PRIVACY BEAT: FTC asked to investigate “bidstream” practices; ad industry sets a table for collaboration

Privacy Beat

Your weekly privacy news update.


Ten Congress members ask FTC to investigate alleged ad-tech privacy violations in use of “bidstream” data

Ten members of the U.S. Congress, including most influential Democrats on tech and privacy issues, have urged the Federal Trade Commission to investigate alleged ad-tech privacy violations through the application of cookies and Real Time Bidding (RTB).  The call came in a July 31 letter made public by Sen. Ron Wyden, D-Oregon. Also signing the letter was Sen. Bill Cassidy, R-La.

“Few Amerians realize that companies are siphoning off and storing that ‘bidstream’ data to compile exhaustive dossiers about them,” says the letter. 

The FTC did not respond to a Privacy Beat request for comment.

“For each ad,” the letter says, “an auction takes place milliseconds before it is shown in an app or browser. The hundreds of participants in these auctions receive sensitive information about the potential recipient of the ad — device identifiers and cookies, location data, IP addresses, and unique demographic and biometric information such as age and gender.” 

PB COMMENT: The letter about so-called “bidstream” data appears to parallel many of the claims made by privacy advocate Johnny Ryan, as well as Brian O’Kelley, one of the inventors of the Real Time Bidding system.  The idea of industry-self regulation or technology limiting the “illegal” use of such data has been broached by Randall Rothenberg, president of the Interactive Advertising Bureau.  

It’s not clear what “illegal” means. Could the IAB adopt rules of membership that would forbid the caching and/or use of bidstream data acquired by a losing RTB bidder? Could the IAB then devise some method of monitoring behavior so that the sanction of losing IAB membership status would have teeth?



Squeezed by Google, browsers, and ad-tech, brands seek balance between “addressability” and privacy; where are publishers, public in governing mix?  

Squeezed by the initiatives of Google, browser makers, lawmakers and the ad-tech industry, major advertisers are now setting the table to try and look for a balance between targeting and privacy.   The vehicle is called the “Partnership for Responsible Addressable Media” and it was announced this week

Bill Tucker, who is Group EVP leading the Data, Technology, and Measurement Practices at the Association of National Advertisers (ANA),  will serve as the partnership’s executive director.  It has established initial principles. (See Quote of the Week, below).

The “governing group” list includes a lone publisher, NBCUniversal, among collaborators, and nobody representing consumers per se.  Also not part of the group yet — Google and Apple, the two biggest browser makers.  

Included, however, are four major advertising-industry trade groups, two ad-agencies (including Publicis Media), four of the biggest ad-tech companies (Adobe, LiveRamp, MediaMath, The Trade Desk) and five brands (Ford, General Motors, IBM, Procter & Gamble, Unilever).  Not listed is the American Advertising Federation, or the influential “4A’s” — the American Association of Advertising Agencies.

Google has said that its Chrome browser will block third-party cookies for ad tracking within two years.

  • Chrome, Mozilla, Safari, Brave and Edge browsers, talking via the World Wide Web Consortium (W3C) have initiatives deployed or in the works which to varying degrees will block the tools of ad-tech that have allowed opaque tracking and profile-buildling of users.
  • In Washington, six U.S. senators and four congressmen have asked the Federal Trade Commission to launch an investigation of ad tech for privacy violations (see story, above)
  • The IAB Tech Lab, which is backed in part by some publishers and advertisers, but mostly by ad-tech vendors, is pushing its “Project Rearc” initiative to replace the third-party cookie.  However, it dropped its “DigiTrust” initiative and says it is now part of the new partnership



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

Brave’s Johnny Ryan moves to Open Markets Institute and Irish NGO; to continue privacy, journalism advocacy 

Johnny Ryan, the Dublin-based ex-journalist and privacy activist who claims programmatic real-time bidding for advertising is incompatible with EU law, is becoming a senior fellow at the Washington, D.C.-based Open Markets Institute and its Center for Journalism & Liberty.  Ryan, who is leaving Brave, the browser maker, will also work with the Irish Council for Civil Liberties.

In his new roles, Ryan says he will focus exclusively on:

  • Uncovering and challenging data misuse, particularly by ‘big tech’ and ‘adtech’ that jeopardize privacy and data protection rights, undermine the business of journalism, and prevent innovation from nascent competitors.
  • Holding enforcers responsible to account where they have failed to act.




Image credit: Digital News Report 2019, Reuters Institute for the Study of Journalism, University of Oxford 


Scroll founder Tony Haile urges local publishers to bundle subscriptions to compete with NY  Times; what about a collaboration  via LMC-ITEGA? 

Tony Haile, the founder of the ubiquitous Chartbeat content-measurement service has been pushing his new enterprise, Scroll, for a couple of years and has now launched it.  A consumer can enroll with Scroll for $5/month and get advertising-free access to a bundle of news services.   Now Haile has written an argument on the Columbia Journalism Review website for why local-news organizations should band together with a subscription package — as a way of competing with The New York Times

At the same time, The Times has been saying it wants to find ways to help sustain journalism at the grassroots, it is just looking for a way to do so.  So why not figure out a way for those two aims to be collaborative, not competitive?  (DISCLOSURE: The Information Trust Exchange, sponsor of Privacy  Beat, has been working with LMC sports initiative  the Local Media Consortium on a federated Single Sign On service to do just that. It would permit a user to have one account from their chosen news organization (The Times or smaller entities) and provide access to a network of services).  The LMC has started in on the idea with sports.)  




Vidakovic explains how Google will shut off cookies and tracking absent consent of European Union users 

Ratko Vidakovic, of AdProfs Inc., always does a great job of putting ad-tech permutations in plain English and in his email newsletter this week he did just that to explain how Google is going to start on Aug. 15 handling programmatic advertising with the European Union’s strict privacy rules.   Here’s what he writes, based in part on a reading of Google’s blog on the subject. 

He notes that the change comes as Google integrates with the standard Interactive Advertising Bureau’s “Transparency and Consent Framework (TCF)”.   Writes Vidakovic.  The core issue — what happens if an end user doesn’t want to be tracked? 

Vidakovic writes: “If users don’t give permission for Purpose 1 (‘store and/or access information on a device’), which is required for publishers and ad tech vendors to use cookies, Google will ‘drop the ad request and no ads will be served’ . . . ”   Vidakovic continues: “If users don’t give permission for Google to profile them (Purpose 3), publishers will only get non-personalized ads from Google, and any bid requests or cookie syncing with any third-party vendor will be denied.”

Sign up for Vidakovic’s weekly ad-tech blog from here.



Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


Oxford researchers’ look at 830 sites finds biggest funding source of COVID-19 ‘fake’ news — Google

Who is the major source of funding for fake-news about COVID?  Google, according to a study by four Oxford University researchers. 

“The overwhelming majority of junk news and disinformation domains rely on major advertising platforms to monetize their pages and 61 percent of junk news & disinformation sources used Google ads,” they write in the white paper, Follow the Money: How Online Advertising Ecosystem Funds COVID-19 Junk News and Disinformation, published by the Oxford Internet Institute’s Computational Propaganda Project. 

The study looked at 830 sources of news and information reporting on COVID-19.  The interdisciplinary team of social and information scientists researching how political actors manipulate public opinion over social networks includes Emily Taylor, Lisa-Maria Nuedert, Stacie Hoffmann and Philip N. Howard. 

Other key findings:

  • The top junk news & disinformation sources achieve outstandingly high key SEO factors and are slightly better optimised for distribution on search and social media.
  • Major high-prestige, high-trust sites inadvertently boost junks news & disinformation promoting their online reputation and visibility. 

There is an eight-page report and a graphical supplement to their work. 





TEXT: Ad industry “partnership” principles propose system which still allows targetting but with privacy in mind 

Below is the text of the six “initial principles” proposed this week by the Partnership for Responsible Addressable Media” in the announcement of its formation.   (See blog entry, above) 

  1. Consumer privacy should remain a foundational pillar of the solution by providing consumers with meaningful transparency and controls, giving the marketplace the tools to understand consumer preferences and the ability to abide by those preferences.
  2. Consumers should have access to diverse and competitive content offerings, supported by their choices to engage with digital advertising in exchange for content and services.
  3. Business operations, including ad targeting, ad delivery, frequency capping, campaign management, analytics, cross-channel deployment, optimization, and attribution should be sufficiently supported and improved upon through better technological and policy standards for all critical use cases.
  4. Solutions should be standardized and interoperable for consumers and businesses across browsers, devices, and platforms, subject to applicable privacy laws and guidelines and to the extent it is reasonably technically feasible, efficient, effective, and improved over existing technology.
  5. All browsers, devices, and platforms should allow equal access, free from unreasonable interference, to the new solutions.
  6. Companies that utilize the resulting solutions should follow industry and legal privacy standards, with strong accountability and enforcement for those that violate the standards.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp