PRIVACY BEAT: Advertisers seek “universal” identity in appeal to Apple; technologists debate privacy vs. personalization at W3C

Privacy Beat

Your weekly privacy news update.


Advertisers seek open, ‘universal’ ID solution in letter to Apple; urgently seek summit 


The U.S. advertising industry, fearing proprietary browser or system-based solutions imposed by Google or Apple, may be stepping up to the task of brokering a “universal solution” for managing web user identity, according to an “open letter” addressed this week to Apple CEO Tim Cook. 

“We would like to invite you to join us in this effort, so we can work together to develop an effective universal solution that extends across the entire ecosystem, not just to Apple-owned products and platforms,” says a key section of the letter, which states earlier: “ . . . [W]e believe it is vital to avoid the emerging structural risk from a patchwork of conflicting policies around addressability being implemented by a handful of companies that control browsers and operating systems.”

The letter says it is imperative that Apple, advertisers and publishers meet soon, and seek a productive dialogue that “will ensure privacy and preserve the robust ad-supported digital marketplace.”  One article about the dispute was headlined: “Open letter to Apple from ad industry: “Help us create a universal ID solution.”

“Addressability” is the world ad-tech has adopted to describe the current system of targeting individual web users with specific advertisements using “Real Time Bidding” technology and third-party cookies.  Six advertising associates formed in August the Partnership for Responsible Addressable Media (PRAM). This so-called “programmatic” approach to advertising — putting ads in front of web users wherever they show up —  is in contrast to the pre-digital-age practice of “contextual” targeting consumers via the media they read, listened to or viewed — a system favored by publishers because it makes their “platforms” important..

The Apple letter, dated Sept. 14, arrives in the following context: 

Apple announced it would require all users to “opt-in” to being tracked via an IDFA identifier in the version of its mobile operating system now being deployed — iOS14.  The identifier is now used by follow individuals across multiple sites and apps.

  • Facebook went public objecting to the iOS14 privacy mandate, saying it would dramatically devalue most advertising it managed on Apple devices. 
  • Apple then backed off, saying the “opt-in” requirement wouldn’t be deployed until sometime in 2020.
  • One ad-industry outfit, the IAB Tech Lab, mountained its own universal-ID effort called DigiTrust, but shuttered in over the summer, choosing to work with PRAM.  Jordan Mitchell, running the lab’s ProjectRearc, spoke about the situation in an interview.
  • Meanwhile, Apple, Google, Mozilla and Microsoft — but principally Apple and Google — are among browser software makers who are talking about several proposals in public meetings via the World Wide Web Consortium (W3C).  The proposals take various approaches to eliminating or radically curtailing the use of browser “cookie”  files to track web users from site to site.

At the heart of the escalating dispute is finding a way to assure consumers control over the use of their personal data for targeting (or not), and the desire of advertisers and publishers to reach consumers and indirectly fund services with ad dollars — rather than being forced to charge by subscription or item. 

Says the letter:  “Without immediate engagement in cross-industry dialogue, we believe the proposed changes could have a negative impact on both consumers and businesses, as iPhone and iPad users risk losing access to many popular ad-funded apps, news organizations and other publishers are starved of a vital source of revenue during the current economic crisis, vibrant, ad-supported innovation and competition withers, and critical functionality grinds to a halt across the advertising supply chain.” 



Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

One vendor’s data finds just 13 CCPA requests out of a million records on average; at $1,406 to process? 

If you are wondering how many people are taking advantage of the California Consumer Privacy Act (CCPA), and for what purposes, some initial data reported by a privacy-compliance company is revealing. Their answer — not many, but those that do primarily want to stop the sale of their data. 

DataGrail is a CCPA automation company that helps to fulfill “Data Subject Requests” enabled  by CCPA. In a Sept. 15 report, they say DSRs have stabilized among their clients at 13 DSRs per one million records per month. Of those 13 people, 48% instruct the web data site not to sell their data, 31% ask for their data to be deleted and 21% want access to the data collected about them, DataGrail says. 

The company also reported that about 40% of the requests overall are not ultimately verified as to the identity of the requestor.  “Fraud is a top concern for organizations who process DSRs,” DataGrail’s Alicia Divittorio’s report says. “No organization wants to send personal information to the wrong person or someone who might be impersonating one of their customers.” 

Devittorio quotes research by the Gartner Group showing that manually processing a single DSR costs on average $1,406. Presumably DataGrail charges less. 





Left-leaning think tank’s survey finds significant bipartisan support for curbing big-tech power 

Two-thirds (65%) of respondents in a national survey say big-tech economic power is a problem facing the U.S. economy and 48% think the government should do something about Internet domination by a “handful of corporations.” (POLL DATA)

Over all, three-quarters of Americans phone surveyed for Data for Progress, a progressive non-profit think tank, were concerned about monopolies in the U.S. economy generally.

The professional survey of 1,212 respondents conducted Sept. 11-13 was weighted to be representative of likely voters with a statistical error margin of plus-minus 2.8%. It found relatively little differences across political party affiliation, but younger and lesser-educated respondents generally seem less concerned with monopolies. 

Fifty-three percent of respondents felt Google should not advance its own products, 56% said the government should do more to break-up Big Tech monopolies and 70% said big-tech companies “have too much political power.”




Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

A reasoned dispute over privacy vs. advertising plays out among technologists during W3C virtual meeting 

A reasoned dispute over privacy vs. advertising plays out among technologists during W3C virtual meeting 

Engineers from Google, Apple, Facebook and ad-tech companies waxed philosophical about the tension between privacy and advertising revenue during a quarterly half-day virtual meeting of the World Wide Web Consortium (W3C) Privacy Community Group this week, according to public minutes of the meeting. 

The thoughtful exchange began when Apple’s John Wilander said the company only wants to support, in its Safari browser, cross-site data for “measurement” not for optimizing personalized [targeting] advertising.  “This is why we are having a hard time aligning,” he said. 

His and other remarks prompted Facebook’s Ben Savage to ask what was the rationale for Apple’s position, since Facebook research showed the loss of “personalization ranking destroyed monetization (down 50%) even if all measurement is permitted.” 

Mozilla’s Tanvi Vyas responded: “The downside is that you can target people, manipulate them, in ways that compromise democracy, in ways where you realize things about people that is more than they know about themselves.”   

“Agreed,” said Apple’s Wilander. “News bubbles, radicalization, anti-vaxers, etc.” 

“We’re not comfortable with that 50% revenue loss number,” added Aram Zucker-Scharf, who works at The Washington Post.  

CafeMedia’s Paul Bannister then chimed in supporting Savage’s view, adding: “I’m worried about the same things that John and Tanvi mentioned, but a web that’s dead is bad also. Can we find a happy medium? Avoid radicalization and risk to democracy, but still let sites make revenue?” 





Antitrust author Matt Stoler uses Twitter to skewer Google exec’s comments to U.S. Senate committee hearing  

“[Sen.] Blumenthal is asking if Google grabs newspaper data and then targets readers over those newspapers elsewhere with ads, undercutting them using their own data. Google’s Donald Harrison responds by saying the sole goal is to help publishers make money. “There is no conflict there.”

  • Matt Stoler, author, Tweeting about U.S. Senate testimony by a Google executive in response to a question about first-party user data being used to target ads all over the web 

Facebook technologist Ben Savage offers rationale for why personal targeting of advertising is used 

“Businesses are made out of people; when they run ads, they are just trying to connect with people, find prospective customers. When you’re a person seeing ads: if the ad has no relevance to me, it has no value, I just scroll past it; when I see an ad that has some connection to my life, I find value in that. If I have 100 ad slots on my site, I can show random ads, or more relevant ads. What is the down-side of relevance / of having more successful connections made . . . People like confirmation bias. That part is about people’s choices, people choosing what to consume, and that is not part of display advertising, which is all about selling things. I understand concerns about retargeting ads; as an individual, I really dislike them, I won’t die on that hill. Maybe retargeting is “knows too much”. But totally random ads goes too far the other way. Happy medium, event-level data with lots of noise added, the machine is not going to learn anything about you in particular. But over lots of people, it might lead to better ads.”

  • Ben Savage, Facebook technologist, in public minutes of a Sept. 16 virtual meeting of the World Wide WEb’s Privacy Community Group.


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2020 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp