|
Ad industry starts review of ad-tech’s ‘non-commercial’ identity-sharing proposal — UID 2.0; Who will govern?
An ambitious effort by the ad-tech and advertising industries to establish a standard for how privacy and identity work on the open web, bypassing browser software, advanced this week.
The Trade Desk Inc., a big, public ad-tech vendor and operator, said it had submitted to an ad-industry consortium details of its Unified ID 2.0 (UID 2.0) hashed-email identity service. The details were received by the Partnership for Addressable Media (PRAM), which last week put out a call for such submissions. It is not yet clear what role PRAM intends to play in vetting or recommending UID 2.0. It said it wanted code “contributed” for “collaborative development.”
Ad-tech is racing to outflank Google and Apple as those two dominant web-browser makers advance plans to bring control of user identity — and thus privacy — within the browser. That is seen by ad-tech as a body blow to the business of sharing user data for ad targeting. (See, QUOTE OF THE WEEK, below) Trade Desk says UID 2.0 is an “open-source, encrypted framework that represents an alternative to third-party cookies.”
PRAM says more than 400 companies and trade associations are participating in its work, including leading brands, agencies, ad tech partners and platforms — and a few publishers. The group has delegated technical specifications and review to the IAB Tech Lab, another trade organization consisting most of ad-tech companies, platforms and a more significant number of publishers.
Also last week, SpotX joined a list of companies saying the would support UID 2.0 by recognizing identities shared in the UID 2.0 format. The list includes IRIS.TV , The Washington Post, OpenX, Neustar, Mediavine, PubMatic, Magnite, Index Exchange, Nielsen, Criteo and LiveRamp. Several, including Neustar, Critero and LiveRamp have competing identity-sharing offerings.
The industry-trade source AdWeek, which has covered the UID 2.0 and PRAM activities, wrote in August that publishers want independent governance of UID 2.0 and “a say in how it’s run.” Reporter Andrew Bluestein wrote, “a non-biased governing body needs to be formed to police misuse.”
Trade Desk has said its UID 2.0 code will be “open source” and governed by an independent entity. AdWeek reported it was intended to be “non-commercial.” However, it is not clear who the entity will be, or whether Trade Desk would be prepared to relinquish any rights to the code.
In Thursday’s submission announcement, Trade Desk said UID 2.0 will be “managed and operated by independent, objective third parties as soon as the functional areas of the ID are working at scale.”
A UID 2.0 overview document provided by The Trade Desk says “overarching core principles” include that UID2 will be non-proprietary, interoperable and accessible to “all constituents in the advertising ecosystem that abide by a code of conduct . . . . “ It says UID2 will have “independent governance” and will be “operated by an unbiased third party, with a transition expected in mid-2021. The Trade Desk is providing the working code and framework only to get it off the ground.” It adds, “the related code will be open sourced.”
ITEGA, sponsor of this newsletter, has offered to play a role in the governance of how user identity (and resulting privacy standards) works on the web from its position as a 501(c)3 nonprofit, public-benefit organization. It would be similar to ICANN, the entity that governs domain names on the global web.
MORE AD TECH
WASHINGTON BEAT
- Public Citizens urges Biden to protect consumers’ online privacy | Al Jazeera | RELATED STORY
- What The Biden Presidency Means For Privacy, Consumer Protection And Antitrust | Allison Schiff, AdExchanger.com
- Silicon Valley does the math on a divided Senate | Owen Thomas, San Francisco Chronicle
- CEO’s plea: It’s time for a federal privacy law in the United States | Ameesh Divatia, CEO, Baffle
- Legal expert Kirk Nahra says prospects improve for privacy under Biden | Marianne Kolbasuk McGee, BankInfoSecurity.com
- Biden and Section 230: New administration, same problems for Facebook, Google and Twitter as under Trump | Jessica Guynn, USAToday.com
- Section 230 liability law is likely to be reviewed under Biden | Rachel Lerman, WashPost.com
- Biden’s appointments at FTC, FCC likely signal aggressive regulation of big tech | Tyler Sonnemaker BusinessInsider.com
- New FTC interim chair Rebecca Kelly Slaughter has a get-tough-on-tech record around privacy, ad-tech | Wendy Davis, DigitalNewsDaily/MediaPost.com
STATEHOUSE BEAT
- Oklahoma state senator files “opt-in” privacy bill | Kevin Severin, OKCFox.com
- RELATED STORY
- Virginia And Oklahoma join Washington, New York and Minnesota considering privacy bills | David Stauss, Husch, Blackwell LLP law firm
- Privacy legislation proposed in New York and Minnesota | David Stauss, Husch Blackwell law firm
- NY Assembly reintroduces “opt-in” NY Privacy Law | David Klein, Klein Moynihan Turco law firm
- Cuomo floats privacy legislation as part of NY ‘State of the State’ | Governor’s website
- Washington state privacy act back as SB 5062 | Rick Morgan, Puget Sound Business Journal | RELATED STORY
- Washington Privacy Act Reintroduced – Third Time’s the Charm? | Eric Rosenkoetter, Maurice Wutscher LLP
- What the new Washington Privacy Act says — seven points | Vorys, Sater, Seymour and Pease LLP
- Nearly 22,000 Illinois Walmart workers could get share of $10 million privacy settlement | Lauren Zumbach, Chicago Tribune | RELATED STORY
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
Ad-tech execs and publishers see privacy/identity consumer choice as only way to compete with Facebook, “walled gardens”
The “open” Internet isn’t meeting the business or privacy needs of publishers or advertisers when compared with “walled garden” platforms such as Facebook, but efforts now underway could change that, according to participants in the second of three public webinars organized by the Information Trust Exchange Governing Association.
The series, “Identity, Advertising and the Future of Journalism,” features virtual roundtables of discussants and public viewers. The Jan. 21 session was moderated by Wally Snyder, founder and president of the Institute for Advertising Ethics, and produced with support of the Donald W. Reynolds Journalism Institute and Craig Newmark Philanthropies. (VIEW ARCHIVED VIDEO) ( Passcode: R*2*ZW0? )
From the remarks of their executives, it sounded as if advertising technologists believe the only way to compete with Facebook, YouTube and other technology platforms is for publishers to do two seemingly contradictory things — first, give users control over their privacy and use of data and then, be able to “address” them with targeted advertising as efficiently as Facebook claims to do. The current programmatic, real-time-bidding system, doesn’t do either, they said.
“We have to stand up as an advertising industry and acknowledge we messed up,” said Travis Clinger, and executive of data-warehousing and ad-tech company LiveRamp. “We lost the trust of the consumer and we built a horribly inefficient ecosystem. The walled gardens focused on addressability.” He added: “As an industry we have to lean much more into the consumer privacy changes and be much more transparent ot the consumer.”
GOOGLE AND CONTENT PAYMENT
ANTITRUST
MEDIA MIX
PRIVACY BUSINESS
|
|
|
authorized-agent
New York Times’ columnist advances the idea of an information “authorized agent” to help with privacy
The idea that consumers might want to have an “authorized agent” who helps manage their privacy and identify preferences was advanced this week in a column by New York Times tech writer Shira Ovide, headlined: “How to Make Data Privacy Real.” The Jan. 19 column follows a Jan. 7 ITEGA webinar in which the idea was also discussed.
Most of Ovide’s column is about the California Privacy Rights Act (CPRA), adopted by the state’s voters in November and starting to take effect this year. She recites the rights it provides for California residents to control how companies collect or use personal data.
“But the California law also envisioned the possibility of ‘authorized agents’ that would exercise data rights on our behalf,” Ovide writes, adding: “Instead of you filling out 100 forms to ask 100 companies to delete your data, you would pick a privacy assistant to do it for you.”
She cites a test underway by Consumer Reports to do just that.
“The most intriguing idea is that the privacy assistant might just be a web browser where you check a box once and each site you visit then gets an automated notice to prohibit the personal information collected there from being shared or sold,” she concludes. “Think of it as a version of the telemarketer ‘Do Not Call’ list. Such an approach is already in code. It’s called Global Privacy Control.
In the IETGA webinar, Richard Whitt — president of the Glia Foundation and a Mozilla fellow who spent more than a decade as a strategy executive at Google Inc. — suggested publishers consider an additional business model besides advertising and subscriptions, operating as “information fiduciaries” to help their users with identity, privacy and finding information.
The idea of an “information fiduciary” was first popularized following a 2014 blog post and 2015 journal article by Yale Law School Prof. Jack M. Balkin. The Information Valet Project at the Reynolds Journalism Institute at the University of Missouri has also explored the idea of an “information valet.” starting in 2008.
CALIFORNIA PRIVACY
PERSONAL PRIVACY
- Internal Facebook Memo Tells Employees to Do Better on Privacy | Alex Kantrowitz, OneZero/Medium.com
- Austrian court, in Schrems case, finds Facebook’s terms of service gives consent to ad targeting | Robert Bateman, Digital Privacy News
- Examine Spotify: How Companies Use Personalization to Leverage Our Surrendering of Data | Asa Hiken, Digital Privacy News
- AUDIO: Talking about “identity” and anonymity with Brendan Riordan-Butterworth | Rob Beeler, BeelerCast
- A wrap up on the WhatsApp privacy debacle: Planned all along? | Soshana Wodinsky, Gizmodo.com
- WhatsApp Fueled A Global Misinformation Crisis. Now, It’s Stuck In One | Pranav Dixit, BuzzFeedNews.com
- Tencent has been caught spying on your web browsing history with QQ Messenger | Caleb Chen, Privacy News Online
APPLE-GOOGLE-FACEBOOK PRIVACY LABELS
COVID-19 AND PRIVACY
|
|
china-russia
Wheeler: Democracies must co-regulate digital behavior, including privacy, or else see Internet “splintered” by China and Russia
Europe and the United States should align on common standards of behavior for Internet businesses — covering privacy and other topics — as a way “to focus on the power of autocratic corporate empires and their effects on competition and consumers,” a former U.S. Federal Communications Commission chairman argues.
What could become a “alliance of liberal democracies” worldwide is needed to avoid a splintering of the Internet as nation-states such as China and Russia disrupt free information and redefine the internet in their interests, Tom Wheeler says in a Brookings Institution paper posted Jan. 21: “Time for a U.S.-EU Digital Alliance.” Today, the U.S. leads in digital technologies but has ceded tech policy leadership to the European Union, he writes.
Absent from industry standard-setting activities to date, Wheel writes, “has been the creation and enforcement of public-interest behavior standards.” He adds: “Industry developed so-called ‘privacy codes,’ for instance, are less about protecting a user’s privacy and more abut how the company will violate that privacy.”
“The European Union—which has led in the attempt to establish oversight of the dominant digital companies—is also leading in the effort to build a democratic alliance,” writes Wheeler. “Lost in the attention paid to the EU’s proposed sweeping rules for the regulation of online platforms, is its proposal for a “specific dialog with the US on the responsibilities of online platforms and Big Tech” as part of a post-inauguration summit with President Biden.”
Three digital-policy issues are at stake, he writes: The dissemination of misinformation and hate, the distortion of markets to become non-competitive and the exploitation of consumers. Solutions require speedy and agile regulation because “dominant digital companies have been able to define market behaviors before policymakers can catch up.”
These companies — which Wheeler does not cite by name — have taken advantage of unique “root assets of the digital economy” — low marginal costs, non-rivalrous use of data, network effects and boundless demand to tip into virtual monopolies. He suggests that regulators need to be familiar with data analytics and have to have tools to override the tendency of Big Tech to refuse access to algorithms that can have adverse public consequences.
“A transatlantic digital alliance can begin to be built around common analytical systems to assess the digital marketplace,” Wheeler writes, focusing misinformation, disinformation and malinformation; on market gatekeepers; and on “consumer welfare issues such as privacy and the security of networks and their data.”
EU PRIVACY
WORLD PRIVACY
UPCOMING EVENTS
- WEBINAR: “The Publisher’s Playbook for Privacy: News and Updates for 2021” | Jan. 26, Local Media Consortium
- WEBINAR: Data Privacy/Innovation Day | Jan. 27, Rise of Privacy Tech
- WEBINAR: The privacy implications of “Brexit” — EU saying goodby to UK | Jan. 27, IAPP
- Have You Met My Big Brothers: Surveillance Economy & Data Privacy | Feb. 2, OWI
- Identity, Advertising and Future of Journalism | ITEGA, Feb. 4
- Tech Talks: Privacy | FEb. 24, Campaign US
- IAB Annual Leadership Meeting | March 8-12, IAB | Features Anthony Fauchi
- PrivSec Global 2021 | March 23-25, PrivSEc Global
- Trust and Doubt in Public Sector Data Infrastructures | March 25, Data & Society
- IdentiVerse 2021 virtual and F2F in Denver on identity/privacy | June 21-23
|
|
QUOTE OF THE WEEK
OPINION: Browser anonymized user or ad-tech ’empowered’ user: Which approach is best for web identity?
- Here is an excerpt from an opinion piece by Joel Meyer, chief architect at OpenX Software Ltd.., of Pasadena, Calif., an ad serving, real-time bidding and supply-side platform operator. It was entitled, “The Two Approaches to Identity and What They Mean for Pubs.” It was published Jan. 21 by AdExchanger.com.
“While there’s no clear cut answer around what the future of audience targeting will look like, practically every proposal is supported by one of two opposing core beliefs.
“The first is the belief that the only way to fully protect a user is to make them anonymous, a task that must be accomplished by the browser or device used to consume content. Let’s call this the “Browser/Device Belief”. In proposals falling under this belief, the user is anonymous and the browser/device develops functionality to facilitate advertising. Google’s TURTLEDOVE and Apple’s SKAdNetwork are prime examples of this. It’s also worth noting that Google and Apple control the majority of browsers and operating systems used today. In these solutions, the client (i.e. the browser or device) anonymizes the user by removing any vectors that allow a user to be passively identified. This ensures privacy by default and prevents bad actors from tracking the user against their will. It also places very little extra burden on the user – the browser/device transparently anonymizes them and the user does not need to worry about how it actually happens.
“The second belief holds that an informed and empowered user, with controls and transparency, can implement the privacy they desire while better understanding the value exchange powering the open web. Let’s call this belief the “user belief”, as the proposals motivated by it strive to educate the user and give them more control without requiring them to be completely anonymous. An example of this is Unified ID 2.0, which gives the user the ability to centrally manage and delete their information in exchange for providing vendors access to a stable identifier . . . [First], users need a service that they can trust and use nearly ubiquitously. Remembering logins, implementing privacy settings, and managing consent across a dozen different single sign-ons is not ideal. This is not an argument against a diversity of identity solutions, but a reminder that we will need broad adoption of a number of them. Second, depending on the vertical, many publishers have difficulty getting users to authenticate directly with them, so they will need to be able to easily integrate with the available identity solutions and provide users a very lightweight authentication experience. Getting scale with this will be challenging, though as Prebid.js has shown, not impossible . . . .
“Finally, we should change expectations. The way we do targeting and attribution on campaigns today won’t be the same when cookies go away and it may take a long time to reestablish KPI’s
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|