Member Exclusive

‘Stricter than the ad tech industry expected’: Apple clarifies its upcoming privacy changes will leave little wriggle room

It’s been a little under four months since Apple threw the mobile advertising companies and publishers into a spin by announcing new privacy changes that will require app developers to ask users for permission before using their data to track them across third-party websites and apps.

Much of the flustering centered around the wildly differing industry interpretations about exactly which parts of the ad tech sausage factory the tightened rules would apply to. As I wrote back in July, ad tech experts noted there were “significant gray areas” within the documentation Apple had released at the time.

A few weeks ago (September 25, according to the Wayback machine), Apple quietly added a “frequently asked questions” section to the “user privacy and data use” page on its developer site. Seemingly, this section was published to clear up the confusion, though it launched with so little fanfare that many ad tech experts I spoke to only stumbled across the update last week — including those whose business models are inextricably tied to the way Apple’s identifier for advertisers (IDFA) currently works.

Apple did not respond to requests for comment.

The FAQs “clarified some points there that [mobile measurement partners] and [demand-side platforms] were enjoying the ambiguity of,” said Eric Seufert, strategy consultant at Heracles Media and owner of the Mobile Dev Memo blog.

According to ad tech executives I’ve been speaking to over the past week, three clarifications of the eight FAQs really stick out:

  • Developers cannot use an identifier other than the IDFA such as a hashed email address or hashed phone number — if they have not received permission from the user via the tracking permission prompt.
  • App developers using single sign-ons offered by third-parties (such as the Facebook login or another unified identity service) must still ask permission from the user if that functionality will be used for tracking. Developers are also responsible for asking permission for tracking of its users carried out by SDK (software development kits) inserted into their apps.
  • Developers can’t gate functionality to allow for tracking, or otherwise incentivize users to consent to tracking by offering them a fuller experience in the app

“This clarifying FAQ is much stricter than the ad-tech industry expected and [I] think efforts will shift to boosting the opt-in rate, and developing contextual targeting” now that fingerprinting and single sign-ons are no longer options for tracking Apple users, said Rocco Strauss, internet equity research analyst at Arete Research via email.

Some ad tech insiders feel Apple’s hardline stance — particularly around collecting permission for the use of other forms of identification beyond the IDFA — is a step too far.

“It’s fine for Apple to control their own handset identifier and make it very clear to the user — it was wrong how it was used before because it was so hidden — but I don’t think they have the right to control other identifiers that the user wants to acknowledge,” said Nicholas Halstead, CEO of data platform InfoSum. “Apple having a controlling function around that seems an overreach.”

Apple is taking such an “extreme position,” according to Mathieu Roche, CEO of identity platform ID5, that it could even create more incentives for companies to attempt workarounds.

The forthcoming changes are a “very clear abuse of position from Apple in the sense that they are preventing publishers [from entering] into a relationship with their users under their own terms,” said Roche. “No matter if you have subscribers, a relationship with the user where you get an email address, it doesn’t matter. You still have to go through Apple’s default process … they have made it so clear that it’s almost provocative.”

Even without IDFA permission, publishers will still be able to serve personalized ads within their own apps using Apple’s IDFV — identifier for vendors — so long as they are not sharing data with third-parties, said Arete’s Strauss. The IDFVs can also be used by publishers for frequency capping, ad suppression and so on, but only within the apps they own, unless they have gained consent for cross-app tracking.

The latest clarifications once again emphasize that contextual targeting is likely to play a larger role in marketers’ mobile app advertising strategies. But the path to contextual could be a bumpy one, at least in the short term.

“It’s going to disrupt an ecosystem that has gotten so used to the uber-measurability of everything,” said Aaron McKee, chief technology officer at location-focused ad tech company Blis. 

Apple’s measurement solution, SKAdnetwork, is “so much less surgical” than what certain marketers, hyper focused on optimization, are used to,” said McKee.

“It will be a while before the industry recalibrates to that,” he added.

It’s not certain when Apple’s new app transparency changes will be enforced — Apple has merely said “early 2021.” It was initially expected in September this year, when Apple introduced the iOS 14 operating system, but the rollout was delayed in order to give developers and advertisers more time to prepare.

In the meantime, companies in the space are still holding out for further clarification and dialog from Apple.

“There’s still Swiss cheese here,” said Alon Golan, vice president of product management at mobile monetization platform Fyber. “Every legal team, including ours, still thinks there are too many things here that are vague.”

https://digiday.com/?p=380952
Digiday Top Stories