitutes a legitimate reason to target ads to individuals based on sensitive personal information 
• What is meant by “publicly available information” and how to insulate it from constitutional challenge 
• Whether to acquiesce to Experian’s lobbying for a consumer-credit agency exemption
• Whether to clarify if CCPA should permit loyalty-program data collection 
• Creation of a new California Privacy Protection Agency 
• How to make CCPA “cleaner” and a model for possible federal law

“It’s just a power play,” Ross says. She notes that Hertzberg, who is in his last term in the senate, has already set up a campaign committee for the 2022 state controller race. That campaign has received funding from corporate giants including Facebook and Experian.

MORE CCPA NEXT

• CCPA 2.0 ballot initiative seen as big update to CCPA | Gretchen Ramos & Darren Abertnethy, GreenbergTraurig law firm

• How California privacy advocate quietly negotiates with Google/FB on post-CCPA initiative | Issie Lapowsky, Protocol.com

• Territorial scope of the CCPA | Lydia de la Torre, Medium

• Data Breach Lawsuit Against Salesforce And Hanna Andersson Alleges CCPA Violation | Wendy Davis, MediaPost