Platforms, not regulators, are driving data privacy enforcement
This article is part of the Digiday Privacy Preview, a digital issue of stories examining what the coming changes to Chrome and iOS will do to the worlds of media and marketing. Read the rest of that coverage here.
Data privacy regulators look a lot different these days.
For starters, there’s more of them. They’re also — if you include Google’s plans for the third-party cookie and Apple’s ongoing anti-tracking restrictions — commercial enterprises, rather than government bodies.
It’s not an exact like-for-like: Platforms don’t make or change policy on how publishers collect or use data directly from their users. Google’s decision to not build alternate identifiers to track individuals relates to its own products. But Google and Apple’s dominant market positions do mean when they make changes, they cause tidal waves across the rest of the digital advertising supply chain.
And so unlike GDPR or CCPA, which involve compliance with legal, rather than just technical frameworks, the moves Google and Apple are about to make will cause immediate shockwaves the day they are implemented.
There isn’t much choice but to fall in line.
“We’re barnacles on the whale,” said Bob Regular, CEO of Infolinks. “If you measure us all relative to Google or Apple — sometimes they aren’t even aware we’re there. They may be happy to let us feed from them, but if they make a move and then we fall off, they’re indifferent.”
In the U.S. the lack of federal privacy law has left the door wide open for Google and Apple to call the shots, according to Regular. “Currently we’re moving toward states-rights-level privacy. It’s untenable — you can’t build plumbing at a state level, we need a federal version. And at the moment the first [federal attempt] is Apple and Google. They’ve taken the lead on what they say is the right solution — for right or wrong,” he said.
Traditional regulators’ methods aren’t perfect either. When regulatory change is announced businesses are left to interpret the new legal requirements and adapt their business models as they see fit. The result can be messy, confusing, and lead to numerous attempts to flout or circumvent the rules — as seen with the response to the European Union’s General Data Protection Regulation which went into effect in 2018 after a two-year grace period.
What’s more, the intent of GDPR — to give users back more control over their personal data and ensure it’s not misused by hidden players in the digital advertising ecosystem — has resulted in a horribly confusing, annoying user experience in Europe, with every website featuring their own pop-up messages requesting consent for collecting data. Privacy activists believe regulators have failed to properly enforce the law at scale. “One of the issues around regulations is the incredible lack of active and at-scale enforcement,” said Ruben Schruers, group chief product officer at media investment analysis firm Ebiquity. “Essentially so far, the regulations are all bark and no bite.”
The privacy-led changes driven by platforms Apple and Google are all bite. Plus, they are binary — not open to interpretation. Naturally, that results in people questioning whether this biting behavior is fair and the underlying reasons are honest or have a double agenda, added Schruers.
Preparing for GDPR was a legal nightmare. Publishers, agencies and ad tech vendors in particular squandered time procrastinating, spent months rewriting legal contracts to shift liability for fines to other partners in the digital ad supply chain, and argued over who was a data controller (and therefore on the hook for eye-watering fines) and who was a processor (not on the hook for fines). But in hindsight, at least there was wiggle room.
The platforms allow no wiggle room. And the changes required are all technical rather than legal. “The grace period was far longer with regulators — businesses were told by local authorities to try their best to respect GDPR and they, in turn, wouldn’t fine them for a given period of time,” said Remi Cackel, chief data officer, Teads. “But with Google, there will be a hard unplug once [third-party] cookies are pulled. Technically speaking you have no choice; it will happen overnight.”
And yet, for some, the changes are a long time coming and — for tech platforms pushing the privacy agenda — are welcome. “The spirit of GDPR and CCPA [California Consumer Privacy Act] is at the heart of what the browsers are doing,” said Amit Kotecha, global marketing director, Permutive. “The ad industry has prioritized this hyper-targeting over data ethics for a long time.”
Yet when it comes to global enforcement, even the platforms may hit roadblocks. Case in point: Apple’s anti-tracking drive is currently being challenged in China, where the state-backed trade group The China Advertising Association has reportedly begun its own ID workaround, which lets apps track users for advertising purposes even if the users haven’t opted in. China is a crucial market for Apple, so the tech player’s response will be the ultimate stress test of how seriously Apple plans to prioritize privacy over its commercial road map. Meanwhile, Google has also hit a snag with the planned rollout of Federated Learning of Cohorts (FLoC) in Europe, thanks to GDPR.
It may be that countries can’t curb the dominance of the tech platforms, but they can at least slow them down.
How (and why) agencies are adapting to stay relevant in the metaverse
To get more comfortable in this new environment, some agencies are getting involved in experimental projects to stake their claim to the metaverse.
‘Reach a totally different audience’: With Sundance virtual once again, marketers pivot to online experiences
Until earlier this month, this year’s Sundance was meant to be a hybrid festival with attendees returning to Park City to participate in-person as well as virtual elements for attendees to tune-in online.
Pepsi launches app and short ‘trailer’ to hype Super Bowl halftime show
The soft-drink giant will promote its Super Bowl Halftime show with a newly launched app and a short film directed by F. Gary Gray.
SponsoredHow the relationship between live events and mobile devices is evolving in 2022
Sponsored by AdColony The pandemic has accelerated changes in the way people consume content — and live events are part of that transformation. For advertisers, the questions are the kind on which campaign success depends: In what ways (and numbers) have people returned to watching sports, e-sports and events such as the Grammys? Are they […]
‘The business is at a level of scale now’: The Brandtech Group CEO David Jones on building a business for the ‘post-advertising’ world
Not only is the holding group past the hype cycle peak these businesses usually encounter, it’s skipped right over the trough of disillusionment that tends to follow and is straight into growth mode.
In Graphic Detail: The great gaming consolidation
Gaming is in the midst of an M&A arms race. The protracted pandemic has made sure of that.