‘There are significant grey areas’: The biggest unanswered questions around Apple’s upcoming privacy update
Apple last month announced two important privacy changes that have rattled the mobile advertising industry.
Later this year, developers will be required to include information in a so-called “nutrition label” about how their apps collect data on their app description page. Those developers are also required to ask permission from users to track them across third-party websites and other apps, using its identifier for advertisers, known as the IDFA. Experts expect opt-in rates to be low, hampering audience targeting and measurement.
The changes will come into effect when iOS 14 is released, which is expected in mid-September. Yet there are still many questions left unanswered about how the IDFA changes will work in practice.
“There are significant grey areas that are open to interpretation and require clarification from Apple,” said Matt Barash, svp of strategy and business development at mobile advertising company AdColony.
Below are six questions that remain unclear for advertisers. Apple declined to comment on the record.
How is Apple going to police and enforce these rules if developers or ad tech vendors attempt to circumvent them?
It’s not yet entirely clear how Apple will detect and clamp down on companies attempting to create workarounds once iOS 14 comes into play.
Eric Seufert, strategy consultant at Heracles Media, said Apple “floated a test balloon” last year when it announced kids apps should no longer use third-party advertising and analytics software — apart from in some limited cases, so long as personally identifiable information (including the IDFA) wasn’t sent to third-parties. The rules came into force earlier this year.
Apple started “carte blanche” rejection app updates for those developers found in violation, Seufert said.
How far can contextual targeting go?
Some mobile ad tech companies have posited that the IDFA changes could mark a shift from audience targeting based on user data to more contextual targeting.
“This is not like the type of contextual targeting people think about from desktop in 2014,” said Offer Yehudai, president of app monetization platform Fyber. Rather it’s about, “what can we tell in a privacy aware manner about the [app session] in real-time to then pass information for the [demand-side platform] to use.”
Examples include how long the user has been using the app, whether the device has enough battery to download an app and whether the audio is on or off, Yehudai said.
Yet it’s unclear whether any contextual parameters will be allowed in the bid stream — even if they don’t present any immediate details about the specific user.
Contextual information could still be considered as having the potential for device “fingerprinting,” which is unlikely to pass muster with Apple. The company cracked down on browser fingerprinting in Safari in 2018.
Will the SKAdnetwork be expanded over time?
Apple’s proprietary SKAdnetwork is a basic application programming interface that let’s an ad network know whether their ad campaigns lead to an app install or other limited “postback” events after the app was installed. The reports are aggregated and not delivered in real-time.
Paul H. Müller, CTO and co-founder of mobile measurement company Adjust, describes the SKAdnetwork as “complete garbage.”
“It focuses on metrics not worth anything to people — like downloads — and does not offer granularity even remotely to run campaigns,” said Müller. The data “campaign ID” is also limited to 100 values, which doesn’t account for optimization: A typical campaign tends to run thousands of different creatives, Müller added, tailored for different geolocations and A/B testing, for example.
Some industry experts aren’t convinced there’ll be much of a SKAdnetwork 2.0.
“Put down your ambitions for precise attribution,” said Kevin Joyner, director of planning and insight at digital marketing agency Croud. “It’s time to move on, it’s not going to get any better. We should look in other places.”
What’s an ‘ad network’ anyway?
Ad network has become a much-maligned term in the ad tech industry, so there’s a whiff of irony that access to the SKAdnetwork is limited to ad networks, source apps and advertised apps.
Anyone working in digital advertising knows there’s usually more than three participants: A DSP, advertiser ad server, publisher ad server and supply-side platform are usually added to that list at the very least. The documentation suggests developers can only list each “ad network” with which they work.
Apple defines ad networks as entities that “that sign ads and receive install notifications when ads result in conversions,” according to its developer documentation.
“The definition oversimplifies the industry in such a way that it has the potential to create winners and losers just by ignoring the way the ecosystem works,” said Alex Cone, senior director of product management at IAB Tech Lab.
Wording on Apple’s developer site says if users opt out of tracking, developers can’t place a third-party software development kit in their app that combines their app’s user data with data from other developers’ apps to “target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes.”
Is retargeting possible?
If users decide not to share their IDFA with third-party providers, retargeting becomes an issue — and also techniques like frequency capping and controls around recency.
Per Apple’s developer site if a user opts out from tracking, developers can’t share a list of emails, advertising IDs, or other IDs with a third-party that uses that information to retarget those users in other developers’ apps.
One possible alternative could be if a user has provided login information, such as their email address, and agreed it can be used for advertising purposes. But it’s not entirely clear whether that’ll come up to scratch with Apple either if the user has opted out from sharing their IDFA and then is clearly being targeted on their phone using some form of personal identifier.
Are the changes compliant with GDPR?
On July 2, 16 advertising and publishing trade associations co-signed a letter to Apple CEO Tim Cook in which they asserted that the IDFA pop-up doesn’t comply with GDPR. The trade groups said the pop-up isn’t (at this stage at least) “widely customizable by the app developer and is not interoperable with digital advertising market standards,” such as the IAB Europe’s Transparency and Consent Framework.
A spokesperson for IAB Europe, on behalf of the signatories, said Apple hasn’t responded or acknowledged their letter.
“The silence can be perceived as a signal and an example of how Apple has unilaterally taken a decision without any respect for their partners and ecosystems,” the spokesperson said. “If we still have no answer, next week we will be looking into escalating it to local and European authorities.”
(Digiday previously reported that one privacy law expert — Wayne Matus, co-founder and general counsel at SafeGuard Privacy — found Apple’s decision to create a uniform consumer experience not to be in violation of the GDPR.)
Update: This article has been updated to clarify wording in Apple’s developer documentation, which notes that developers must state which ad networks they work with. A previous version of this article incorrectly stated that there was only one ID available to whichever ad network a developer is using.
Employee resource groups expand in scope and size to tackle measurable change
ERGs have become a growing presence inside businesses. But how empowered are these groups to effect real change in their organizations?
‘A holistic shopping platform’: Google vp Tara Walpert Levy on new holiday livestream shopping on YouTube
YouTube is now announcing a new week-long live stream holiday shopping event, kicking off November 15th in partnership with brands like Samsung, Walmart and Verizon, today at Advertising Week.
Member ExclusiveDigiday+ Research: Most brands haven’t let supply chain concerns influence their holiday promotions
As the supply chain’s problems have grown into a clear obstacle for many brands and retailers, that shift hasn’t been enough to drastically change the holiday promotion strategies for a majority of brands, according to new Digiday+ research.
SponsoredWhy boldness matters for publishers in the post-cookie future
Michael Zacharski, CEO, ENGINE Media Exchange (EMX) Fortune, it is said, favors the bold, and for digital publishers, the prospect of a cookieless advertising future should be viewed first and foremost as not only an opportunity for boldness, but as a time when boldness will be necessary. As an industry, marketers need to be bold […]
‘It really comes down to reach and frequency’: TV execs sound off at Advertising Week on audience fragmentation
With more ways to watch video, audiences are becoming fragmented. At this year's Advertising Week, television executives talk streamlining viewership data points, the future of targeting and more.
Member ExclusiveMarketing Briefing: ‘We’ve had to pivot, pause, and adjust’: How supply chain issues are causing marketers to change Q4 and holiday advertising plans
Marketers and agency execs say that the impact is already palpable. For those struggling with supply chain issues -- brought about by the bottleneck of cargo ships -- the lack of new products to promote or stock issues is making them rethink how much they are advertising now as well as retooling Black Friday Cyber Monday plans.