This article is part of the Digiday Privacy Preview, a digital issue of stories examining what the coming changes to Chrome and iOS will do to the worlds of media and marketing. Read the rest of that coverage here.
Data privacy regulators look a lot different these days.
For starters, there’s more of them. They’re also — if you include Google’s plans for the third-party cookie and Apple’s ongoing anti-tracking restrictions — commercial enterprises, rather than government bodies.
It’s not an exact like-for-like: Platforms don’t make or change policy on how publishers collect or use data directly from their users. Google’s decision to not build alternate identifiers to track individuals relates to its own products. But Google and Apple’s dominant market positions do mean when they make changes, they cause tidal waves across the rest of the digital advertising supply chain.
And so unlike GDPR or CCPA, which involve compliance with legal, rather than just technical frameworks, the moves Google and Apple are about to make will cause immediate shockwaves the day they are implemented.
There isn’t much choice but to fall in line.
“We’re barnacles on the whale,” said Bob Regular, CEO of Infolinks. “If you measure us all relative to Google or Apple — sometimes they aren’t even aware we’re there. They may be happy to let us feed from them, but if they make a move and then we fall off, they’re indifferent.”
In the U.S. the lack of federal privacy law has left the door wide open for Google and Apple to call the shots, according to Regular. “Currently we’re moving toward states-rights-level privacy. It’s untenable — you can’t build plumbing at a state level, we need a federal version. And at the moment the first [federal attempt] is Apple and Google. They’ve taken the lead on what they say is the right solution — for right or wrong,” he said.
Traditional regulators’ methods aren’t perfect either. When regulatory change is announced businesses are left to interpret the new legal requirements and adapt their business models as they see fit. The result can be messy, confusing, and lead to numerous attempts to flout or circumvent the rules — as seen with the response to the European Union’s General Data Protection Regulation which went into effect in 2018 after a two-year grace period.
What’s more, the intent of GDPR — to give users back more control over their personal data and ensure it’s not misused by hidden players in the digital advertising ecosystem — has resulted in a horribly confusing, annoying user experience in Europe, with every website featuring their own pop-up messages requesting consent for collecting data. Privacy activists believe regulators have failed to properly enforce the law at scale. “One of the issues around regulations is the incredible lack of active and at-scale enforcement,” said Ruben Schruers, group chief product officer at media investment analysis firm Ebiquity. “Essentially so far, the regulations are all bark and no bite.”
The privacy-led changes driven by platforms Apple and Google are all bite. Plus, they are binary — not open to interpretation. Naturally, that results in people questioning whether this biting behavior is fair and the underlying reasons are honest or have a double agenda, added Schruers.
Preparing for GDPR was a legal nightmare. Publishers, agencies and ad tech vendors in particular squandered time procrastinating, spent months rewriting legal contracts to shift liability for fines to other partners in the digital ad supply chain, and argued over who was a data controller (and therefore on the hook for eye-watering fines) and who was a processor (not on the hook for fines). But in hindsight, at least there was wiggle room.
The platforms allow no wiggle room. And the changes required are all technical rather than legal. “The grace period was far longer with regulators — businesses were told by local authorities to try their best to respect GDPR and they, in turn, wouldn’t fine them for a given period of time,” said Remi Cackel, chief data officer, Teads. “But with Google, there will be a hard unplug once [third-party] cookies are pulled. Technically speaking you have no choice; it will happen overnight.”
And yet, for some, the changes are a long time coming and — for tech platforms pushing the privacy agenda — are welcome. “The spirit of GDPR and CCPA [California Consumer Privacy Act] is at the heart of what the browsers are doing,” said Amit Kotecha, global marketing director, Permutive. “The ad industry has prioritized this hyper-targeting over data ethics for a long time.”
Yet when it comes to global enforcement, even the platforms may hit roadblocks. Case in point: Apple’s anti-tracking drive is currently being challenged in China, where the state-backed trade group The China Advertising Association has reportedly begun its own ID workaround, which lets apps track users for advertising purposes even if the users haven’t opted in. China is a crucial market for Apple, so the tech player’s response will be the ultimate stress test of how seriously Apple plans to prioritize privacy over its commercial road map. Meanwhile, Google has also hit a snag with the planned rollout of Federated Learning of Cohorts (FLoC) in Europe, thanks to GDPR.
It may be that countries can’t curb the dominance of the tech platforms, but they can at least slow them down.
‘Advertising has taken a hit’: The crypto crisis has created an advertising vacuum
Don’t expect to see many crypto ads for a minute. The companies behind them are trimming down costs wherever they can, and that includes advertising.
‘Makes us more nimble’: Why DTC shaving brand Harry’s has bolstered in-house capabilities, is focused on organic social content
Harry’s, founded in 2012, has had an in-house creative team since its inception.
‘My title was non-negotiable’: A Q&A with Cathy Hackl, chief metaverse officer at Journey
Hackl's most convincing qualification for the role might be her bona fide connection to metaverse users: she’s the mother of three metaverse-native kids, including a 10-year-old who runs his own Roblox business.
SponsoredWhy the caliber of content is paramount for advertisers
Agata Brodniewska, brand safety manager, Dailymotion Content is king when attracting consumers but is equally essential when courting advertisers. While both stakeholders want many of the same things, they most notably want relevant content they can count on to deliver an accurate and honest message without confusion or misinformation. This is especially important for advertisers […]
‘If we can pave the way’: How OKCupid is using its app and its ads to fight for abortion rights
The online dating platform yesterday sent in-app notifications to all U.S. users encouraging them to donate to Planned Parenthood.
Retail brands rush to cover abortion care, but not all of their workers may be covered
What’s not immediately clear from some of these post Roe announcements is how many employees will be covered by these new policies.