IAB Tech Lab – a reluctant peacekeeper in the privacy wars

This story is part of Digiday’s Masters of Uncertainty series, a look at people and companies at the center of media’s defining storylines. Find the rest here.

As 2022 gets underway, the IAB Tech Lab is steering the digital advertising industry through some choppy waters.

The non-profit consortium, first founded in 2014, differs from its geography-based licensees of the IAB brand, not just because of its global remit but because of its mandate to establish consensus and usher in tech standards that can aid the rise of digital advertising.

And its two biggest challenges today — devising a technical workaround for the decline of third-party cookies and gauging consumer consent for behavioral tracking — are thornier than any it’s faced before. On a good day, ad tech is a multi-tiered ecosystem of competing interests. But Google’s decision to withdraw support for third-party cookies in its Chrome browser in 2023 placed many ad tech companies’ business models in jeopardy, making IAB Tech Lab’s path to achieving consensus on either front a political minefield.

The dominance of Big Tech

The trade org describes itself as the “big tent” where all tiers of the online advertising ecosystem gather to establish rules of engagement; it expanded its membership still further in December, allowing agencies to join its board for the first time.

Its working model has yielded some accomplishments, including the establishment of the real-time bidding protocol, plus agreeing on standards over whether ads served were actually viewed by consumers.

But the IAB’s membership model also gives Big Tech players, primarily Google and Facebook, a place at the table (some would argue an outsized one) when it comes to formulating such standards. And in recent years smaller players among its number have grown to question whether they get their money’s worth in return for their membership dues.

Take, for instance, the protracted case of the implementation of the Transparency Consent Framework — the industry’s solution to comply with General Data Protection Regulations in the EU — which was driven by the IAB Tech Lab and its sister outfit, IAB Europe.

Google, easily the biggest player in the digital advertising ecosystem, stalled in signing up to TCF long after GDPR came into law in 2018. It took two years for the online advertising behemoth to implement TCF 2.0 — the original version of the framework was understood to have overloaded publishers with legal liability under GDPR — a two-year window that saw Google’s advertising business prosper while others faltered. 

TCF 2.0 in question 

Today, many publishers are still convinced that TCF 2.0 favors ad tech, Google included, as they are tasked with gaining consumers’ consent for tracking their behaviors online, before handing it over to intermediaries. These concerns seem justified, especially as the consent standard has recently come under the microscope from legal authorities in the EU.

In November 2021, the IAB Europe issued a warning to members that the Belgian Data Protection Authority was in the process of consulting sister EU agencies on a ruling that interprets the current TCF framework as infringing GDPR. If ratified, the ruling would find the IAB Europe in violation of GDPR. The trade body denies this assertion, but if it were ratified, the IAB would need to create a third iteration of the consent standard, if not the outright discarding of TCF 2.0.

The high stakes surrounding the legal wranglings of TCF mean few are willing to go on record when discussing its compliance with GDPR. Although one source familiar with the wranglings told Digiday IAB Tech Lab is in lockstep with its European sister body. “I support due process, and it’s a good thing [for legal authorities to examine TCF 2.0],” said the source. “But it’s the ultimate catch-22 … the industry took a big step forward to provide a framework to support privacy and consent across Europe but now they’re saying it’s in violation.”

Sources expect an eventual ruling from EU DPAs in early 2022 with all IAB entities keen to underline their commitment to comply with GDPR rulings. 

TCF is not the only tech standard helmed by the IAB Tech Lab to come under legal scrutiny in the realms of GDPR. In June 2021, the Irish Council for Civil Liberties named IAB Tech Lab, along with household tech names including Google, as co-defendants in a case in Germany, alleging that its RTB protocol is also in contravention of GDPR. The ICCL’s case is an ongoing concern, but with recent studies presented to Digiday suggesting that ad tech companies are placing trackers on internet users’ machines prior to gaining their consent, the jeopardy the industry faces is clear. 

The long goodbye 

However, the slow crumbling of the third-party cookie and the search for a viable alternative for a replacement ad targeting tool is where the IAB Tech Lab has (arguably) concentrated the lion’s share of its labors in recent years.

Just this week, IAB Tech Lab CEO Anthony Katsur laid out what he described as a “three-bucket framework” the IAB Tech Lab is using as it attempts to address the conundrum. 

The first seeks to reconcile “unlinked first-party audiences” using approaches such as private marketplaces or contextual ad placement techniques. Second, it addresses ad targeting techniques cultivated by a browser or OS provider with its SKADNetwork list, or through channeling members’ feedback into initiatives such as Google’s Privacy Sandbox. The trade org is also working on a standardized interface to help advertisers and publishers harmonize the industry’s various ID solutions in order to connect audiences.

United front? 

As the countdown to 2023 continues, IAB Tech Lab is now charged with championing the interests of independent ad tech players at a time when Unified ID 2.0 has emerged as the most high-profile alternative to the third-party cookie.

First pioneered by The Trade Desk, an independent ad tech company that has managed to corral the support of (most) of the industry’s major holding groups, Unified ID 2.0 proposes email-based identifiers as an alternative to the third-party cookie. Although, not all are in agreement as some deem the solution as potentially hazardous for publishers – similar to the initial version of TCF.

The Trade Desk has since proffered a number of olive branches, namely by handing off control of UID 2.0 to independent parties to act as an “administrator” to the new standard. The IAB Tech Lab, and PreBid.org have both been proposed as potential administrators of UID 2.0. However, the two trade organizations have, thus far, refused the mantle deeming the role of “ad tech police” as brief beyond their respective charters – they maintain the facilitation of tech standards is their primary remit. 

Although, there is potential for a breakthrough. Commenting about the ongoing negotiations, a source within IAB Tech Lab told Digiday, “It’s been a learning process for The Trade Desk and [IAB] Tech Lab and there’s a desire to get business done, but right now everyone is assessing risk.”

So while uncertainty envelopes the ad tech sector, the IAB Tech Lab appears to be a reluctant peacekeeper amid the privacy wars.  


More in Media

Publishers’ Privacy Sandbox pauses settle into a deep freeze following reports of poor performance

Publishers aren’t ready to press play yet on dedicated Privacy Sandbox tests.

AI Briefing: Senators propose new regulations for privacy, transparency and copyright protections

A new bill called the COPIED Act aims to pass new transparency standards to protect IP and guard against AI-generated misinformation.