|
IDENTITY AND PRIVACY
Companies said to be spending ‘hundreds of millions’ to replace the third-party cookie for controlling user data — but no consensus yet on platform, browser or public
Who should control user identity on the web — those elements of a person’s interests and attributes, some of which may be considered deeply private? Should it be tech platforms, web browsers, “fiduciaries” or users themselves? Companies are spending tens of millions to be part of the answer, one insider says.
The IAB TechLab, a nonprofit standards-development organization for publishers, ad-tech and web platforms, was in the running, with its “DigiTrust” shared-identity solution. But it threw in the towel this week (see story, below).
“LiveRamp is working on this, The Trade Desk is working on this. Everyone says the cookie is going to go away,” Mark Dye, chief strategy officer at Bombara (and a LiveRamp advisor) said this week during a recorded BPA Worldwide webinar. “The cookie is going to get replaced with something. We’re trying to figure out what that something is. So don’t be deluded into thinking the third-party cookie goes away and this whole thing gets solved. Because there are companies spending hundreds of millions of dollars to figure out what replaces the cookie. So there will be something.”
The competition is heating up, but so far the solutions comprise a confusing array of current practice, new ideas and entrants. (See: Google Experiments Hint At Cookie-Free Future | Martin Kihn, via AdExchanger) In the broadest sense there are at least three general possibilities:
-
For the most part, user identity is now controlled opaquely by a plurality of advertising, ad-tech, apps, social media or other technology platforms.
-
In public discussions facilitated by the World Wide Web Consortium (W3C) and elsewhere, web-browser software makers are discussing how their technology can control user-identity data collection and settings — in collaboration with or transparently to the user.
-
So far in mostly the idea category is user identity and data controlled by the user, either on their device, or in partnership with a “information fiduciary” such as a publisher or affinity group.
THIS STORY CONTINUES…
PRIVACY, IDENTITY AND AD TECH
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
Ad-tech trade group throws in towel on effort to control universal ID, but keeps consensus-building process going
Trade publications reported this week on the announcement by the IAB Tech Lab that it will sunset “DigiTrust” — its entry into the universal, shared-ID tech race, effective July 31. The decision came six months after it appeared the cookie-based effort was going to be blocked by at least one major web browser, Mozilla.
“DigiTrust’s initial aim was to encourage ad-tech providers, along with publishers, to align around tech requirements to produce a “pseudonymous consumer ID“—albeit cookie-based—that multiple parties could use, provided they agree to respect a consumer’s privacy choices,” AdWeek reporter Ronan Shields, wrote in his DigiTrust demise account.
“…[A]any service that relies on third-party cookies—including DigiTrust and other standardized cookie approaches—have a limited lifespan of utility,” DigiTrust’s Jordan Mitchell and Benjamin Dick wrote in a blog post about the change entitled “DigiTrust — the Final Chapter.”
At Exchange Wire, reporter Grace Dillon wrote that DigiTrust “was set up to allow SSPs and publishers to consolidate their cookies with DSPs in order to enhance targeting.” She said IAB Tech Lab’s “Project Rearc” — a “global call to action” would now help create a new privacy-aware ad-serving infrastructure. “However,” she wrote, “some believe that Rearc comes too late, and will not be enough to weather the post-cookie landscape.”
Concluded James Hercher, writing at AdExchanger.com: “While it made sense for DigiTrust to exist within a neutral industry trade group, the clock has been ticking since Chrome announced it would deprecate third-party cookies in 2022.”
NEWS PRIVACY AND POLICY
|
|
|
Business publishers complaint to ad-tech: We own user data we put in bidstream ecosystem — stop using it to assemble your own audience data for free
Who owns the data that a publishers sends about users into the ad-tech real-time bidding ecosystem? The largest association of business publishers say they do — and they want ad-tech and advertisers to stop using it without their permission.
Two executives of the nonprofit BPA Worldwide trade group and three guests explored the topic during a webinar this week, entitled: “Data Leakage, Bitstream and the Demise of the Third Party Cookie.” Their argument — if a publisher submits an advertising position on its web page into the programmatic “bidstream,” should hundred of ad-tech companies and advertisers who “see” that data be able to save it for their own purposes?
“If you loan me your car so I can run an errand, you don’t expect that I’m going to be renting out my car to other people,” argued Scott Roulet, BPA’s VP, programmatic advertising. “You may not explicitly state it, but if I do so that violates the spirit of the agreement.” Roulet said BPA’s goal is to create awareness of the issue, “so we can have an industry discussion that ultimately hopes to define, in a collaborative way, standards so everyone understands the rules of engagement and how data and various digital assets are being used.”
RELATED LINKS:
|
|
Harvard researcher’s book seeks Facebook, Google breakup on privacy and democracy grounds; privacy activists support new law and “microtargetting” ad ban
In a book released this week, an academic dialogue, and in a letter to Congress, a Harvard University web researcher argues the advertising and data business models of Facebook and Google harm democracy and diminish individual rights to data and privacy.
The companies should be dismembered by antitrust enforcement, says Dipayan Ghosh, the Harvard research who is a former Facebook staffer and policy advisor to the Obama White House. He now runs the Digital Platforms and Democracy Project at Harvard and is author of the book, “Terms of Disservice; How Silicon Valley is Destructive by Design.”
Ghosh, along with a virtual who’s who of privacy advocates — individuals, academics and organizations — were cited by U.S. Rep. Anna G. Eshoo, D-Calif., as supporting a bill she’s filed that would ban demographic “microtargeting” of political advertisements by Internet platforms and others.
Meanwhile, a white paper funded by a project of the nonprofit New America Foundation, entitled: “Getting to the Source of Infodemics: It’s the Business Model,” argues the surveillance business model is a challenge to democracy. In a report summary, authors Nathalie Marechal and Ellery Roberts of Ranking Digital Rights call for federal privacy law to protect people from harmful effects of targeted advertising, giving users clear control over transparent collection and sharing of information, and “prohibiting the use of third-party data to target specific individuals.”
Esho introduced H.R. 7014 on May 26 (read bill summary). It applies to candidate and non-candidate microtargeting, and to social media sites, streaming services and ad networks; it prohibits completely targeting ads based on demographics or behavioral data; it has a private right of action; violations are enforced by the U.S. Federal Election Commission and the private right of action. However, it also allows microtargeting if a user gives “express affirmative consent,” such as by checking a box, and continues to allow targeting of ads based on where the recipient is geographically located. The bill appears to have some bipartisan support so has a chance of passage.
In addition to the book and statement to Congress, Ghosh was also part this week of a series of written dialogues hosted by the Columbia Journalism Review (CJR) about algorithms, competition, privacy, protest and policy violence. “I think, on all counts, we need to transfer power from the corporate to the user. Privacy, market competition, data portability, technical interoperability, algorithmic transparency — I believe these policies are the start of what will ultimately be a more sophisticated regulatory regime from top to bottom,” Ghosh wrote in one of the CJR sessions.
REGULATING PRIVACY
PLATFORMS, PRIVACY and SECTION 230
-
Facebook to share privacy report to new board committee, FTC | Neha Malara, Reuters
-
Exclusive: Massive spying on users of Google’s Chrome shows new security weakness | Joseph Menn, Reuters
-
Google Chrome users may have been impacted by a massive spying campaign, report says | Rishi Iyengar, CNN
-
Commissioner Starks Remarks on Section 230 | Benton Institute for Broadband & Society
-
Justice Department Issues Recommendations for Section 230 Reform | Benton Institute for Broadband & Society
-
Justice Department Issues Recommendations for Section 230 Reform | OPA, Department of Justice
-
Justice Dept. Urges Rolling Back Legal Shield for Tech Companies | The New York Times
-
DOJ proposes crackdown on tech industry’s legal shield | Leah Nylen, Betsy Woodruff Swan and Cristiano Lima, Politico
-
DOJ to propose changes to Section 230 Internet protections | Tony Romm, The Washington Post
-
Amazon Said to Be Under Scrutiny in 2 States for Abuse of Power | Karen Weise and David McCabe, New York Times
-
House tech investigation seeks CEO testimony in July | Margaret Harding McGill, Axios
|
|
CCPA — WEEK TWENTY-FIVE
Awaiting status of CPRA ballot bid; websites must now acknowledge browser “Do Not Share” signals,
There’s a cliffhanger in California as a state court suit seeks to make sure a bureaucratic delay doesn’t prevent these state’s voters from having another change to enact digital privacy safeguards by November ballot petition. Meanwhile, it’s pretty clear the state’s attorney general thinks the California Consumer Privacy Act (CCPA) requires that websites now must respond to a “Do Not Share” signal sent by a user’s web-browser software.
The AG’s office said it had studied public comments on its draft CCPA regulations and concluded that “[t]he regulation is thus necessary to prevent businesses or ignoring consumer tools related to their CCPA rights and, specifically, the exercise of the consumer’s right to opt-out of the sale of personal information.” (for this language, see Page 38).
CCPA RELATED LINKS
-
Final proposed CCPA privacy regs require businesses to honor global DNT opt-outs | Wendy Davis, via Twitter
-
CCPA final regulations submitted, including a hint of what is on the horizon in California | Gregory Krabacher and Jeff Knight, Bricker & Eckler LLP
-
California Senate Proposes Amendment to CCPA to Address De-Identification and Information Used for Research and Public Health Purposes | Privacy & Information Security Law Blog
-
At Calif. hearing, critics question CPRA’s timing | Angelique Carson, IAPP Blog
-
Mactaggart Petitions State Court to Prevent the California Privacy Rights Act from Being Excluded from November’s Ballot | Alston & Bird, JDSupra
-
All the Time and Money on California’s New Privacy Law Wasted? | Eriq Gardner, Hollywood Reporter
-
CCPA testers provide important insights into the landmark privacy law | Maureen Mahoney, Consumer Reports
-
California AG Suggests Additional CCPA Regulations May be Needed | Odia Kagan, Fox Rothschild LLP
-
CCPA Regulations: Is a Loyalty Program a Financial Incentive? | Privacy Compliance & Data Security
-
BACKGROUND: California’s New Privacy Law Matters No Matter Where You Live | Thomas Smith, Gado Images via Medium.com
-
BUSINESS: CCPA Fast Track | OneTrust
PANDEMIC AND PRIVACY
-
More than 7 in 10 Americans won’t use contact-tracing apps, data shows | Jonathan Gitlin, Ars Technica
-
Pandemic accelerated states’ identity and access management projects | Colin Wood, StateScoop
-
Dangers of blockchain-enabled COVID-19 immunity passports | Elizabeth Renieris, Sherri Bucher, Christian Smith, Berkman Klein Center at Harvard
-
Norway pulls its coronavirus contacts-tracing app after privacy watchdog’s warning | Natasha Lomas, TechCrunch
-
We Need To Sort Out The Privacy Issues With Contact Tracing Apps If We Are Going To Bring The Pandemic Under Control | Enrique Dans, Forbes
-
German coronavirus tracing app downloaded 6.5 million times | Douglas Busvine, Reuters
-
Gulf states using COVID-19 contact tracing apps as mass surveillance tools, report says | Nick Statt, The Verge
PRIVACY BUSINESS
GDPR AND PRIVACY
PERSONAL PRIVACY
PRIVACY AND PROTEST
EVENTS UPCOMING
|
|
QUOTE OF THE WEEK
Facebook’s succeeds by managing user identity — when will publishers learn to do the same?
“Facebook has built a business on capturing the attention of people who use the social network to stay in touch with others, who basically provide content for free. Last year, the company started to pay publishers for content that appears in its Facebook News section, but the money is unlikely to replace all the ad revenue they’ve lost over the years. Facebook’s key strength has been its requirement that people use their real identities to set up an account, and collecting vast amounts of information about their activities to help with ad targeting. However, its biggest weakness is that user-generated content can be inflammatory, hurtful and divisive. The company has a mixed record of removing objectionable content, while also wavering between espousing free speech or blocking it. Publishers have enormous advantages in providing brand-safe, value-added content to self-selecting audiences, and it’s those characteristics that need to be central in their marketing efforts. Instead of seeking state-ordered subsidies, publishers need to respond to the threat of digital ad giants by gathering more information about their readers.”
– Excerpt from “Facebook Doesn’t Need News Content to Survive,” a June 16 opinion column at MediaPost.com by contributing editor and former Bloomberg L.P. editor Rob Williams.
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|