The “best laid plans of mice and men often go awry” is as typical for regulators as the oft-quoted extract is true.
Nowhere is this more apt right now than when it comes to curbing the unintended consequences of a data industry that’s powered by ad dollars, mired in complexity and underscored by nondisclosure agreements.
Take a recent instance in the U.S. in which the Federal Trade Commission sued ad tech vendor Kochava for allegedly selling location data that could track movements to domestic violence centers, reproductive health clinics and other sensitive places.
Intentions don’t always turn into realities. If they did, Kochava would have settled with the FTC. Instead, the ad tech firm has refused to settle over terms CEO Charles Manning said are “ambiguous.”
The sense of deja vu is palpable for anyone who follows these things closely.
At the start of the year, it seemed like the future of the Transparency Consent Framework (TCF) — the IAB Europe-led, industry-wide attempt to standardize compliance with the General Data Protection Regulation — was grim. Data protection watchdogs said it was illegal in its current form. Obituaries for its imminent demise swiftly followed. Several months on and those claims look increasingly premature. That’s because a few weeks ago (early September) it became clear that the TCF’s fate would be decided by the European Union’s high court.
Or rather, Europe’s top court would give its verdict on whether data was unlawfully collected through TCF and if the IAB Europe is financially liable for any GDPR claim brought against the ad tech ecosystem as a result. It’s crucial given the appeals court will not deliberate on the future of TCF until these questions are answered. That decision won’t arrive for at least another year.
So much for assertive enforcement.
The problem with attempts to bring order to online advertising’s data industrial complex is how loosely written the rules are. There’s enough opacity in these regulations, whether its GDPR or the California Consumer Privacy Act, to give companies some wriggle room to argue that no offenses were committed. And that’s exactly what has happened.
Companies (by and large) followed the law, but not always the spirit of it. Call it an inconvenient truth. When regulatory change is announced businesses are left to interpret the new legal requirements and adapt their business models as they see fit. The result can be messy, confusing, and lead to numerous attempts to flout or circumvent the rules.
Of course, data privacy regulators were going to want to put down a marker.
That’s not actually the issue for Kochava’s CEO. Manning understands reform is painful but necessary when it comes to data privacy. It’s the way the FTC has gone about pursuing those reforms that ruffled the ad tech exec.
“We’re seeking specificity and the FTC isn’t prepared to provide it,” said Manning.
For Kochava, the devil is in the details: The FTC wanted to Kochava to block sensitive location data but didn’t specify what that meant, said Manning. Had that specificity on locations been provided, Manning said he and his team would have been able to incorporate it (if it wasn’t already) into a product called Privacy Block they had built to do just that. Instead, that clarity never came, continued Manning.
“They [the FTC] said ‘no, that’s not how this is going to work’, and said they’d name out ‘sensitive health locations,’” continued Manning. “It left us with a question of how we get that specificity in a marketplace of data where what could be sensitive for one, may not be sensitive for another.”
Good luck trying to predict how this shakes out.
Neither the FTC nor Kochava seem prepared to walk back their widely reported stances on the matter. So there’s every chance this gets decided in the courts. And even then it could go either way. Yes, there’s a precedent. Indeed, the FTC has cracked down on the potential use of sensitive data in ways that people may not be clearly aware of or expect. Then again, Kochava hasn’t actually been found to have used data on ‘sensitive health location’ this way, said Manning. And even if it had that wouldn’t be illegal.
There are currently no federal laws that oversee the data broker industry — a point that was brought into sharp focus last month when the FTC had the opening comments for its rules making process after it filed the lawsuit against Kochava.
Or to put it another way, enforcement from the FTC came before it actually had regulation to enforce. No surprise there. In a post-Dobbs world, the regulator is acting with more urgency.
If this proves to be a flashpoint for data privacy then history indeed rhymed with the uncertainty over the TCF in Europe. But unlike the tet-a-tet between Kochava and the FTC, TCF’s moment of reckoning was hardly unexpected. If anything, it was a surprise that regulators hadn’t moved on it sooner. Remember, TCF relies heavily on good actors and the industry’s desire to be compliant. Spoiler: not everyone is. Data brokers are still trading personal data, and the online ad industry is riddled with potential abuses.
“The TCF isn’t a soup to nuts, GDPR-compliant solution in so far as there are a lot of other things you’re going to need to do to comply with the law,” said the IAB Europe’s CEO Townsend Feehan. “What the Belgium APD [regulators] want is for the TCF standard to take on more compliant functionality, which we will undoubtedly do sooner or later. That said, the responsibility for data processing for advertising has to lay with the companies that process data.”
A transformation of this kind would saddle IAB Europe with significant new costs since it requires the development and ongoing operation of a technical accountability infrastructure. That could be a very tall order, if not impossible, given how the OpenRTB ecosystem functions today — a thought not lost on the IAB Europe.
Wherever these lines in the sand are ultimately drawn could have major implications. They could either cement privacy watchdogs’ authority to regulate the space or severely hamper it.
How Yeti is marketing like a DTC brand on social media and in the outdoors
Known for being a brand of indestructible coolers, cups and increasingly lifestyle apparel, Yeti has been evolving from a wholesale company to one that markets more like a direct-to-consumer company as it experiments on platforms like TikTok, Pinterest and its own media properties.
How Zola is boosting its OOH spending in New York for ‘engagement season’
OOH ads for the startup, best known for offering wedding registries, will not only be in the Rockefeller Center subway station (where they are hoping to capture the attention of couples going to visit the Christmas tree) but also with subway digital ads, billboards near Bryant Park as well as downtown in Soho and with wild postings throughout the city.
Inside the tensions countering advertisers’ latest quest for programmatic transparency
Brands such as P&G and Unilever have cooled on auditors' proposals in a study led by the ANA.
SponsoredHow premium programmatic video is evolving
Leo O’Connor, senior vice president, advertising, Paramount Change in the advertising and media industry often feels slow and chaotic — but when viewed with perspective, change happens relatively fast and follows a logical path. This is certainly the case with programmatic advertising and the rise of streaming. Audiences want the freedom to watch content however […]
Acxiom’s CEO on why everything’s an ad network now, and what that means
Chad Engelgau talks about how Acxiom will harness retail media networks and the metaverse -- as well as the need for marketers to connect internal data to be more effective.
Florist brand uses video to connect with families during the holiday season
FTD LLC, also known as Florists' Transworld Delivery, is looking to stand out during the holiday season through connected TV with the goal to drive brand recognition and incremental traffic.