Politicians around the world are under pressure to lean on digital media, forcing the biggest players in the sector to strive for consensus around data-sharing practices.
Some believe U.S. data laws, which are being drafted ad hoc, will soon resemble sterner transparency requirements in other countries.
While this is welcome news for privacy lobbyists, it poses operational challenges for the wider digital media landscape, especially with Big Tech’s historic preference for a proprietary approach to data sharing.
The intricacies of automated media trading mean audience data often makes its way into the hands of anonymous middlemen. To many, this is the evolution of the trade-off for free online content, but the concept still spooks members of the general public.
The central premise of laws such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act is that businesses are more transparent with consumers over data sharing. But laws in the U.S., including CCPA, are widely considered to be less stringent.
GDPR requires companies that collect personally identifying information on EU citizens to provide them with protections such as gaining their consent to use their data, especially to share it with third parties. CCPA asks that companies give users the ability to opt out by providing a clear “do not sell my personal information” button, but California residents are essentially opted in by default.
Many believe GDPR requirements have unfairly burdened publishers whose monetization partners, such as SSPs and measurement providers, rely on them as their interface with the public for gaining consent. Even after GDPR enforcement started in 2018, “sequential liability” was a hot-button issue among players in the ecosystem. Partners often tried to offload, or at least limit, their legal culpability for any data leakage along the supply chain.
Google joins IAB framework
Further complicating matters, Google was a notable holdout in the first iteration of the IAB’s Transparency Consent Framework. Sources told Adweek at the time that Google’s reticence to sign on to the data-sharing accord was due to questions about whether it was fit for purpose. But the online behemoth has signed on to the second version of the TCF, which now boasts close to 600 advocates.
“This new framework standardizes the process of gathering, managing and communicating user permissions for how their information may be used in the advertising supply chain,” wrote Chetna Bindra, senior product manager of user trust and privacy at Google, in a blog post. “Our integration with the TCF v2.0 applies to ads we serve on publisher inventory and not Google-owned and operated inventory, for which consent is obtained through our own consent flows.”
Some have attributed Google’s U-turn to increased levels of regulatory scrutiny, both in the EU and at home, and the result of the stark realities of the market.
Wayne Blodwell, CEO of The Programmatic Advisory, told Adweek that he thinks the online behemoth, whose ad stack contains both buy- and sell-side operations, wanted to designate itself as a “data controller” instead of a “data processor,” a scenario that would have ensured it has more control over potential liabilities.
“They realized over time that they can’t do that and that they have to get the publisher to get consent for them,” Blodwell said. “So, that’s why they thought they may as well get involved with TCF 2.0.”