Home Privacy Longer Privacy Policies Are Better – And Other Surprising Takeaways From The FTC’s PrivacyCon
Privacy

Longer Privacy Policies Are Better – And Other Surprising Takeaways From The FTC’s PrivacyCon

By

SHARE:

Privacy protection isn’t a tick-the-box exercise, and so policymakers need to think outside the box.

At the Federal Trade Commission’s annual PrivacyCon event in Washington, DC, on Thursday, the agency invited nearly 20 privacy researchers and academics from around the world to dig into the nitty gritty on consumer privacy, data collection, security and the economic factors driving it all.

The agenda provides a window into the thorny issues at the top of the FTC’s enforcement agenda: the deficiencies of notice and choice, lessons learned from GDPR and whether the oft-cited advertising value exchange is actually, well, valuable.

If/when federal privacy legislation is passed, the FTC will likely be the one to enforce it, so it’s important to know what’s on the commission’s collective mind. Here’s a taste of what the FTC is stewing over right now.

Privacy policies shouldn’t be for consumers?

Everyone knows that most consumers don’t read privacy policies because they’re too long and confusing. Right?

But maybe that’s the wrong way to think about it. Privacy policies are useless from a consumer perspective regardless of whether they’re long or short, said Justin Brookman, director of privacy and technology policy at Consumer Reports.

He proposed that privacy policies should actually be longer and even more detailed so that regulators, researchers and journalists can easily query them to see exactly what data is being collected and how it’s being used.

Researchers or tech vendors could then build automated tools to audit the policies in order to highlight deviations or pop up a privacy notification when an app or online service wants to do something unexpected with a user’s data.

That would simultaneously keep companies accountable and serve as a “more meaningful and informed way of doing things,” said Yan Shvartzshnaider, an assistant professor affiliated with New York University and Princeton University.

GDPR isn’t working yet

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Daily Roundup

Daily News Roundup

Always Be Closing; ‘Sadsung’ Fridges

Europe’s General Data Protection Regulation is a little over a year old now, and although it’s far from perfect – or even fully baked, since much-needed clarifying guidelines are still coming out and the ePrivacy regulation still isn’t ready – it’s becoming a blueprint for privacy regulation around the world.

But while the need for transparency is a central tenet of GDPR, the law is “not being enforced and it hasn’t changed behavior as intended,” Brookman said, at least not yet.

Most websites made tweaks in the lead-up to GDPR enforcement last year, which primarily entailed adding more information into their privacy policies. But scant changes were made to the amount of actual data processing that takes place, said Christine Utz, a research associate at Ruhr-University Bochum in Germany.

“Somehow, the new transparency requirements are at odds with GDPR’s goal of making privacy policies easier to understand,” she said, noting that cookie consent notices are no better.

IAB’s Europe Transparency and Consent Framework isn’t helping matters much, either. Utz came across examples of the TCF that provided consumers with lists of around 400 third-party service providers to allow or disallow – and that doesn’t even include the third-party partners that don’t participate in the framework.

“This provides both too much and too little information at the same time,” Utz said.

Is consumer data valued properly?

But let’s say brands and publishers figure out the whole transparency thing and collect informed and affirmative consent to collect user data – is it even worth it, from a financial point of view?

Although conventional wisdom states that everyone in the supply chain makes bank, that’s not necessarily the case, said Alessandro Acquisti, a professor at Carnegie Mellon University and co-author of the controversial recent study that found media companies only receive 4% more revenue for cookie-targeted behavioral advertising versus impressions with no cookies enabled.

Putting side some of the problematic aspects of the study, including its limited scope, the issue it raises is one that even ardent proponents of behaviorally targeted advertising acknowledge, which is that the supply chain is a tangled web of complexity – and that it’s easy to lose sight of the consumer in the swirling debate around privacy policies and consent strings.

“We lost the consumer the moment we started calling them users,” said Kassem Fawaz, an assistant professor at the University of Wisconsin-Madison.

Must Read

Publishers

How Encryption Keys Could Resolve The TID Furor

Rather than sharing universal TIDs that any DSP or curator can access, Raptive says publishers should instead share encrypted TIDs with an encryption key provided only to trusted demand-side partners.

Digital Out-Of-Home

Clear Channel Brings Mid-Flight Measurement To Its OOH Network

Clear Channel will provide advertisers weekly, mid-flight reports on outcomes driven by its inventory in order to bring OOH measurement closer to the speed of digital.

FTC Commissioner Mark Meador speaking at the NAD's annual conference in Washington, DC on Sept. 16, 2025. (Photo: Brian O'Doherty)
Federal Trade Commission

FTC Commissioner Mark Meador: ‘No Human Society Can Long Survive Without Consumer Trust’

Keeping American kids safe in what FTC Commissioner Mark Meador calls “an increasingly complex and fast-paced technological environment” is a top priority for the agency.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: "Deal ID, please."
Commerce

Amazon Expands Its Programmatic Integration With SiriusXM

On Tuesday, Amazon DSP announced an expanded integration with satellite radio company SiriusXM.

Rembrand merges with Spaceback
ad tech M&A

Omar Tawakol Is Merging His AI Startup Rembrand With Spaceback

Rembrand announced that it’s merging with creative automation startup Spaceback to build a unified AI-powered platform for “content-based” CTV, digital video and display.

A comic depicting people in suits setting money on fire as a reference to incrementality: as in, don't set your money on fire!
Commerce

Retail Media Is Starting To Come To Grips With The Fact That We All Know Nothing

Retail media is entering what might be called its Socratic phase. The closer we to get to understanding an ad campaign’s real impact and business results, the clearer it is that we have no idea how this thing works.

Popular

  1. Publishers

    How Encryption Keys Could Resolve The TID Furor

    Rather than sharing universal TIDs that any DSP or curator can access, Raptive says publishers should instead share encrypted TIDs with an encryption key provided only to trusted demand-side partners.

  2. Digital Out-Of-Home

    Clear Channel Brings Mid-Flight Measurement To Its OOH Network

    Clear Channel will provide advertisers weekly, mid-flight reports on outcomes driven by its inventory in order to bring OOH measurement closer to the speed of digital.

  3. Marketers

    Why Shipt, The Target-Owned Same-Day Delivery Service, Added Yahoo As Its DSP

    Last year, Shipt went hunting for a DSP, eyeing new programmatic reach and hyper-local targeting down to the ZIP code.

  4. CTV Roundup

    Three Predictions That Everyone At CIMM Thinks Will Be Fact By 2030 (And One They Didn’t)

    What will the ad tech industry look like five years from now? The audience at CIMM’s Summit earlier this week weighed in with their predictions.

  5. AI

    Amazon Ads Introduces Agentic Functions To Its Generative AI Creative Studio

    On Wednesday, Amazon introduced an agentic AI tool that brings all the image, video and audio generation capabilities of the company’s Creative Studio into its ad platform creative setup.