Google has planted another user data-privacy flag in the ground. Today, the tech giant has released a proposal for industry standards around what controls users should be given over their data for the purposes of digital advertising.
Google sets out proposals for how businesses should give users more control over their data privacy settings when it comes to serving ads. The core principles are that users should be able to see and control what data is collected on them, by whom and why, along with which businesses are responsible for delivering an ad and how it became individually tailored to them.
Google also proposes that users should be able to access this information at multiple points such as the browser, website settings or individual ads themselves. Google says users should be able to view an ad’s metadata directly from the ad so they can see who paid for the ad, who served it, and what data was used to determine the ad’s relevance for instance. People should also be able to control who has permission to access that information, and Google has suggested a “centralized registry” or data preferences center for this to be managed.
Google has submitted the proposal in order to gather industry feedback from publishers, advertisers and ad tech vendors, according to Chetna Bindra, senior product manager of user trust and privacy at Google.
The announcement comes a day after Google confirmed its intention to integrate with another industry attempt to standardize how media and advertising businesses can meet the requirements of the General Data Protection Regulation, led by the Internet Advertising Bureau Europe and IAB Tech Lab. Both Google’s proposal and the IAB-led Transparency and Consent framework are focused on establishing clearer ways for consumers to understand and control how their data is used for advertising purposes.
On the surface, the two initiatives look pretty similar. However, Google has stressed that its own proposals are intended to complement existing privacy frameworks.
“We engage with DPCs [data protection commissions] too and will continue to engage with them,” said Bindra. “Our intent is not to duplicate what they do, but we are reaching out to key industry groups in order to drive the conversation toward a set of standards which give consumers a consistent experience and where they believe their privacy is respected.”
It’s not just consumers Google is under pressure to keep happy when it comes to data use, but also data protection authorities. Google, along with other platforms like Facebook and ad tech vendors facilitating programmatic ad transactions, are under serious scrutiny for their handling of user data. Last year French DPA CNIL fined Google €50 million ($57 million) for violating GDPR, while the Irish DPA is currently investigating the platform following complaints from privacy activists.
In May, Google updated its Chrome privacy settings to give users the choice over whether they can block cookies or not from tracking them — much to the relief of the rest of the ad industry, which had almost got whipped into a frenzy over rumors that Google was planning similar default cookie-blocking to Apple’s Safari. Google, being more reliant on ad revenue than Apple, has been far more cautious about its own approach, and is centering its privacy message around consumer choice and transparency. But it has altered its Chrome product to incorporate more consumer settings, and killed formerly popular agency products like DoubleClick IDs on the grounds of data privacy regulation.
Meanwhile, Google also published several blog posts today that criticize how other browsers, aka Apple’s Safari and Firefox, have taken too blunt an approach to consumer privacy by blocking cookies from being used for tracking. In doing so, they have not only hurt publisher revenues but also encouraged the proliferation of opaque methods of tracking users for advertising purposes without the users’ knowledge, such as device fingerprinting.
Google made its disliking of fingerprinting as a method increasingly used by advertisers to sidestep challenges posed by other browsers blocking cookies, well known back in May as its I/O. Today it reiterated that stance and added that the technique — where information, like a user’s device and browser settings, is used to identify and track them — isn’t transparent enough to users and should be placed more in their control.
Several references are made to the blunt cookie-blocking positions of “other browsers,” as counter-productive measures that have prompted a wider uptake of anti-user-privacy friendly techniques like fingerprinting specifically. In a blog post on Wednesday, Justin Schuh, director of Chrome Engineering, said it plans to “aggressively block” fingerprinting.
That said, the platform won’t necessarily block third-party fingerprinting providers from integrating with its platform or products, according to Bindra. Speaking to Digiday, she said, “Our focus is less about a single company [Google] taking unilateral action but more about working together with other companies to see how these technologies should be developed.”
Google has also launched a call-out to web developers to start submitting ideas on what kind of technologies can tick the ads’ personalization box while also protecting user privacy — a project it’s calling Privacy Sandbox.