Why Platform Changes Are A Bigger Deal Than GDPR

Allison Schiff, senior editor, AdExchanger

Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media. 

Today’s column is written by Allison Schiff, senior editor at AdExchanger. It’s part of a series of perspectives from AdExchanger’s editorial team.

The ad industry is facing a pair of interrelated existential threats: government regulation and policy changes coming from Google and Apple.

Putting aside the fact that the writing has been clearly on the wall, and largely ignored, for years, these threats have transformed from disquieting specs on the horizon (that’s not tech standards-related wordplay) into looming realities.

But it’s the moves being made by the platforms, rather than privacy regulations, that pose the larger and more immediate challenge to the digital advertising community.

When a law is passed, the sky doesn’t immediately fall, because laws need to be enforced and clarified. Regulators, which are often underfunded, understaffed and time-constrained, take on the former, and the court system handles the latter.

A regular cadence of enforcement actions and court cases helps to interpret the law as it’s put into practice, and companies also have the opportunity to argue their case.

This is a slow and necessary process.

More than two years after the General Data Protection Regulation went into effect, for example, there’s still debate about exactly what counts as explicit consent, which is not actually defined in the statute itself.

Ambiguity in the law doesn’t mean companies don’t need to prepare themselves to comply, but data protection authorities appreciate and take into consideration when businesses make a good faith effort, even if it falls short.

Not so with the platforms, which can and do flip a switch to make a change. Google and Apple can make decisions on the fly, and the millions of companies that rely on their platforms just have to roll with them.

On the positive side, technology companies can move to quickly quash bad-faith workarounds and product laggards to get with the program.

But a policy change from Google, Apple or any large platform with arguably dominant market share has the potential to rock an industry. Just look at the IDFA kerfuffle.

During its Worldwide Developers Conference in June, Apple made a blink-and-you’ll-miss-it announcement about the future of the IDFA sandwiched between all of the usual hardware and software-related razzle-dazzle you get at an Apple event. Cool, you can turn on your car with an iPhone. Apple Pencil for iPad can transform your handwriting into text. And, oh yeah, the IDFA will become opt-in with iOS 14. But hey, check out these surround-sound AirPods.

Two privacy managers at Apple spent about two minutes out of a nearly two-hour event glossing over features that have the potential to upend the $80 billion app install market.

But the platforms aren’t immune to external pressure.

There was an outcry at the tight deadline Apple gave developers to adopt its AppTransparency Framework, and so rather than pushing it through as part of the recent iOS 14 release as planned, Apple announced a delay until early next year to give developers more time to prepare.

And there you go: Apple as a privacy company can make unilateral decisions. The IDFA – and the reprieve – are both Apple’s to give.

By the same token, there’s theoretically nothing stopping Google from deciding to implement the proposals within its Privacy Sandbox without further discussion at the World Wide Web Consortium where these proposed standards are currently being debated (other than ad community mutiny and the threat of antitrust scrutiny, of course).

In early August, the Google software engineer behind TURTLEDOVE wrote on GitHub that Google would be “very willing to explore” the ideas set forth in Criteo’s SPARROW proposal, which is a response to TURTLEDOVE that suggests the creation of a trusted gatekeeper outside of the browser that would serve as a clearing house of sorts for auctions and personal data.

While it’s good news that Google seems somewhat open to discussion, it’s clear what the power dynamic is here.

As James Rosewell, CEO and co-founder of device detection company 51Degrees put it to me recently: “The king has listened to your plea and is prepared to speak with you further.”

Follow Allison Schiff (@OSchiffey) and AdExchanger (@adexchanger) on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!

1 Comment

  1. Tim Walters

    As you’re probably aware, the primary standard for consent under the GDPR is unambiguous, not explicit. Explicit consent is required for a relatively small number of instances such as “special categories” of personal data and transfer of data to third countries.