PRIVACY BEAT: Does new Dutch data suggest publishers can make more money dropping “creepy” third-party tracked advertising?

Privacy Beat

Your weekly privacy news update.


Crossing the chasm? Dutch broadcaster’s data suggests moving from “creepy” third-party tracking to context-based advertising can immediately increase revenue

One of the staunchest critics of so-called “creepy” advertising technology that relies upon third-party cookie tracking is calling attention to results from the Dutch public-broadcasting system which posted dramatic increases in advertising revenues after a January decision to stop such tracking-based advertising.

The findings could suggest that an assumption by publishers or broadcasters that they would suffer equally dramatic revenue losses by abandoning tracking-based advertising may not be correct. The data were released to Ryan after months of collaboration with Ster, the government sanctioned entity that manages most advertising sales and placement on Dutch radio and TV outlets of Nederlandse Publieke Omroep (NPO), across both news and entertainment.

“These data from MPO are very significant,” says Johnny Ryan, chief policy officer at the web-browser maker Brave Inc. “Because it is not theoretical, it is real and it shows actually what happens if you remove third parties.”  DPO reported ad-revenue gains even during the height of the Dutch experience with COVID-19, Ryan said in a discussion with Privacy Beat.

Ryan has led challenges to Google and Facebook’s approach to programmatic advertising in Europe, and is critical of the Interactive Advertising Bureau and IAB Lab, which he feels are dominated by the platforms and by ad-tech firms (although its membership includes publishers, brands and others).

Asked how IAB might rebut the Dutch findings, Ryan replied: “I’m not sure how you can rebut this. Ad tech has consistently tried to position itself as the publisher’s ally and if a major publisher is saying, ‘We got rid of your stuff and we’re now making 60-70-80 percent more money as a direct result?’ I don’t know.”


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Enforcement drama starts for CCPA as ad industry re-asserts constitutional flaw in browser “do not sell”; Google and FB both offer ‘guidance’ to ad partners

The policy and legal drama around the California Consumer Privacy Act (CCPA) escalated this week after the state’s attorney general, Xavier Becerra, put users of personal data — Google, Facebook and thousands of other companies — on notice that he is now in enforcement mode. Meanwhile, lobbying gets underway for the November ballot’s “California Privacy Rights Act.”

Google and Facebook both offered guidance to advertising partners and an option to restrict personal data use in a way that would protect the platforms from violating the law. Facebook’s initiative is something called a “Limited Date Use” feature which it said would default to stopping some user-data processing for at least the month of July — only for California residents, however.  Both platforms have to be concerned about the way in which they collect data, lawyers say.

The most important looming CCPR enforcement fight — whether a “Do Not Sell My Data” signal sent by a user’s web browser must be followed, and if it is constitutional. The biggest definitional uncertainty? What is a sale? 

The U.S. advertising industry, which fears financial disruption of the ad-tech ecosystem from the law’s requirements, pleaded in a letter  (TEXT) last week to California Gov. Gaven Newsom to intervene and delay another six months enforcement of the CCPA. The Association of National Advertisers (ANA)  asserts the law threatens loyalty programs and raises constitutional questions. ANA says the law should not be interpreted to require  users’ browser-software-managed “do not sell my data” requests to be honored, nor honored globally.

Justin Brookman, of Consumer Reports, called the constitutional arguments “flimsy.”

The state’s response? A statement on Wednesday from Attorney General Xavier Becerra saying, he had begun enforcement, likely in the form initially of 30-day warning letters to websites not in compliance. “The website of every business covered by the law must now post a link on its homepage that says ‘Do Not Sell My Personal Information’ ” Becerra said, adding: “Click on it. Remember, it’s your data. You now get to control how it’s used or sold.”

Dan Clarke, president at data-privacy compliance platform company IntraEdge, told he expected quick actions from Becerra’s office “especially against those who are flagrantly non-compliant.”

Analysis by reporters experienced in the law’s gestation pointed out that it puts the principle burden of enforcement on Becerra’s office rather than on private lawsuits to enforce all but “data breach” aspects of the landmark data-privacy law.



Reuters account asserts Google would cut off publishers who try to stop it from pursuing its user-data collection

A Reuters story this week said the wire service had exclusively learned that Google is seeking to stymie European publishers’ efforts to interview with Google’s user-data collection. Google is threatening to cut those publishers out of Google’s ad-tech ecosystem, wrote Reuters reporter Paresh Dave.

Publishers had expected to use data privacy measures going into effect Aug. 15 to bar Google from storing insights about readers, Dave wrote in the June 30 dispatch. He continued: “But Google said it will cut off publishers from a lucrative flow of ads if they follow through with curbing its data collection.” The story said the previously undisclosed negotiations are continuing.



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

Can a website under GDPR block access to a website just because a user refuses to accept “cookies”?

Can a website under GDPR block access to a website just because a user refuses to accept “cookies”?

A nuance in a June 19 French legal decision affirming a 50M Euro fine against Google LLC appears significant. The nuance is contained in followup public advice from the French National Commission for Data Protection (CNIL). It was a 2019 decision of the CNIL which was fundamentally affirmed by the highest French legal authority, the Council of State, the CNIL said on June 29. 

But the CNIL is also noting one point:  It says the Council of State’s decision rejected the CNIL interpretation that a “cookie wall” is automatically a violation of the EU’s General Data Protection Regulation (GDPR). The CNIL authority had argued that if a website says, in effect, “accept tracking cookies or you can’t use this site,” that was a GDPR violation. But the CNIL authority says the Council of State declined to uphold that interpretation.

Interpretation of the Council of State’s decision apparently appeared unambiguous to ad tech and publishing interests, based on the reporting of Allision Schiff in a June 23 AdExchange story, headlined: “The CNIL can’t legally forbid cookie walls under GDPR.”



Lawyer sees end of third-party cookie as elevating first-party data and content-contextual marketing

The “death” of the third-party cookie may spur a movement toward a university personal ID that can be used by any marketer, according to a legal expert on privacy and ad technology.  Theodore F. Claypoole writes in his online blog, that future marketing will focus on trying to reach a specific user across all of her devices. “Whoever has access to first-party data will continue to thrive,” Claypoole writes. “Loyal audiences will command a premium.”  He says machine learning will be used to on such first-party data (willingly provided by the consumer) “to understand their needs and desires in a way that supports traditional marketing tools.”  That might include marketing based on the keyword context of the pages you are looking at.  “The cookie may crumble, but advertisers will still eat.”

Claypoole, at the Atlanta law firm of Womble Bond Dickinson (US) LLP,  is a former Bank of America and CompuServe technology counsel. He chaired the Cyberspace Law Committee of the American Bar Association.





Internet users dimly aware of data-tracking types and mostly unwilling to give up personal data when asked

A report of consumer opinions about privacy finds that very few are willing to give up personal data despite not having a solid grasp on what constitutes their digital identity. The report from the multifactor authentication provider Okta found that internet users were generally only aware of six out of the 13 types of data tracked online, with very few realizing music listened to online, videos watched, and social media posts were often recorded and tracked as part of their digital identity. The survey also found that a vast number of Americans don’t believe that they’re being tracked to the extent that they are. 78% don’t think that consumer hardware companies (Apple, Fitbit, etc.) are tracking their biometric or location data, and 75% don’t think that streaming services collect information about their media consumption habits. Despite generally not understanding the nature of online privacy, most people are also unwilling to surrender their personal data, even in the face of a threat like COVID-19.”

– Excerpt from a story by reporter Brandon Vigliarolo at TechRepublic summarizing findings of a consumer survey by identity-service vendor Okta, in its survey, “The Cost of Privacy: Reporting on the State of Digital Identity in 2020.”   Key finding; “Our survey suggests that consumers around the world have only a vague understanding of how much of their data is being tracked, where, when, and by which organizations. But despite this lack of awareness, they’re largely uncomfortable with the idea of companies collecting and selling their data, even when it comes to benevolent causes like tracking the spread of the COVID-19 pandemic.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp