The public faces an initial April 8 deadline to comment on draft rules about identity and privacy which the ad-tech-dominated IAB Tech Lab released last week.  Upcoming on Wednesday (March 24) is an “Addressability Solutions Road Show” — a public webinar — to explain a set of preliminary working documents and ideas designed to define and thread a needle between consumer privacy and targeted advertising.

The documents are circulating as U.S. publishers try to figure out if they will get on board an advertising- and ad-tech industry initiative to coalesce around an email-based ID system to replace third-party cookies.  The system, Unified ID 2.0, is to be operated by trade association PreBid.org Inc.

Google has said it will not support Unified ID (see link below).  Also unresolved, apparently, is who will set policy and governance for such a system. A key issue is said to be who will have authority to discipline or even cutoff companies that stray from privacy and system rules.

“Predictable user privacy — across platforms and devices — can only be achieved through open standards where all stakeholders have a say at the table,” said Jordan Mitchell, SVP and head of consumer privacy, identity and data for IAB. It must provide transparency and control to users and be able to demonstrate compliance, he added in a statement. 

Four downloadable documents comprise the public material developed by IAB in what it terms its “Standards For Responsible Addressability And Predictable Privacy” They cover such things as auditable data structures, formats for exchanging data rights and preferences, the use of email-based identities and the handling of ad targeting with no user ID is present. The Tech Lab documents say its mission is to “streamline technical privacy standards into a singular schema and set of tools which can adapt to regulatory and commercial market demands across channels.”

Accounts of the IAB privacy-data effort say nearly 300 people from ad-tech firms, ad agencies, media outlines and other identity-tech providers worked on the IAB document-drafting effort assisted by LiveRamp Holdings Inc., a company which acquires and works with consumer email addresses supplied by publisher clients in the programmatic advertising system. “We look at this as establishing the baseline,” Travis Clinger, svp and head of addressability and ecosystem at LiveRamp, told DigiDay’s Kate Kaye in her March 11 account, entitled “Gaps remain in industry guidelines for controversial email-based identity tech.”

RELATED LINKS 

• Trade Desk CEO scrambles to defend Unified ID 2.0, and explain for Google | Jeff Green, The Trade Desk via AdExchanger.com
• Google: No backdoors for us and we won’t support Unified ID2.0 | Allison Schiff, AdExchanger.com
• Unified ID 2.0 to enter beta testing | Allison Schiff, AdExchanger.com
• OPINION: Explaining Google’s FLoC game: The Age of Privacy Theater | Gilad Edelman, Wired.com
• IAB panelists liken cookie deprecation to Y2K; focus on first-party data | Laurie Sullivan, MediaPost.com
• Five things we know about Google’s ad changes after cookies | Alexandra Bruell, WSJ.com
• Google to Put Out New Publisher Tools Following ID Shake-Up | Ethan Wu, AdWeek.com
• OPINION: “We” aren’t ready for the cookiepocalypse (with links) | Lynne d Johnson, AdMosters.com
• Brands don’t seem to be ready for emerging web ID changes | Tony Rifilato, AdExchanger.com
• Apple’s IOS 14 Is Causing Major Changes To How Facebook Does Measurement | Allison Schiff, AdExchanger.com
• VENDOR VIEW: “Moving toward era of privacy-first personalization” | Michael Silberman, Piano Media via DigitalContentNext.org

GOOGLE-APPLE-FACEBOOK PRIVACY FIGHTS

• Instagram branded ‘most invasive app’ according to Apple’s privacy ‘nutrition labels | Alex Wilkins, Metro.co.uk | READ MORE
• App Privacy Study Looks at Most ‘Invasive’ Apps Collecting User Data | Juli Clover, MacRumors.com | IMAGE
• OPINION: The data privacy Cold War is here. Which side are you on? | Frederick Lee, Gusto via VentureBeat.com
• Explaining the Apple-Facebook privacy fight | Julia Boorstin, CNBC.com
• Zuckerberg changes tune: Now he things Facebook could be aided by Apple IDFA change | Salvador Rodriguez, CNBC.com
• Five common Apple privacy crackdown myths, debunked for concerned marketers | Seb Joseph, DigiDay.com
• Apple is warning app developers not to skirt its privacy changes in iOS 14 | Joe Wituschek, iMore.com
• Google’s Latest Privacy Play Has Big Implications for the Open Web | Stephanie Miles, StreetFightMag.com
• Google Suffers Another Defeat In Privacy Battle Over Chrome | Wendy Davis, PolicyBlog/MediaPost.com
• 99% of iOS 14 users refused app tracking last year, says report | Stephen Warwick, iMore.com
• DuckDuckGo Calls Out Google For Reportedly Spying On Users In Incognito Mode | Laurie Sullivan, MediaPost.com | RELATED STORY
• Google Can’t Shake Privacy Claims Over ‘Incognito’ Tracking | Wendy Davis, MediaPost.com

A majority of 1,500 smart-phone users surveyed last month would allow some form of tracking rather than pay a subscription fee, but some 45% prefer not to allow tracking, even though they realize they will see less-relevant advertising. Less than one-third are aware of Apple-led privacy changes coming and 45% prefer not to allow tracking, even though they realize they will see less-relevant advertising.

The findings are part of a survey funded and released by San Francisco-based mobile-ad measurement company AppsFlyer Inc., in collaboration with the non-profit Mobile Marketing Association.  The downloadable report is entitled, “Personal Data, Privacy & Smartphones: The Cautious Consumer.” 

Overall, the survey found smartphone users “very to extremely concerned about the use of personal online data by companies.” The concern spanned all ages, at 41% for those 18-24 “moderately” concerned and 38% of those 65 and older “extremely concerned.”

Many took action on their concern. The survey found 47% use an ad blocker and 35% use a browser extension eliminating ads — with percentages highest among youth and young adults. The highest concern (58%) was around identity theft. Some 45% wanted to receive some share of the revenue earned from their data.  Some 34% of respondents considered social-media data such as personal interests to be “sensitive” data, and of more concern than location data.

The survey asked questions about paying for information, perceptions of the purpose of data collection and knowledge of tracking or coming privacy regulations. Among conclusions was this: “Smartphone users want tech companies to step up, be transparent and educate them in ways that are simple and direct. ‘If you want my data, what do I get?’ is their mantra.”

PERSONAL PRIVACY

• As Digital Currency’s Popularity Rises, So Do Privacy Fears | Gregory Barber, Wired.com
• Google gets into sleep surveillance with new Nest Hub screen | Michael Liedke, Associated Press
• Microsoft, Amazon must face facial recognition data suits | Sara Merken, Reuters PLC
• Brave the browser maker to launch privacy-focused search engine this year | James Frew, MakeUseOf.com
• Tim Berners-Lee: We need social networks where bad things happen less often | John Harris, The Guardian UK
• INTERVIEW: David Ottenheimer, trust/ethics exec explains Tim Berners-Lee’s “Inrupt” | Ethan Zuckerman, UMass / PublicInfrastructure.org
• Brands given advice about how to persuade consumers to give up data | Joseph Zappa, StreetFightMag.com

BIOMETRIC AND COVID PRIVACY 

• Who Is Making Sure the A.I. Machines Aren’t Racist? | Cade Metz, NYTimes.com
• What We Learned About Clearview AI and Its Secret ‘Co-Founder’ | Kashmir Hill, NYTimes.com
• Facebook’s AI Breakthrough Carries Privacy Risks, Experts Warn | Robert Bateman, DigitalPrivacyNews.com
• Global ‘Vaccine Passports’ Raise Concerns Over Privacy and Inequity | Aishwarya Jagani, DigitalPrivacy.news

EU PRIVACY 

• France’s privacy watchdog now probes Clubhouse after complaint and petition  | Natasha Lomas, TechCrunch.com
• In EU, privacy regulators regroup as more of their rules are challenged | Catherine Stupp, Wall Street Journal
• Irish privacy enforcer refuses same forum with Max Schrems | Donal O’Donovan, Irish Independent
• Advertisers lose bid in France to block Apple app privacy changes — for now  | Karlene Lukovitz, DigitalNewsDaily/MediaPost.com | RELATED: Investigation continues | RELATED

WORD PRIVACY

• Financial Times says China authorities will defeat Apple tracking restrictions | via IAPP
• RELATED STORY | RELATED STORY
• ByteDance and Tencent workarounds in China could spell trouble for Apple | Ryan Barwick, MorningBrew.com
• Indian government seeks review of WhatsApp privacy changes | Mashable News Staff
• Beijing sours on facial recognition, unless it’s the one doing it | Zeyi Yang, Protocol.com
• Taiwan’s COVID ‘Electronic Fence’ Under Attack for Privacy Fears | Steven Crook, DigitalPrivacy.news

WASHINGTON BEAT

• Sen. Coons may call Twitter, Facebook CEOs to privacy/algorithm hearing | Christiano Lima & Alexandra S. Levine, Politico.com
• Deep dive on details of Rep. DelBene’s just-refiled privacy bill | Müge Fazlioglu, IAPP Staff
• Will New Laws (and Lawmakers) Break Down the Walled Gardens? | AdMonster.com

STATEHOUSE BEAT 

• Status of Proposed CCPA-Like State Privacy Legislation as of March 15 | David Stauss, Shelby Dolen & Malia Rogers, Husch Blackwell law firm
• Florida privacy bill is advancing — here are the details | Andy Serwin & Jennifer Kashatus, DLA Piper law firm
• Virginia’s data privacy law has potential loopholes and regulatory uncertainty | Joe Stanganelli, MarketingLand.com
• Virginia privacy law creates new obligations for data controllers | Scott Ikeda, CPO Magazine

On schedule, California’s political leadership appointed the five members of a new California Privacy Protection Agency governing board. It will have authority to appoint an executive director and spend at least $10 million a year to promote, interpret and enforce the state’s pioneering online privacy laws. It’s members appear to have broad legal and advocacy experience around privacy.

Days before his confirmation as U.S. Health & Human Services secretary, the office of outgoing California Attorney General Xavier Becerra also released a final set of regulations interpreting the California Consumer Privacy Act (CCPA) in several significant ways affecting enforcement.

Significantly, the new regulations affirmed and amplified a “Tweet” sent by the office in February, the new regulatory amendments confirms it is mandatory for companies collecting consumer data online to honor requests from “authorized agents” of the public to opt-out of data collection or selling. This makes it potentially feasible for consumers to take a “one-and-done” approach to specify their privacy preference with the Global Privacy Control app.

The exact language covers “user-enabled global privacy controls, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicate or signal the consumer’s choice to opt-out of the sale of their persona information.” The regulations says businesses “shall treat” such controls “as a valid request”. The U.S. advertising industry had asked that the law not require respecting GPC-submitted requests.

The new regulatory language released on Monday also:

• Adopted and publicized a new “icon” (shown above) that websites may use adjacent to a “Do Not Sell My Personal Information” opt-out statement.  Significantly, the rulemaking says use fo the icon is optional. Some privacy advocates expressed concern that the icon chosen might not be ideal.  It’s likely this will be the subject of future rulemaking.
• Confirmed that collecting “personal information” in an offline setting — such as at a store during checkout — has to be accompanied by a sign, oral notice or a paper handout if the data is to be sold.
• Defined and expanded rules forbidding the use of so-called “Dark Patterns” or multiple, confusing steps to reach a point where the “Do Not Sell” option can be exercised.  Getting there must be easy and require minimal steps, the attorney general’s office ruled, that does not have the “purpose or substantial effect” of impairing the right to opt-out.

Under CCPA the operative regulatory word is “sold.”  When the newer California Privacy Rights Act (CPRA) goes into effect next year, intended data “sharing” will also require notice and can be forbidden by a consumer through a blanket or one-off check off.

RELATED LINKS

• Five members named to CPRA privacy regulatory board | David Stauss, Husch Blackwell law firm | BIOS OF FIVE MEMBERS | NEXT CPRA DEADLINES
• Monday’s new regulations for CCPA spell out “Dark Patterns’ abuses | Brianna Provenzano, Gizmodo.com
• New CCPA regulation bans use of “dark patterns” to hoodwink users | Allana Akhtar, BusinessInsider.com | RELATED NEWS RELEASE
• Latest CCPA regulations explained | Davis Stauss, Husch Blackwell law firm | RELATED REPORT
• Handling of opts out and authorized agents under regulations | Hilary Bonaccorsi et al., Dechert LLP law firm
• DETAILS: Easy opt-out for consumers; authorized agent OK’d | Christine Chong & Eva Pulliam, Arent Fox law firm
• How inventor of “Dark Patterns” concept defines the term | Alexis Hancock, EFF.org
• What is Global Privacy Control? Here’s what you need to know | David Johnson, BusinessInsider.com
• VENDOR VIEW: Why publishers should adopt Global Privacy Control, (GPC), the new privacy standard | Ron Shavell, Abine via WhatsNewInPublishing.com
• INTERVIEW: Ashkan Soltani on creation and purpose of GPC | Ashkan Soltani

PLATFORMS AND ANTITRUST 

• Acting FTC chair calls for ‘bold action’ to rein in tech, other monopolies | Chris Matthews, MarketWatch.com
• Sources say U.S. DoJ probing effect of Google cookie changes on competitors | Paresh David & Diane Bartz, Reuters via USNews.com | RELATED STORY
• Texas AG adds Google FLoC moves to antitrust suit claims | Leah Nylon, Politico.com
• Google Plan For Cookie-Less Targeting Is Anticompetitive, States Claim | Wendy Davis, DigitalNewsDaily/MediaPost.com
• Antitrust amended complaint: Google and Privacy Sandbox | Dimitrios Katsifis, The Platform Law Blog
• The Google Files: Four things the documents reveal | Leah Nylen, Politico.com via Benton.org
• Prosecutors: ‘Google is trying to hide its true intentions behind a pretext of privacy’ | Adi Robertson & Brussell Brandom, TheVerge.com