PRIVACY BEAT: Advertisers decry “senseless” CCPA draft rule requiring them to respect browser software global “do not sell” settings

Privacy Beat

Your weekly privacy news update.


Advertisers decry “senseless” CCPA draft rule requiring them to respect browser software global “do not sell” settings; letter makes jobs, First Amendment claims

The U.S. advertising industry sounded an alarm last week about new proposals from the California attorney general that would require them to honor a global “do not sell” signal sent by a user’s browser software. The proposal is contained in the third-round, March 11 draft regulations to enforce the California Consumer Privacy Act.  TEXT OF LETTER.

The concerns came in a five-page letter dated March 27 and signed by executives of six trade associations representing, they said, 2,500 companies responsible for more than 85 percent of U.S. advertising spending, including Google and Facebook. The letter implies that California’s economy and jobs will be harmed if the regulation language stands.

The letter was the clearest signal yet that the advertising industry is afraid of what will happen if “opting out” of the sale of users’ personal data is made too easy, as with a one-time setting on the web browser.  The industry waged a similar policy war a year ago against the “Do Not Track” flag in browsers and ad-tech largely ignored that signal sent by the browsers. But this time, the signal would have the force of law, if the draft regulations stand.

Privacy groups, including the American Civil Liberties Union, generally backed the provision the ad-industry dislikes in comments submitted by the Electronic Frontier Foundation.

“Many consumers choose the software they use specifically to reflect their privacy choices,” the EFF said in its comments, adding: “If a user selects a browser extension or application in order to protect their privacy, they should not also need to select a separate setting in order to enjoy one of the most important privacy protections granted by CCPA, the right to opt out of sale.”

The ad-industry letter’s key arguments are that: (1) A global “do-not-sell” signal might make it difficult and confusing to discern if a user has a more nuanced feeling about individual websites (2) Business’s “free speech” rights to communicate with their customers would be unconstitutionally impeded (3) and “continued economic development and advancement” in California would be affected. The letter asks that Attorney General Xavier Beccera make optional the respecting of a browser “Do Not Sell” signal. It says the CCPA’s language and legislative intent does not support a mandatory respecting of a global browser signal.

In one particular sentence, the letter appears to warn that businesses that have a direct relationship with their customers will be unfairly advantaged by the rule: “The removal of these provisions entrench intermediaries in the system and will advantage certain business models over others, such as models that enable direct communications between consumers and businesses,” the letter says.


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

GroupM survey finds privacy-wary consumers don’t believe personal data use leads to more relevant ads

New research commissioned by the world’s largest advertising agency, GroupM, finds that consumers don’t believe use of personal data leads to more relevant ads.  The finding is a potential blow to the core “ideology” of the advertising-technology business — that tracking of users leads to effective advertising.  But it does answer the age-old question: Does a survey respondent report their actual behavior or reactions?


The research, “Consumer Trust in Digital Marketing,” found 6 in 10 consumers say they are less inclined to use a product if their data is used for any purpose, and 64 percent of consumers would have a negative opinion of a brand next to inappropriate content.

The survey involved nearly 13,900 middle-income consumers ages 18-49 in 23 countries.  Michael Heusner reported at that 61 percent of consumers are less inclined to use a product if their personal data is used for any purpose, while 56 percent of consumers want more control over their data.

The research also found that only 17 percent of consumers believe personalized ads are ethical, noted John Koestier, writing on the website. Koestier wrote: “A massive majority of consumers believe that using their data to personalize ads is unethical. And a further 59% believe that personalization to create tailored newsfeeds — precisely what Facebook, Twitter, and other social applications do every day — is unethical.”

“It is a staple of the advertising industry to claim that data collection benefits consumers because they are shown ads of greater relevance to them,” said Chris Myers, regional director, GroupM APAC. “In our study, only 18 percent of consumers believe that.”

Last year, fraud prevention and security company RSA Security said a survey it sponsored found only 17 percent of those served (9,000 people) believed personalized ads were ethical





LiveRamp exec advises on publisher strategies that feed into its “authenticated” ID effort; will browsers block?

Publishers need to develop a strategy around user log-ins — and explaining the value of their content to consumers if they want to make more money from ads, according to an executive of data-warehousing firm LiveRamp.

Authenticated, personally identifiable information (PII) can be translated into pseudonymized identifiers and shared across open Internet, says LiveRamp senior VP Travis Clinger, in a paid-content piece on the DigiDay website.

LiveRamp, formerly part of Acxiom, for a year has been promoting its offer to manage a common “IdentityLink” profile service that would gather email addresses and phone numbers of publisher users and then mix-and-match that data with other sources to create a profile. It argues a “consent” at the publisher level would comply with privacy laws. LiveRamp also helped start the Advertising ID Consortium, Inc. with two other ad-tech companies with similar intent.

What’s unclear so far is whether the settings in web-browser software such as Apple Safari, Firefox Mozilla, Brave, Microsoft Edge and Google Chrome will block the operation of such a cross-site identity service controlled by the advertising industry, even though it no longer uses “cookies” to work.

For example, Apple’s “tracking prevent policy” articulated on its WebKit blog says:

“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.”

But it adds two paragraphs later:

“We consider certain user actions, such as logging in to multiple first party websites or apps using the same account, to be implied consent to identifying the user as having the same identity in these multiple places. However, such logins should require a user action and be noticeable by the user, not be invisible or hidden.”

Collaboration, uniform interest taxonomies and broad access to publisher first-party data needed in post-cookies era, CafeMedia co-founder says

Reputable publishers who have gathered information directly from their subscribers and users will have an advantage when third-party “cookies” vanish, but only if they can pool their data and describe user interests and demographics in uniform “taxonomies,” says a veteran ad-tech and content-sharing entrepreneur.

“Significant investments will be required before advertisers can use publisher first-party data at scale,” CafeMedia co-founder and EVP Paul Bannister says in an opinion article appearing on the AdExchanger website this week.

Bannister says such “first-party” data has to be available in large-enough interest segments to be an appealing buy for advertisers. “Publisher first-party data cross a handful of publishers isn’t useful to many buyers and if buyers can’t get the size of segments they’re accustomed to, they’ll buy with other tools or in other channels.” He also says the standard descriptive categories of user data — so called “taxonomies” — need to be broadly adopted and more extensive than those offered presently by the Interactive Advertising Bureau. 

Significant coordination around standards, governance and technology is needed, he says, otherwise “targeting on the open web will be less useful than in the walled gardens and the open web will continue to lose ground to the platforms.”  Collaboration is required, he says.









Ad tracking, cookies and risk: Legal webinar April 15

The law firm Hogan Lovells and consulting firm Ankura is holding a webinar on April 15, about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. They plan to cover tracking technology legal and regulatory challenges, best practices, and the future of cookies. 

Webinar: AdTech and Privacy: Managing Risk in a Complex and Evolving Digital Economy

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


If you let your web browser signal “Do Not Sell,” is that unconstitutional? U.S. ad industry says ‘yes.’

“The revised proposed rules require businesses that collect personal information from consumers online to treat user-enabled global controls, such as a browser plugin or setting, device setting, or other mechanism that purports to carry signals of the consumer’s choice to opt out of the sale of personal information, as a valid request submitted for that browser, device, or consumer. This requirement exceeds the scope of the OAG [California attorney general’s] authority to regulate pursuant to the CCPA, runs afoul of free-speech rights inherent in the United States Constitution, and impedes consumers of the ability to exercise granular choices in the marketplace. For these reasons, we ask the OAG to remove this requirement, or, at a minimum, to give businesses the option to honor such controls or decline to honor such settings if the business offers another, equally effective method for consumers to opt out of personal information sale.”

– Excerpted from March 27, 2020 letter to California’s attorney general from six major U.S. advertising trade organizations objecting to draft regulations implementing the California Consumer Privacy Act (CCPA), which takes effect July 1. 


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp