The word of the year, at least according to Collins English Dictionary, is “NFT.”
Putting aside the fact that NFT is an acronym and not a word, consider a proposal that the word of the year for 2021 be “consent.”
With third-party cookies going away and other identifiers, like Apple’s IDFA, getting harder to come by, ad buyers, media sellers and their ad tech partners are all madly angling for opt-ins.
Although, not everyone is scrambling. As Nate Woodman, CEO and founder of tech consultancy Proof, noted in a July AdExchanger column, some brands and agencies are paralyzed not by a lack of desire to solve for digital identity online but from a lack of certainty that any solution being put forward, whether by a biggie or an indie, will be viable and road-ready by the time third-party cookies finally breathe their last on Chrome.
Ask and ye shall
There is something advertisers and publishers can do to obtain consent without finagling or duplicity: Ask for permission, be transparent and offer a decent value exchange – as opposed to issuing a dire warning that failing to opt in will lead to a suboptimal experience.
“Data privacy is no longer a niche field with protections quietly implemented by privacy professionals behind closed doors,” said Caitlin Fennessy, VP and chief knowledge officer at the International Association of Privacy Professionals. “As a result, companies are getting better at explaining the ‘what’ and ‘why’ of tracking and are pairing that with campaigns for user trust.”
This dynamic could serve as one explanation for a somewhat surprising recent finding from Gartner, which predicts the opt-out rate for mobile app tracking will decline from 85% now to 60% by 2023.
But there’s a bigger story here than developers optimizing their pre-permission prompts on iOS, said Andrew Frank, Gartner VP of research.
With your permission, let’s reminisce. It’s been a long year.
Virginia’s House of Representatives and Senate pass the Consumer Data Protection Act (CDPA) – an opt-in law – with sweeping majorities.
The IAB Tech Lab releases several technical specifications for review in support of Project Rearc, an industry initiative to develop a framework for online targeting without third-party cookies. One of the proposals is for a Global Privacy Platform that would plug into an Accountability Platform and provide a systematic way for companies to use compliance tools, such as the Transparency and Consent Framework in Europe and the IAB’s CCPA compliance framework.
It’s alive! Apple at long last releases iOS 14.5 out of beta – and, along with it, the AppTrackingTransparency framework finally enters the world.
Google says it will start zeroing out the Android Advertising ID – literally – when users have opted out of personalized advertising.
China passes the Personal Information Protection Law, which, unlike GDPR, does not include legitimate interest as a legal basis for processing personal data. In other words, consent might be the only game in town in China.
Sensitive to growing antitrust scrutiny, Apple tests a new pop-up for iOS 15 to request permission before enabling personalized advertising. This would be the first example of Apple asking users to opt into personalized ads in its own apps.
Big caveat here, though: Personalized advertising will still be enabled by default on iOS 14 and all older versions of Apple’s iOS, and Apple is also using a different, far more ad tech-friendly pop-up for itself than what it requires of third parties with ATT.
Sources tell AdExchanger that The Trade Desk is having trouble lining up an independent administrator to govern and police the use of Unified ID 2.0 in territories where GDPR is the law of the land.
If consent strings are invalidated – a precedent that could soon be set in Belgium – it’s unclear how permissions will be shared across publishers and ad tech partners using UID2.
Norway’s data protection authority fines gay dating app Grindr $7.6 million for sharing sensitive personal information with its advertising partners – including (then Twitter’s, now AppLovin's) MoPub, Xandr, Smaato, AdColony and OpenX – without user consent, a violation of GDPR.
OpenX’s no good, very bad day continues with the announcement on the same day as the Grindr settlement that OpenX has agreed to pay $2 million to the Federal Trade Commission to settle allegations that the company violated the Children’s Online Privacy Protection Act by collecting the personal information of children under the age of 13 without getting parental consent first.
The UK’s Competition and Markets Authority publishes an interim report based on its probe of the mobile ecosystem that sets out a range of actions the agency could take to address Google and Apple’s “vice-like grip” over mobile devices and consumer choices.
The report specifically calls out Google’s and Apple’s respective “choice architectures,” aka the way in which they present opt-in notices to their users. The report notes “prominent disparities” between how Apple asks for permission for itself and the ATT prompt everyone else has to use.
Worth calling this quote out directly: UK privacy and competition regulators think that the first party/third party data distinction, and Apple's thesis that it doesn't 'track' you, is basically bullshit. https://t.co/hJitz8KNUvpic.twitter.com/ENSqVG66PP