Gaps remain in industry guidelines for controversial email-based identity tech
As advertisers and publishers struggle to find ways to enable personalized ad targeting and measurement without third-party cookies, there is more interest than ever in cookie-replacing identifiers.
The Interactive Advertising Bureau’s Tech Lab has published a set of best practices for these hyped technologies, but as the digital ad industry faces increased scrutiny of its data use and privacy practices from government and everyday people, some say the proposed guidance from its biggest trade group could have gone further in advising companies on how to gain people’s consent while complying with privacy regulations. A spokesperson for the IAB Tech Lab declined to comment on the record regarding the criticisms.
The IAB’s Best Practices for User-Enabled Identity Tokens address the use of identifiers, many of which work by transforming identifiable data like email addresses into encrypted ID signals to replace cookie tracking. The proposed guidelines, now open for public comment through May 7, are meant to reduce privacy threats as these technologies are distributed across the digital media supply chain.
“These are working documents and early concepts, and several large pieces of the puzzle are still missing — including the crucial piece of consumer reactions and how willing we will be to provide consent,” said Georgie Haig, product lead of identity at programmatic marketing agency MiQ.
When presenting the proposal on March 9 — part of a package of technical standards for privacy, accountability and taxonomy for contextual advertising — IAB Tech Lab CEO Dennis Buchheim said, “We need to create and present options to consumers for privacy and personalization.”
The identity token best practices state that first parties — typically website publishers — that gather email addresses and other personal information to build identifiers must provide people with “transparency and control subject to the relevant legal requirements in the applicable jurisdiction.”
However, they do not provide guidance for how that transparency and control should be made accessible to site visitors beyond stating that the controls “need to conform to the requisite consumer transparency and control features defined by local law and policy interpretation.” That lack of guidance risks creating a situation in which compliance measures vary, with some companies taking such lax approaches that consumer advocates criticize the advertising industry for an overall lack of compliance and government regulators decide to impose stricter requirements.
Rather than forcing the industry in a specific direction, said Mathieu Roche, CEO of identity tech firm ID5, as an industry body, “[the IAB’s] job is say this is the minimum threshold we should hit.” He added, “Transparency and consent haven’t been front of mind for the industry for the last 10 or 15 years.”
The legal landscape around privacy and data is becoming more restrictive as new state laws come on the books in California, Virginia and elsewhere in the U.S. Both California’s updated privacy law and new legislation passed in Virginia give people the right to opt-out of the sharing of their personal information for the purpose of cross-context behavioral advertising.
And as pressure for comprehensive federal privacy legislation mounts — even from the IAB itself — signs indicate that today’s identity tech approaches may not pass muster with regulators. Already these email-based identifiers got the cold shoulder from IAB member Google, which noted in a March 3 blog post that identifiers using PII graphs based on people’s email addresses won’t meet rising consumer privacy expectations or regulatory restrictions.
When companies do address user consent, many identity tech providers and publishers that use these technologies consider the fact that someone has provided an email address in exchange for content to be a form of consent for using that email to create an identifier to track them. And publishers’ privacy policies rarely mention by name the companies, such as identity tech providers like ID5, The Trade Desk or others, with which publishers share people’s information.
Industry needs consumer engagement framework
Today’s approaches to consent for use of emails or other login information to enable identification of users is a “slippery [slope],” said one digital agency executive who spoke on the condition of anonymity with Digiday. “If I have a consent banner on NYTimes[.com] to set a first-party cookie, what they choose to do with it and how to integrate it is up to them,” said this person.
“We look at this as establishing the baseline,” said Travis Clinger, svp and head of addressability and ecosystem at identity tech provider LiveRamp of the IAB Tech Lab’s identity token best practices.
LiveRamp helped draft the best practices along with nearly 300 people from ad tech firms, ad agencies, media outlets and other identity tech providers. “We also need, as an industry, a framework for how to engage with consumers,” he said. LiveRamp requires publishers to name the company in their privacy policies, which is reflected in policies from Newsweek, Salon and iHeartMedia.
Technologist Ashkan Soltani, who helped craft the California Consumer Privacy Act and served in the Division of Privacy and Identity Protection at the Federal Trade Commission, questioned the IAB’s acceptance of email-based identifiers. “IAB’s move to track users via email-derived identifiers seems incredibly tone-deaf in this regulatory climate, particularly as this tracking is even more privacy-invasive than third-party cookies.”
The IAB document does address the need for “technical safeguards that hold industry parties accountable to their preferences, and which allows the actions of 1st and 3rd parties to be reviewable and actionable by consumers.” And it points to a related Accountability Platform proposal for standards for moving user restrictions and preferences along the digital ad supply chain.
Nonetheless, Peter Day, CTO of Quantcast, which offers a consent management service for site logins for identification, said of the IAB’s proposed guidelines — “It would be great to see stronger accountability” for transparency and consent.
SXM Media’s Lizzie Widhelm on the challenges advertisers face with podcast ad buying
Lizzie Widhelm, svp of ad innovation and B2B marketing at SXM Media, discusses announcer versus host-read ads in podcasts, measurement challenges and audience targeting -- and where she sees the industry going in 2022.
TikTok taps BuzzFeed to produce the first sponsored weekly live shows on the platform
BuzzFeed and TikTok will experiment with layering branded content into Live episodes on the platform, as well as how to establish predictable viewership for livestream videos.
How 2021 taught Gallery Media to quickly adapt its TikTok playbook
Running both editorial and branded TikTok channels has given Gallery Media a clearer understanding of what audiences are willing to watch and engage with on the social media platform.
SponsoredHow advertisers are shifting mindsets to succeed amid iOS 15 and other identity challenges
On top of the impending cookie deprecation, Apple’s recent iOS 15 changes are causing concern for many advertisers by affecting pixels, IP addresses and email addresses. While these upcoming changes may be concerning for many, shifting mindsets and getting away from a binary way of thinking with solutions being 100% contextual or 100% universal IDs […]
Here’s why Outbrain is buying Video Intelligence for $55 million
Outbrain and Taboola are using M&A to prove differentiation as public companies.
‘The beginning of a trend’: Performance metrics begin creeping into different parts of publishers’ ad deals
With their measurement playbooks in flux, more advertisers are looking at whether publishers can provide measurable performance with campaigns normally focused on awareness.