Advertisers seek open, ‘universal’ ID solution in letter to Apple; urgently seek summit 

The U.S. advertising industry, fearing proprietary browser or system-based solutions imposed by Google or Apple, may be stepping up to the task of brokering a “universal solution” for managing web user identity, according to an “open letter” addressed this week to Apple CEO Tim Cook. 

“We would like to invite you to join us in this effort, so we can work together to develop an effective universal solution that extends across the entire ecosystem, not just to Apple-owned products and platforms,” says a key section of the letter, which states earlier: “ . . . [W]e believe it is vital to avoid the emerging structural risk from a patchwork of conflicting policies around addressability being implemented by a handful of companies that control browsers and operating systems.”

The letter says it is imperative that Apple, advertisers and publishers meet soon, and seek a productive dialogue that “will ensure privacy and preserve the robust ad-supported digital marketplace.”  One article about the dispute was headlined: “Open letter to Apple from ad industry: “Help us create a universal ID solution.”

“Addressability” is the world ad-tech has adopted to describe the current system of targeting individual web users with specific advertisements using “Real Time Bidding” technology and third-party cookies.  Six advertising associates formed in August the Partnership for Responsible Addressable Media (PRAM). This so-called “programmatic” approach to advertising — putting ads in front of web users wherever they show up —  is in contrast to the pre-digital-age practice of “contextual” targeting consumers via the media they read, listened to or viewed — a system favored by publishers because it makes their “platforms” important..

The Apple letter, dated Sept. 14, arrives in the following context: 

Apple announced it would require all users to “opt-in” to being tracked via an IDFA identifier in the version of its mobile operating system now being deployed — iOS14.  The identifier is now used by follow individuals across multiple sites and apps.

• Facebook went public objecting to the iOS14 privacy mandate, saying it would dramatically devalue most advertising it managed on Apple devices. 
   
• Apple then backed off, saying the “opt-in” requirement wouldn’t be deployed until sometime in 2020.
   
• One ad-industry outfit, the IAB Tech Lab, mountained its own universal-ID effort called DigiTrust, but shuttered in over the summer, choosing to work with PRAM.  Jordan Mitchell, running the lab’s ProjectRearc, spoke about the situation in an interview.
   
• Meanwhile, Apple, Google, Mozilla and Microsoft — but principally Apple and Google — are among browser software makers who are talking about several proposals in public meetings via the World Wide Web Consortium (W3C).  The proposals take various approaches to eliminating or radically curtailing the use of browser “cookie”  files to track web users from site to site.

At the heart of the escalating dispute is finding a way to assure consumers control over the use of their personal data for targeting (or not), and the desire of advertisers and publishers to reach consumers and indirectly fund services with ad dollars — rather than being forced to charge by subscription or item. 

Says the letter:  “Without immediate engagement in cross-industry dialogue, we believe the proposed changes could have a negative impact on both consumers and businesses, as iPhone and iPad users risk losing access to many popular ad-funded apps, news organizations and other publishers are starved of a vital source of revenue during the current economic crisis, vibrant, ad-supported innovation and competition withers, and critical functionality grinds to a halt across the advertising supply chain.” 

RELATED LINKS: 

• Open letter to Apple from ad industry: “Help us create a universal ID solution” | Robin, NetImperative.com | (LETTER TEXT) 
• Ad industry extends an olive branch to Apple | Andrew Bluestein & Ronan Shields, AdWeek.com 
• Media orgs said to be “disappointed” with Apple iOS14 opt-in | Ronan Shields & Sara Jerde, AdWeek.com
• Ad industry pleading with Apple over iOS14 privacy plans | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Five  iOS14 and iPadOS14 consumer privacy/security features | Adrian Kingsley-Hughes, ZDNet.com

ADVERTISING TECH 

• IAB’s Jordan Mitchell updates ReArc “standards” thinking | Allison Schiff, AdExchanger.com
• AT&T considers cellphone plans subsidized by ads | Sheila Dang et al., Reuters PLC 
• How Vice is preparing for life after third-party cookie | Lara O’Reilly, DigiDay.com
• OPINION: iOS14 and privacy: What it means for advertisers | Bob Govia, TigerPistol.com
• IBM’s Weather Channel unit claims AI takes over from cookies | Laurie Sullivan, DigitalNewsDaily/MediaPost.com
• Time for publisher first-party data on center stage? | Rachel Parkin, CafeMedia via AdExchanger.com

One vendor’s data finds just 13 CCPA requests out of a million records on average; at $1,406 to process? 

If you are wondering how many people are taking advantage of the California Consumer Privacy Act (CCPA), and for what purposes, some initial data reported by a privacy-compliance company is revealing. Their answer — not many, but those that do primarily want to stop the sale of their data. 

DataGrail is a CCPA automation company that helps to fulfill “Data Subject Requests” enabled  by CCPA. In a Sept. 15 report, they say DSRs have stabilized among their clients at 13 DSRs per one million records per month. Of those 13 people, 48% instruct the web data site not to sell their data, 31% ask for their data to be deleted and 21% want access to the data collected about them, DataGrail says. 

The company also reported that about 40% of the requests overall are not ultimately verified as to the identity of the requestor.  “Fraud is a top concern for organizations who process DSRs,” DataGrail’s Alicia Divittorio’s report says. “No organization wants to send personal information to the wrong person or someone who might be impersonating one of their customers.” 

Devittorio quotes research by the Gartner Group showing that manually processing a single DSR costs on average $1,406. Presumably DataGrail charges less. 

 CALIFORNIA PRIVACY 

• Prop24 endorsed by LA Times editorial board |  LATimes.com
• Yes on Prop 24 campaign announces LA Times endorsement |   Californians for Consumer Privacy, caprivacy.org
• California League of Women Voters webinar includes Prop24 | NewsPress.com (REGISTER) 
• EXPLAINER:  Comparing Prop24 to CCPA | Brandon Reilly & Katherine Bravo, Manatt, Phelps & Phillips LLP 
• ARGUMENT: How Prop24 regulations brokers who sell user data | Californians for Consumer Privacy  
• Delay to 2022 of CCPA in health research on Newsom’s desk | Deepali Doddi & Daniel Gottlieb, McDrmontt Will & Emmery 
• California lawmakers extend CCPA’s dmployee and B2B exemptions | Ariel Yosefi, Herzog Fox & Neeman law firm
• Loyalty programs: A table showing how CCPA applies | David Zetoony, Bryan Cave Leighton Paisner law firm

PERSONAL  PRIVACY

• Companies can track your phone movements to target ads | Sidney Fussell, Wired.com
• China builds 2.4M person database from open sources | Simon Sharwood, TheRegister.com
• Experts call China 2.4M personal database “frightening”; covers US, UK, India, Australia citizens | Gavin Butler, Vice.com

WASHINGTON BEAT 

• Senate committee sets Sept. 23 privacy-law hearing with ex-FTC members | Odia Kagan, Fox Rothschild LLP | (DETAILS)
• Google says it doesn’t monopolize ads; senator’s don’t buy it | Shannon Bond, NPR.org 
• WSJ says FTC preparing Facebook antitrust suit | Brent Kendall, John McKinnon and Ryan Tracy, WSJ.com
• OPINION: Big Tech needs even bigger Digital Privacy regulation – ban data-harvesting | Ray Shaw, GadgetGuy.Advfffcom.au
• Google exec on hot seat in Congress over advertising power | Marcy Gordon, The AP
• Trump campaign app collects “huge amounts of voter data” | Sue Halpern, The NewYorker
• Bug in Biden’s app gave anyone access to millions of voter files | Zack Whittaker, TechCrunch.com
• Internet Society asks FCC to reject Trump’s Section 230 attempt to regulate social media | Wendy Davis, DigitalNewsDaily/MediaPost.com

ANTITRUST

Left-leaning think tank’s survey finds significant bipartisan support for curbing big-tech power 

Two-thirds (65%) of respondents in a national survey say big-tech economic power is a problem facing the U.S. economy and 48% think the government should do something about Internet domination by a “handful of corporations.” (POLL DATA)

Over all, three-quarters of Americans phone surveyed for Data for Progress, a progressive non-profit think tank, were concerned about monopolies in the U.S. economy generally.

The professional survey of 1,212 respondents conducted Sept. 11-13 was weighted to be representative of likely voters with a statistical error margin of plus-minus 2.8%. It found relatively little differences across political party affiliation, but younger and lesser-educated respondents generally seem less concerned with monopolies. 

Fifty-three percent of respondents felt Google should not advance its own products, 56% said the government should do more to break-up Big Tech monopolies and 70% said big-tech companies “have too much political power.”

RELATED

• Poll: majority of Americans concerned about Big Tech’s economic, political power | Leah Nylen, Politico.com
• REVISIT: From Private Bads to Public Goods: Adapting Public Utility Regulation for Informational Infrastructure | Sabeel Rahman & Zephyr Teachout, Columbia-Knight First Amendment Center

STATEHOUSE BEAT

• Massachusetts attorney general creates data-privacy/security enforcement unit | Michael Bertoncini, Jackson Lewis PC
• Utah adopts new policies for facial recognition but law is sought | Ben Winslow, Fox13 Salt Lake City
• Washington State advances GDPR-like privacy legislation | Odia Kagan, Fox Rothschild LLP | (TEXT) 
• Vermont can proceed with Clearview racial recognition suit | Wendy Davis, DigitalNewsDaily/MediaPost.com
• A roundup of U.S. privacy lawsuits | IAPP Daily Dashboard
• Amazon, Microsoft seek dismissal of Illinois biometric suit | Wendy Davis, DigitalNewsDaily/MediaPost.com

EUROPE AND GDPR

• GUIDELINES: What is controller? What is processor? | Yung Sin Van Der Sype & Wim Nauwelaerts, Alston & Bird law firm
• Assessing EU Parliament debate on Schrems-GDPR | Anrijs Simkus & Patrick Van Eecke, Cooley.com
• Irish high court freezes probe into Facebook’s EU-US data flows | Reuters Staff
• Facebook can continue for now to export EU user data, Irish court rules | Noyb.eu 
• Facebook in Irish High Court challenge over transfer of data | Source: rte.ie 
• English Channel island warns on Privacy Shield enforcement | Michelle Watson Bunn, Ogier law firm
• SUMMARY: Law firm experts summarize Schrem reactions to date | Philipp Koehler & Aaron Banki, TaylorWessing 
• Dutch privacy group sues Oracle and Salesforce | Merel van Aar & Ady Nieuwenhuizen, FieldFisher law firm
• Euro regulator publishes guide for social-media targeting; seeks comments | Hunton Andrews Kurth law firm
• Belgian DPA publishes Schrems II guidance | Elizabethann Wright, Hogan Lovells law firm
• Regulator rules Swiss-US Privacy Shield Is inadequate | Gail Crawford et al., GlobalPrivacyBlog.com
• Can US still mass surveil globally after Schrems II? | Arindrajit Basu, MediaNama.com
• German state DPA guidance on Schrems II | Gary LaFever, IAPP Privacy Advisor
• Not Granting GDPR adequacy to UK a mistake? | Daniel Castro & Eline Chivot, IAPP Privacy Perspectives
• GUIDE: Processing customer data in EU for COVID-19 tracing | EU Data Protection Commission website