Ad tech is in denial about Apple’s new app privacy rule

A quick recap: Apple last month announced two important privacy changes that will come into effect when iOS 14 is released, which is expected in September.  Later this year, developers are required to include information about how their apps collect data in their product page. Crucially, those developers will also need to ask for permission from users to track them across third-party websites and other apps.

The moves affect pretty much anybody that makes money from mobile app advertising: publishers, demand-side platforms, supply-side platforms, and, perhaps most acutely, mobile measurement firms. 

A reasonable assumption is that most users will probably click “ask app not to track” when the permission pop-up lands on their phones. Low opt-in rates give everyone less data to play with — from the performance ad networks who want to prove they drove an app download, to publishers who want to charge advertisers a premium for their audience. Apple’s counter to this is its SKAdNetwork, an imperfect application programming interface it launched two years ago, that developers can use to get basic data about their in-app ad campaign performance. 

The effect of these changes is a massive disintermediation of the $70 billion-plus mobile advertising market. So, as has become customary whenever a seismic change lands on the scene that threatens to upend ad tech’s current way of working, some industry players quickly revved up their FUD (fear, uncertainty and doubt) response strategies. 

• “Consumers will opt in if we successfully communicate the value exchange!” Perhaps. But there’s not a lot of room to explain that tracking supports the creation of quality bubble-shooting games in the 1.5 lines of space Apple provides in the permission pop-up.
• “Look how many people opted into sharing their location in iOS13!” Yes, but they were using a map app where location is 100% necessary for the app to operate. Tracking in a news app? Not so much.
• “Look how high GDPR opt-in rates are!” Sure, but have you seen the state of some of the cookie walls out there? (Also, the European data protection authorities are under-resourced and enforcement — particularly of the ad tech industry — has taken longer than a lot of industry observers expected.)

One high-profile example of the fog machine in action: 16 advertising and publishing trade associations co-signed a letter to Apple CEO Tim Cook in which they asserted that the IDFA pop-up doesn’t comply with GDPR. The trade groups said the pop-up isn’t (at this stage at least) “widely customizable by the app developer and is not interoperable with digital advertising market standards, such as the IAB Europe’s Transparency and Consent Framework.”

You’d have thought Apple would have had the legal resources to check this over beforehand.

“That Apple made the decision to create a uniform user experience on ‘consent’ does not appear to be a violation: The GDPR protects the rights to natural persons, not companies or developers,” said Wayne Matus, co-founder and general counsel at SafeGuard Privacy. “DPAs are looking for major players like Apple, Facebook and Google to enforce compliance across their systems. Accordingly, I cannot see a complaint against Apple for providing a standardized consent pop-up being effective.”

As for the interoperability issue, Matus said the argument was more of a business or technical issue than a legal one. Indeed, it’s the job of a trade association to reassure and seek to protect their members. The letter also argues that: “Apple advertising services such as Apple Search Ads on the App Store will strengthen their competitive advantage” as a result of the changes.

So what’s the ad tech industry to do? I’ve heard a suggestion that developers could potentially offer a better experience to users who opt in to tracking and a lesser experience for those who opt out. That, too, seems incompatible with data-privacy laws and a tactic you’d imagine Apple wouldn’t take kindly to: It’s making these changes to improve the app experience, not erode it. 

Ad tech companies are also busily looking at workarounds (though don’t dare call them a “workaround” aloud.) If you remember the cat and mouse game between Criteo and Apple over Intelligent Tracking Prevention on Safari, this too seems like an option fraught with risk. 

“Any solution that is misaligned with Apple’s ideology will not be a solution,” said Ratko Vidakovic, founder of ad tech consultancy AdProfs. “A durable solution has to align with Apple’s values. Figuring out clever workarounds to continue granular user-level tracking — even if anonymous — seem contrary to Apple’s intentions.”

Workarounds are essentially ad tech 101: solutions for problems created by bigger players. But perhaps they were ad tech 101 for ad tech 1.0. With revenue diversification top of mind for most publishers and a much more enhanced focus on privacy and safety — helped along by new regulation and big platform changes — any advertising solution in this new era can’t afford to relegate the actual user to an afterthought.

“The question is: Do we want to embark yet again on a story of who’s going to get smarter at working around each other’s constraints or set of policies, or do we want to define what is the playing field we want to operate in, in line with users’ needs?,” said Charles-Henri Henault, vp of product for Criteo’s ads platform.

But even if there is an ad tech epiphany, there remains a lingering question: Will Apple even want to listen at all?