|
While EU questions legality of email-based schemes, ad-tech asserts it can still personalize advertising — how does that work?
Two key players in the advertising-technology industry say they will continue to be able to identify and track consumers even as browser makers like Apple, Google, Microsoft and Mozilla move to block so-called “third-party” cookies in 2022 or 2023. Representatives of LiveIntent Inc. and The Trade Desk Inc. spoke during a virtual seminar Nov. 17 organized by the Interactive Advertising Bureau (IAB) and entitled, “New Rules for Digital Media: Addressability and First Party Data.”
“We have a massive identity graph,” said LiveIntent’s Jessica Munoz. “We build this customer profile for each client . . . an encrypted ID that is unique to you . . . we know which publishers you are engaging with . . . we have information about the kinds of browser you use.” Her massage to advertisers and publishers: “We want to help you to know who you don’t know yet who is valuable to you.”
Jessica said LiveIntent has at least five ways clients can manage consumer privacy choices and share those choices with LiveIntent. “If they want to opt out of ads entirely, we ask that consumers reach out to us to let us know on a global level,” she said.
Bill Michaels, of the Trade Desk, explained its Unified ID 2.0 service, which he said is non proprietary. Competing ad-tech companies can generate “UIDs” to be part of the system, which The Trade Desk says will be independently governed. No governance entity has been announced yet, however. UID2.0 starts with an email address supplied by a publisher, which is then “hashed and salted”, Michaels said, so that it remains unique but in theory can’t be linked to an identifiable individual. He called the email-based string “a safe packet inside the bidstream” and enables “targeted personalized advertising in a way that keeps consumers identity safe.”
Michaels said UID2.0 is being trialed in the United States and Canada and several countries in Asian by “several advertisers” — but not yet in the European Union, where the General Data Protection Regulation (GDPR) is effective.
RELATED LINKS:
WASHINGTON WATCH
Ad industry interests offer “survey” findings of strong support for unspecified federal vs. state privacy actions; Ingis quoted
A policy group supported primarily by the U.S. advertising industry asserted on Nov. 19 that a cross-section of Americans strongly favor federal privacy legislation rather than patchwork state solutions — but the survey does not appear to be specific about policy provisions the public supports, and the exact phrasing of survey questions was not released.
It is significant that the ad industry is trying to muster federal action that would supercede state laws such as the tough California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which the industry opposes.
The findings of the survey, but not the survey detail itself, were announced by Privacy for America, which is championed by Stuart P. Ingis, a Washington attorney who has a reputation as a privacy-policy power broker for the advertising and publishing industries. Privacy for America has a set of proposals for privacy legislative proposals.
The report was put together by two marketing and surveying organizations, Research Narrative and InnovateMR. They said it draws on a 1,524-respondent nationwide online survey of registered voters, “across a demographic cross section of U.S. registered voters ages 18+, balancing for age, ethnic and gender representation. Reported findings may be found HERE. A couple of key points summarized in the Privacy for American statement:
Some 92 percent of surveyed voters “report that it is very or somewhat important that Congress pass legislation to protect consumer data privacy.” Supported was highest among Democrats (95.4%), followed by independents (92.0% and Republicans (89.3%).
Four in every five voters want to create a national standard for all companies to follow that would “outright prohibit harmful ways of collecting, using and sharing personal information.”
“These findings make clear that an overwhelming majority of Americans want Congress to pass nationwide privacy legislation that protects all Americans, no matter where they live,” Ingis was quoted in the news release as saying. “In today’s highly polarized political climate, comprehensive privacy legislation is a rare bipartisan opportunity for Congress to deliver real protections for Americans and small businesses seeking to recover from the pandemic and protect the responsible use of data that drives our economy. We urge lawmakers from both parties to come together to make a national privacy law a reality in the United States.”
FTC AND PRIVACY
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
STATEHOUSE BEAT
Massachusetts moves to front of states proposing tough data privacy law with private-action right; $20M fines; key date Feb. 2
Privacy advocates and lobbyists for Massachusetts businesses that collect consumer data should circle on their calendar the date of Feb. 2 — by which a state Senate joint committee must report out a tough privacy bill or allow it to languish and probably die. The “Massachusetts Information Privacy Act” (MIPA) bill got a public hearing on Oct. 13.
Two lawyers from the Pierce Atwood LLP firm, Melanie Conroy and Peter Guffin, have been following the bill and one which died in a previous session and have written a comprehensive, nine-page summary of its provisions and hearing testimony. The most important provisions:
- Anyone over age 18 who believes their privacy is violated under the law can bring a civil suit and collect up to $15,000 per violation.
- It applies to any business that earns more than $!0,000 in annual revenue through 300 or more transactions or that processes or maintains the personal information of 10,000 or more individuals.
- A five-member Massachusetts Information Privacy Commission, would enforce and investigate and empower the state’s attorney general to litigate violations with civil penalties up to $20 million or 4 percent of annual global revenue of a covered entity.
The Massachusetts law would thus be tougher in respects than California’s. Its language was reviewed by Woodrow Hartzog, the prominent privacy expert at Northeastern University, he told Privacy Beat.
“It is difficult to overstate the magnitude of compliance and litigation risks MIPA may create for businesses collecting data from Massachusetts consumers and employees,” Control and Guffin wrote in their bill analysis.
PLATFORMS AND PRIVACY:
Reuters and Wired assert Amazon “war” on privacy
- Amazon wages secret war on Americans’ privacy, documents show | Jeffrey Dastin, Chris Kirkham & Aditya Kalra, Reuters PLC | REQUEST YOUR DATA
- Go read this look into how Amazon failed to secure customer personal data | Jasmine Hicks, Wired.com
- Former Biden aide helped Amazon kill off dozens of privacy laws nationwide, leaked documents show | Martin Coulter, BusinessInsider.com
- Amazon’s Dark Secret: It Has Failed to Protect Your Data | Will Evans, Wired.com
- Amazon security chief put together “with tape and bubblegum” | Ben Gilbert, BusinessInsider.com
- Apple’s ad business seeing gain $1B from privacy moves against competitors | Emily Bary, MarketWatch.com
- Edward Snowden calls out Google over search engine’s privacy | Barry Schwartz, SearchEngineLand.com
- Google Chrome adds important data privacy feature with beta update | Times of India
- Apple’s ad privacy change impact shows the power it wields over other industries | Kif Leswing, CNBC.com
PLATFORMS AND NEWS
|
|
|
Publisher group highlights Irish nonprofit’s latest compilation of Google/Facebook ad-tech challenge to “sustainability”
The research director of Digital Content Next (DCN), the U.S. trade association of quality digital news and magazine publishers, prominently featured an Irish nonprofit’s report detailing why the current programmatic advertising technology system is said to hurt publishers and help Google and Facebook.
“Surveillance advertising isn’t just problematic, it east publisher revenues,” is how the account by Rande Price, DCN’s research director, is headlined. The Irish Council of Civil Liberties report, itself yield “Sustainable without surveillance,” is authored by Johnny Ryan, a former journalist, ad-tech and privacy advocate who has been prominently seeking sanctions in the European Union against opaque ad tracking.
Much of the report represents a re-assembly of previous disclosures and arguments, but in a compelling format.
“Tracking-based online advertising imperils fundamental rights and publisher sustainability,” the report says. It says four things harm publishers: (1) leakage of publishers’ audience data (2) siphoning of ad revenue off to technology intermediaries (3) spreading of user data across the web and (4) diversion of billions in ad revenues to operators of “ad fraud bots” charging for clicks on ads by non humans.
ADVERTISING TECHNOLOGY
Aspen “Commission on Information Disorder” report seen as both tech-savvy and socially conscious look at crisis for democracy
ITEGA’s interest in privacy, identity, ad tech are subsidiaries of a larger challenge — how do we ensure that the Internet lives up to a vision to provide us the information we need to be effective and informed citizens in democracies? A unit of the Aspen Institute, the “Commission on Information Disorder” was out with a foundation-funded report last week that focuses on abuses by social-media platforms, but touches on all of the above.
If you can’t take the time to read the whole “final report” a perceptive synopsis was provided on Nov. 19 by Damon Beres, editor-in-chief of Unfinished, a unit of Frank McCourt’s Project Liberty, in a weekly blog post. He calls the report “tech savvy and socially conscious in equal measure” and provides his own links to three other trenchant analyses of it, including: Nieman Lab’s Josh Benton’s “How do you fix an “information disorder”? The Aspen Institute has some ideas.”
PERSONAL PRIVACY
- Defining “profiling” — its similar in both EU and U.S. laws | David A. Zetoony, GreenbergTraurig LLP law firm
- Regulators Are Zeroing In On Privacy Implications of Web Scraping | Myra Baylson et al., Cozen O’Connor law firm
- How to Use a Fake Email Address to Protect Your Privacy | Thomas German, ConsumerReports.org
- Email aliases won’t completely stop phishing attacks | Joshua Hawkins, Lifewire.com
- Tennessee professor says privacy requirements should be part of broadband infrastructure | Stuart Brotman, The Tennessean, via Benton Institute
- Los Angeles police partnered with tech firm that enables secretive online spying | am Levin & Johana Bhuiyan, TheGuardian.com
- Personalization’s Chief Risk and Reward: Identity Reinforcement | Joseph Zappa, StreetFightMag.com
- Column: Your ISP says it cares about your privacy. Not so much, actually, says FTC | David Lazarus, Los Angeles Times
- How Creepy Is That New Product? Mozilla’s *privacy not included Privacy Guide Will Tell You | Deborah Cole, Robinson & George LLP law firm
- RESEARCH: IAB Tech Lab’s Katsur comments on “differential privacy” research | Antony Katsur via Twitter | RESEARCH PAPER
- Stop your snooping smart TV — how to turn off data collection for every brand | Brian Westover, TomsGuide.com
- DuckDuckGo wants to stop apps tracking you on Android | Matt Burgess, Wired.com/ArsTechnica.com
- This Tool Protects Your Private Data While You Browse | Eurasia Review
- Airports Are Embracing Facial Recognition. Should We Be Worried? | Molly Glick, DiscoverMagazine.com
EU & UK PRIVACY
WORLD PRIVACY
UPCOMING EVENTS
|
|
QUOTE OF THE WEEK
EU’s data-protection board expresses concerns about pending proposals
- Various units of the European Union are considering data-protection proposals. The European Data Protection Board released a Nov. 18 statement expressing concern about some of them. Below are excerpts from the statement.
“The proposals aim to facilitate the further use and sharing of (personal) data between more public and private parties inside ‘the data economy’, to support the use of specific technologies such as Big Data and AI and to regulate online platforms and gatekeepers. Processing of personal data already is or will be a core activity of the entities, business models and technologies regulated by the proposals.
“The combined effect of the adoption and implementation of the proposals will therefore significantly impact the protection of the fundamental rights to privacy and to the protection of personal data, enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (‘the EU Charter’) and in Article 16 of the Treaty on the Functioning of the European Union (‘TFEU’)
“While the proposals seek overall to mitigate a variety of risks, the EDPB holds serious concerns about a number of choices made and considers the fundamental rights and freedoms of individuals require additional protection
“The proposal for the AIR would allow for the use of AI systems categorizing individuals from biometrics (such as facial recognition) according to ethnicity, gender, as well as political or sexual orientation, or other prohibited grounds of discrimination . . . .
“[T]he EDPB reiterates that the AIR should include a ban on any use of AI for an
automated recognition of human features in publicly accessible spaces – such as of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals – in any context.7 The proposed AIR currently allows for the use of real-time remote biometric identification systems in publicly accessible spaces for the purpose of law enforcement in certain cases . . . .
“The EDPB also considers that online targeted advertising should be regulated more strictly in the DSA in favour of less intrusive forms of advertising that do not require any tracking of 3 Adopted user interaction with content and urges the co-legislature to consider a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking10 while the profiling of children should overall be prohibited.”
|
|
ABOUT PRIVACY BEAT
Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker. Submit links and ideas for coverage to newsletter@itega.org.
|
|
|
|
|
|