|
|
Advertisers decry “senseless” CCPA draft rule requiring them to respect browser software global “do not sell” settings; letter makes jobs, First Amendment claims
The U.S. advertising industry sounded an alarm last week about new proposals from the California attorney general that would require them to honor a global “do not sell” signal sent by a user’s browser software. The proposal is contained in the third-round, March 11 draft regulations to enforce the California Consumer Privacy Act. TEXT OF LETTER.
The concerns came in a five-page letter dated March 27 and signed by executives of six trade associations representing, they said, 2,500 companies responsible for more than 85 percent of U.S. advertising spending, including Google and Facebook. The letter implies that California’s economy and jobs will be harmed if the regulation language stands.
The letter was the clearest signal yet that the advertising industry is afraid of what will happen if “opting out” of the sale of users’ personal data is made too easy, as with a one-time setting on the web browser. The industry waged a similar policy war a year ago against the “Do Not Track” flag in browsers and ad-tech largely ignored that signal sent by the browsers. But this time, the signal would have the force of law, if the draft regulations stand.
Privacy groups, including the American Civil Liberties Union, generally backed the provision the ad-industry dislikes in comments submitted by the Electronic Frontier Foundation.
“Many consumers choose the software they use specifically to reflect their privacy choices,” the EFF said in its comments, adding: “If a user selects a browser extension or application in order to protect their privacy, they should not also need to select a separate setting in order to enjoy one of the most important privacy protections granted by CCPA, the right to opt out of sale.”
The ad-industry letter’s key arguments are that: (1) A global “do-not-sell” signal might make it difficult and confusing to discern if a user has a more nuanced feeling about individual websites (2) Business’s “free speech” rights to communicate with their customers would be unconstitutionally impeded (3) and “continued economic development and advancement” in California would be affected. The letter asks that Attorney General Xavier Beccera make optional the respecting of a browser “Do Not Sell” signal. It says the CCPA’s language and legislative intent does not support a mandatory respecting of a global browser signal.
In one particular sentence, the letter appears to warn that businesses that have a direct relationship with their customers will be unfairly advantaged by the rule: “The removal of these provisions entrench intermediaries in the system and will advantage certain business models over others, such as models that enable direct communications between consumers and businesses,” the letter says.
CCPA WEEK FOURTEEN
-
EFF asks California AG to force respect for “Do Not Track” in CCPA | Bennett Cyphers, EFF.org
-
LETTER: Ad industry claims CCPA violates the First Amendment | Wendy Davis, MediaPost.com | TEXT OF LETTER
-
Businesses should not be prosecuted for CCPA violations during COVID? | Wendy Davis, DigitalNewsDaily.com
-
Ad industry, lawyers rebuffed by AG in plea to delay July 1 CCPA enforcement | Joe Duball, IAPP.org
-
Businesses Should Not Be Prosecuted For California Privacy Law Violations, ANA Says | Wendy Davis, Digital News Daily
-
How am I supposed to do this? Part Trois: California Attorney General issues CCPA modifications | Zenus Franklin, Taft Privacy and Data Security Insight
-
Hidden Danger: Where Is Your CCPA Notice? | Fisher Phillips
-
COVID-19 Bulletin: California Attorney General: CCPA Enforcement Will Not Be Delayed Due to COVID-19 | Scot Ganow, Taft Privacy and Data Security Insight
-
California Attorney General Declines to Delay Enforcement of the CCPA | Heather Whitehead and Kyle Janecek, Newmeyer Dillion
-
Are companies required to get opt-in consent under the CCPA before using personal data? | David Zetoony, Bryan Cave Leighton Paisner LLP
-
California Attorney General: CCPA Enforcement on Schedule Despite COVID-19 | Bethany Gayle Lukitsch, Anthony Q. Le, Justin T. Yedor and Christine M. Mastromonaco, McGuire Woods
-
Consumer Reports: CCPA Enforcement Must Proceed | John Eggerton, Multichannel News
-
Opt-out button gets scrapped in latest round of CCPA amendments | Catherine Chapman, The Daily Swig
-
Comparing the CCPA and the GDPR | KJ Dearie, CPO Magazine
-
EFF Says Privacy Loopholes Remain in CCPA | Fahmida Y. Rashid, Decipher
-
Can a company exclude Californians from a loyalty program? | David Zetoony, Bryan Cave Leighton Paisner LLP
|
|
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
|
GroupM survey finds privacy-wary consumers don’t believe personal data use leads to more relevant ads
New research commissioned by the world’s largest advertising agency, GroupM, finds that consumers don’t believe use of personal data leads to more relevant ads. The finding is a potential blow to the core “ideology” of the advertising-technology business — that tracking of users leads to effective advertising. But it does answer the age-old question: Does a survey respondent report their actual behavior or reactions?
DOWNLOAD RESEARCH REPORT
The research, “Consumer Trust in Digital Marketing,” found 6 in 10 consumers say they are less inclined to use a product if their data is used for any purpose, and 64 percent of consumers would have a negative opinion of a brand next to inappropriate content.
The survey involved nearly 13,900 middle-income consumers ages 18-49 in 23 countries. Michael Heusner reported at CampaignLive.com that 61 percent of consumers are less inclined to use a product if their personal data is used for any purpose, while 56 percent of consumers want more control over their data.
The research also found that only 17 percent of consumers believe personalized ads are ethical, noted John Koestier, writing on the Forbes.com website. Koestier wrote: “A massive majority of consumers believe that using their data to personalize ads is unethical. And a further 59% believe that personalization to create tailored newsfeeds — precisely what Facebook, Twitter, and other social applications do every day — is unethical.”
“It is a staple of the advertising industry to claim that data collection benefits consumers because they are shown ads of greater relevance to them,” said Chris Myers, regional director, GroupM APAC. “In our study, only 18 percent of consumers believe that.”
Last year, fraud prevention and security company RSA Security said a survey it sponsored found only 17 percent of those served (9,000 people) believed personalized ads were ethical.
|
|
|
|
|
COVID AND PRIVACY
-
The power of data in a pandemic | Matthew Gould, Dr Indra Joshi and Ming Tang, GOV.UK
-
Hackers are exploiting Zoom’s newfound popularity amid coronavirus pandemic | Matt Binder, Mashable
-
Silicon Valley, It’s Your Chance to Turn the Tide on Covid-19 | Tristan Harris, Wired
-
US government officials using mobile ad location data to study coronavirus spread | Kim Lyons, The Verge
-
How much should the public know about who has the coronavirus? | Thomas Fuller, New York Times
-
Will privacy be yet another COVID-19 victim? | Lucia Bird, Slaughter and May
-
Just because you’re working from home doesn’t mean your boss isn’t watching you | Sara Morrison, Vox
-
We’re watching you: COVID-19 surveillance raises privacy fears | Elizabeth Beattie, Aljazeera
-
Ring’s mysterious new ‘Doorbox’ leaks | Jon Porter, The Verge
ZOOM AND PRIVACY
PERSONAL PRIVACY
-
Snowden warns government surveillance amid COVID-19 could be long lasting | Abrar Al-Heeti, CNET
-
We Need a Face Surveillance Moratorium, Not Weak Regulations: Concerns about SB 6280 | Jennifer Lee, ACLU Washington
-
Will the Role of Facial Recognition Grow in a Post-COVID-19 World? | Proskauer
-
Snowden warns government surveillance amid COVID-19 could be long lasting | Abrar Al-Heeti, CNET
-
Where does your data come from? | Dr Brent Mittelstadt, Freshfields Bruckhaus Deringer
-
Big tech companies must protect customer data from legal backdoors | Privacy International
-
Harvard’s Elizabeth Renieris: Privacy Is an Inalienable Right | Jeff Benson, Digital Privacy News
-
Trudeau leaves door open to using smartphone data to track Canadians’ compliance with pandemic rules | Catharine Tunney, CBC
-
Zoom, Google Hangouts attract phishing and malware hackers: how to protect yourself | Kimberly Gedeon, Laptop
-
Brave Browser Gains 1m New Users in a Single Month | Benjamin Pirus, CoinTelegraph
|
|
|
ADVERTISING TECH
LiveRamp exec advises on publisher strategies that feed into its “authenticated” ID effort; will browsers block?
Publishers need to develop a strategy around user log-ins — and explaining the value of their content to consumers if they want to make more money from ads, according to an executive of data-warehousing firm LiveRamp.
Authenticated, personally identifiable information (PII) can be translated into pseudonymized identifiers and shared across open Internet, says LiveRamp senior VP Travis Clinger, in a paid-content piece on the DigiDay website.
LiveRamp, formerly part of Acxiom, for a year has been promoting its offer to manage a common “IdentityLink” profile service that would gather email addresses and phone numbers of publisher users and then mix-and-match that data with other sources to create a profile. It argues a “consent” at the publisher level would comply with privacy laws. LiveRamp also helped start the Advertising ID Consortium, Inc. with two other ad-tech companies with similar intent.
What’s unclear so far is whether the settings in web-browser software such as Apple Safari, Firefox Mozilla, Brave, Microsoft Edge and Google Chrome will block the operation of such a cross-site identity service controlled by the advertising industry, even though it no longer uses “cookies” to work.
For example, Apple’s “tracking prevent policy” articulated on its WebKit blog says:
“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.”
But it adds two paragraphs later:
“We consider certain user actions, such as logging in to multiple first party websites or apps using the same account, to be implied consent to identifying the user as having the same identity in these multiple places. However, such logins should require a user action and be noticeable by the user, not be invisible or hidden.”
|
|
|
Collaboration, uniform interest taxonomies and broad access to publisher first-party data needed in post-cookies era, CafeMedia co-founder says
Reputable publishers who have gathered information directly from their subscribers and users will have an advantage when third-party “cookies” vanish, but only if they can pool their data and describe user interests and demographics in uniform “taxonomies,” says a veteran ad-tech and content-sharing entrepreneur.
“Significant investments will be required before advertisers can use publisher first-party data at scale,” CafeMedia co-founder and EVP Paul Bannister says in an opinion article appearing on the AdExchanger website this week.
Bannister says such “first-party” data has to be available in large-enough interest segments to be an appealing buy for advertisers. “Publisher first-party data cross a handful of publishers isn’t useful to many buyers and if buyers can’t get the size of segments they’re accustomed to, they’ll buy with other tools or in other channels.” He also says the standard descriptive categories of user data — so called “taxonomies” — need to be broadly adopted and more extensive than those offered presently by the Interactive Advertising Bureau.
Significant coordination around standards, governance and technology is needed, he says, otherwise “targeting on the open web will be less useful than in the walled gardens and the open web will continue to lose ground to the platforms.” Collaboration is required, he says.
MORE AD TECH
|
|
|
|
REGULATION — EUROPE / WORLD
REGULATION — U.S.
STATE ACTIONS
PRIVACY BUSINESS
NEWS AND PRIVACY
UPCOMING EVENTS
Ad tracking, cookies and risk: Legal webinar April 15
The law firm Hogan Lovells and consulting firm Ankura is holding a webinar on April 15, about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. They plan to cover tracking technology legal and regulatory challenges, best practices, and the future of cookies.
Webinar: AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy
|
|
|
|
QUOTE OF THE WEEK
If you let your web browser signal “Do Not Sell,” is that unconstitutional? U.S. ad industry says ‘yes.’
“The revised proposed rules require businesses that collect personal information from consumers online to treat user-enabled global controls, such as a browser plugin or setting, device setting, or other mechanism that purports to carry signals of the consumer’s choice to opt out of the sale of personal information, as a valid request submitted for that browser, device, or consumer. This requirement exceeds the scope of the OAG [California attorney general’s] authority to regulate pursuant to the CCPA, runs afoul of free-speech rights inherent in the United States Constitution, and impedes consumers of the ability to exercise granular choices in the marketplace. For these reasons, we ask the OAG to remove this requirement, or, at a minimum, to give businesses the option to honor such controls or decline to honor such settings if the business offers another, equally effective method for consumers to opt out of personal information sale.”
– Excerpted from March 27, 2020 letter to California’s attorney general from six major U.S. advertising trade organizations objecting to draft regulations implementing the California Consumer Privacy Act (CCPA), which takes effect July 1.
|
|
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|
