|
The New York Times takes the plunge — reportedly is planning to drop out of 3rd-party data ad ecosystem
The New York Times is reported to be planning to drop out of the 3rd-party advertising ecosystem in a move that would help them to be compliant with emerging privacy law by targeting advertising only with data they collect.
The move is described by reporter Sarah Fisher in a May 19 report this week at Axios that quotes Allison Murphy, senior VP of ad innovation at The Times. The report says the effort is part of a greater push to a privacy-friendly experience. She writes that other publishers such a Vox Media and The Washington Post, are developing advertising solutions based only on first-party data that they collect in a consensual process with their users.
Beginning in July, the Axios report says, The Times plans to introduce a set of 45 first-party audience segments for ad targeting. They’ll be broken into at least five categories (1) age range/generation (2) household or investable assets (3) work industry or role (4) gender, education or marriage demographic and (5) topical interests, with another 30 interest segments later in the year.
“This can only work because we have six million subscribers and millions more registered users that we can identify and because we have a breadth of content,” Axios quoted Murphy as saying.
The Times move comes as the major global digital advertising platform — Google — joins moves by other browser software makers to disallow third-party tracking cookies, which is generally believed to enhance Google and Facebook abilities to target advertising to their known users. The Times thus is shoring up its ability to live without the platforms.
The Local Media Consortium has been working with ITEGA, the sponsor of this newsletter, to create an independent, non-profit governed privacy-and-identity service that could grow to be an independent source of first-party user data. In an unrelated comment this week, the South China Morning Post’s (SCMP) VP-digital, Ian Hocking, supported such an idea. “I think this is a massive opportunity for publishers to come together and create a unified single sign-on and SCMP would like to lead that initiative. SCMP is uniquely placed to drive this in Asia.”
NEWS AND TRUST
-
Exclusive: New York Times phasing out all 3rd-party advertising data | Sara Fischer, Axios
-
The State of Cookies and Data Privacy Laws: Publisher Responses Diverge Based on Size | Tina Pautz, Cafe Media
-
Our priority can’t be to sell advertising’ – Washington Post rethinks revenues in lockdown | John McCarthy, The Drum
-
Vice Media CEO slams Big Tech as ‘great threat to journalism’ in layoffs memo | Jessica Bursztynsky, CNBC
-
Paris’ Strapi Lands $10M Series A To Expand Team Globally | Sophia Kunthara, Crunchbase
-
Experts weigh in on Facebook’s new Oversight Board | Mathew Ingram, Columbia Journalism Review
-
McClatchy CEO Craig Forman on local publishing’s ‘paradox’: Audience up, ads down | Pierre Bienaimé, Digiday
-
Reps Cicilline, Sensenbrenner Introduce Bill to Protect Local News Publishers | Rep David Cicilline, Benton Institute for Broadband & Society
-
Cicilline, Sensenbrenner Introduce Bill to Protect Local News Publishers | Rep David Cicilline
-
Facebook’s ‘oversight board’ is proof that it wants to be regulated – by itself | John Naughton, The Guardian
COVID-19 AND PRIVACY
-
Health officials say Google/FB tracking will be practically useless | Reed Albergotti and Drew Harwell, WashingtonPost.com
-
Microsoft’s view: Preserving privacy while addressing COVID-19 | Julie Brill, Microsoft chief privacy officer
-
Apple and Google release phone technology to notify users of coronavirus exposure | Kari Paul, The Guardian
-
The Technology 202: Apple and Google’s coronavirus alert tools arrive amid doubts about their efficacy | Cat Zakrzewski, Washington Post
-
Apple and Google launch coronavirus exposure software | Reed Albergotti, Washington Post
-
One of the first contact-tracing apps violates its own privacy policy | Geoffrey Fowler, Washington Post
-
Apple and Google release coronavirus contact tracing technology for public health mobile apps | Jessica Guynn, USA Today
-
Three states sign up for new Apple-Google contact tracing API | Benjamin Freed, State Scoop
-
Apple and Google roll out their new exposure notification tool. Interest seems limited. | Sara Morrison, Vox
-
Apple and Google release phone technology to notify users of coronavirus exposure | Kari Paul, The Guardian
-
The California Data Privacy Implications of Using Facial Recognition in the Wake of the COVID-19 Pandemic | Y. Douglas Yang, Labor Employment Law Blog
-
The Fight Against The Coronavirus Finds An Unlikely Ally In Blockchain | Paul Goatley, JD Supra
-
International: COVID-19 – Contact tracing apps – differing global approaches | Elizabeth Grimwood-Taylor, Baker McKenzie
-
Australian Parliament passes legislation offering privacy protections for COVIDSafe app | IAPP
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
In a word — conundrum — as ad-tech, agency and publisher lawyers consider terms, enforcement of CCPA
The California Consumer Privacy Act (CCPA) remains a definitional conundrum, according to lawyers for the organizations that must comply with it — even down to figuring out when compliance will really be necessary and whether a new ballot proposal could alter the rules.
That’s the impression conveyed by six participants in an Interactive Advertising Bureau (IAB) webinar recorded this week, and available for streaming viewing, entitled “The California AG’s Draft Regulations & the Road to CCPA Enforcement.” (See PDF of slides)
The CCPA took effect Jan. 1, but it specified the California attorney general could not begin enforcing it until July 1 and also until a set of enabling regulations were final. Observers now believe the July 1 date will stretch to Oct. 1 because of delays in the rule-making process. But at the same time, a new privacy initiative may soon qualify for California’s November ballot and its terms would make further changes. (See RELATED LINKS, below).
The webinar revealed these areas of uncertainty:
-
What constitutes a “sale” of personal information?
-
What constitutes “use” of personal information?
-
What supposedly pseudonymous data is still within the scope of “personal information”
-
Is it the publisher or the data-processor who must tell the consumer as data is collected?
-
When is an ad-tech vendor a data processor or acquirer, either or both?
The questions are of greatest concern to companies that process or use any of 11 categories of personal information. An entity such as a data broker or ad-tech supplier that is a contractual “service provider” to a publisher or web service has different notice, disclosure and usage obligations under the law than a “business” which has a direct relationship with a consumer.
“You cannot be a business that collects personal information and a third-party receiving personal information, in the same transaction for the same user,” webinar participant Michael Hahn, SVP and general counsel of IAB observed. “It’s just not possible.” He added later: “What the [rulemaking] does is it closes off gamesmanship by making it clear that when you function as a service provider, CCPA is going to treat you as a service provider regardless of whether you meet the statutory threshold for being a business.”
The law and draft regulations do seem to largely allow programmatic advertising to continue to function with new disclosures and practices, said webinar participant Alysa Hutnik, of the law firm of Kelley Drye & Warren LLP. “Current language makes clear that the service provider can use the personal information to provide its services and not just the services of the business [it is serving]. The rule permits service providers to process the personal information on behalf of multiple businesses when they are directed to do so in their service-provider agreements.
Company privacy statements under CCPA have to make a blanket disclosure of the sources of personal data and how it is used, said Monika Jedrzejowska, Hearst Corp. chief privacy officer and counsel. But information about any sale or disclosure of such data has to be described for each of 11 personal-information categories.
A data broker doesn’t have to notify a consumer before collecting information unless it plans to “sell” it, said Julia Shullman, general counsel and chief privacy officer of ad-tech company TripleLift. “So we see that carve-out as very helpful for companies that don’t believe they’re selling data…”
Earlier this year, Facebook asserted that it does not “sell” user data when it sells advertising that has been targeted using the data. So the carve-out mentioned by Shullman may be a “safe harbor” for Facebook if it wins an eventually legal battle over the CCPA’s definition of “sale.”
CCPA WEEK TWENTY
CPRA — NEXT AFTER CCPA
|
|
|
Standard seeking: Should consumers indicate their privacy preferences with a web-browser signal?
This week’s Interactive Advertising Bureau webinar on the California Consumer Privacy Act (CCPA), included a brief discussion about a hot topic — user-enabled privacy controls within web-browser software such as Google Chrome, Apple Safari, Mozilla Firefox, Microsoft Edge, the Brave browser or others.
The core question broached both there and in recent meetings of a World Wide Web Consortium (W3C) community group — there’s a need for a web standard on what constitutes user expression of privacy preferences.
In the IAB webinar, TripLet General Counsel and Chief Privacy Officer Julia Shullman spoke to the subject. First of all, she observed there is not yet consensus on what constitutes a data “sale” that a user needs to say “yes” or “no” to. The second question is whether a browser setting sent automatically by the browser at a time after the user has set it, should be legally valid as “consent.”
“Do we all take a step back and start honoring those signals where all the browser are in the middle of changing the way they function,” she asked fellow panelists. “A lot of us in the ecosystem are still hoping we can convince our clients or others to rally around a standard method of signaling consumer opt outs. Otherwise it is a patch work creating consumer confusion and difficulty in honoring.”
Sebastian Zimmeck, a Wesleyan University computer-science professor, has raised the same topic in the W3C discussions and reached a similar conclusion. “At this point, it seems worthwhile to have a discussion of these developments with the goal of converging to a standard,” Zimmeck wrote in an April W3C post. “In particular, a Do-Not-Sell signal could be implemented similar to the Do-Not-Track (DNT) signal via an HTTP header.” He added: “Internet users, publishers, privacy organizations, and ad networks are some of the stakeholders in this question. Ultimately, there needs to be a consensus because the proposed task here is not only one of technology but also one of policy.”
The notion that browser software should be enshrined by the CCPA for managing user privacy settings appears to be opposed by the Association of National Advertisers in a letter sent to U.S. Sen. Adam Schiff, according to a story by John Eggerton of MultiChannel.com.
MediaPost’s Wendy Davis quoted the letter from the ANA’s Bob Liodice asking Schiff to express concerns about the proposed regulations, in order to “prevent the codification of these dangerous gatekeeper standards for browsers into state regulations.” Davis wrote that the CCPA as interpreted by regulators would require companies to honor do-not-sell requests sent through browser-based tools — regardless of whether consumers affirmatively activate the tools.
ADVERTISING TECH
-
MediaMath exec says regs should put consumers, not browsers, in charge | Daniel Sepulveda, via MarTechSeries.com
-
To show how easy it is for plagiarized news sites to get ad revenue, I made my own | Megan Graham, CNBC
-
Senator appeals to ad industry not to block ads on COVID news pages | U.S. Sen. Adam Schiff website
-
Post-cookies, ads are the revenue focus for smaller publishers, but first-party data is unlocking new opportunities | Digiday
-
‘Diversify your revenue streams, period’: IAB CEO Randall Rothenberg thinks relying on solely on advertising is ‘wrong’ | Digiday
-
With third-party cookies in the rearview mirror, why media should celebrate | Brie Logsdon, Paula Felps and Dawn McMullan, INMA
-
Contextually Aligned Ads Drive a 93% Increase in Brand Awareness, USC and Channel Factory Find | Exchange Wire
-
Google’s digital-ad dominance is harming marketers and publishers, says new study | AdAge
PLATFORM OVERSIGHT?
PERSONAL PRIVACY
-
APAC consumers have concerns about online privacy, but let it go for freebies | Eileen Yu, ZD Net
-
It’s Impossible To Opt Out Of Android’s Ad Tracking; Max Schrems Aims To Change That | Glyn Moody, TechDir
-
Connected Vehicles and GDPR – A Status Update after the Public Consultation | Lydian
-
We shouldn’t accept intrusive surveillance for the sake of our health without safeguards | Cristina Goñi, EuroNews
-
Wireless Carriers Face Penalties for Sharing Consumer Locations | Allen St. John, Consumer Reports
-
Fever-checking technology is a danger to privacy and may not be accurate, ACLU says | Simone Jasper, Miami Herald
-
APAC consumers have concerns about online privacy, but let it go for freebies | Eileen Yu, ZD Net
-
OPINION: Privacy Must be Central to Identity and Access Management | Shawn Keve, CRO, Simeio Solutions
WASHINGTON BEAT
-
What to Watch for in Federal Data Privacy Legislation |Bob Swanson,, NextGov.com
-
Senate Democrats Introduce A Second Federal COVID-19 Privacy Bill | Odia Kagan, JD Supra
-
Democrats introduce coronavirus-focused privacy legislation | Chris Mills Rodrigo, The Hill
-
Republican defines “covered data” and harmful practices | McGuireWoods LLP law firm (BILL TEXT)
-
Competing COVID-19 Privacy Bills Introduced in U.S. Senate | Gwenn Barney, Richard borden, Joshua Mooney, White & Williams LLP
-
Dueling privacy legislation taking shape | Khari Johnson, VentureBeat.com
-
Consent and Cookies: The EDPB has adopted new guidelines on consent | DSM Avocats à la Cour
-
FTC Commissioner Christine Wilson wants federal pre-emption | Dan Clakr, Law.com
-
Digital contact-tracing: The Trojan horse in the battle over data | Sophia Ignatidou, The Hill
-
COVID-19 Inspires Federal Consumer Privacy Act | Zachary Heck, Privacy and Data Security Insight
-
Privacy in Pandemic – Senators Announce COVID-19 Data Privacy Bill | Newmeyer Dillon
-
COVID-19 Consumer Data Protection Act 2020 Update | David P. Saunders and Allison N. Glover, Jenner & Block
-
Protecting Privacy and Public Health: The Senate Republican Proposal | Nancy Libin, Davis Wright Tremaine LLP
-
Redaction and Re-identification Risk | Peter J. Guffin, Privacy Law Perspectives
STATE VIEWS
GDPR AND EUROPE
PRIVACY BUSINESS
EVENTS DATEBOOK
|
|
QUOTES OF THE WEEK
In Brazil, three-quarters of users try to remove personal data from web but a quarter don’t know how
“A global study on data privacy by cybersecurity firm Kaspersky found 74% of Brazilian internet users have tried to remove personal data from websites and social media, ZDNet reports. Of the more than 15,000 consumers surveyed, 24% of respondents in Brazil reported not knowing how to remove information available online, 58% said they took steps to hide their information from cybercriminals, and 35% took measures to ensure websites could not access their data.”
– IAPP blog, summarizing a ZDNet account of a Brazilian study, published May 15
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|