Inside the IAB Tech Lab’s New Consumer Privacy Proposals

Can new tech standards plus enhanced accountability save programmatic as we know it?  

IAB Tech Lab logo
The trade body is currently engaging with stakeholders in the ecosystem to gauge their feedback.
IAB Tech Lab, Getty Images

The IAB Tech Lab is proposing new technical solutions and standards to ease concerns around the use of third-party cookies for online advertising with an enhanced accountability framework to better ensure responsible use of consumer data.

This includes the creation of an encryption tool which permanently attaches a consumer’s privacy preferences to an identifier that ad-tech companies can then use to target ads, provided they too adhere to a series of privacy measures.

To ensure compliance, the trade body is suggesting an enhanced accountability system that will rely on multiple sources of reporting to verify that those in the ad-tech and mar-tech space respect consumer privacy choices.

Further addressing tracking and security concerns, the trade body is also proffering a “controlled container for ad delivery” that will more tightly govern what can run inside ads and limit leakage of first-party data.

The proposals will be outlined at length today at The IAB Tech Lab’s Innovation Day hosted in San Francisco, Calif., where attendees will gather to debate the challenges of online advertising in an era when privacy is at the forefront of public discourse.

In a blog post outlining the latest proposals, Jordan Mitchell, svp of membership operations at IAB Tech Lab, described how the open standards that helped grow online advertising into a $129 billion-a-year industry had to evolve.

Speaking with Adweek, he added, “We’re faced with a compliance issue and we have to demonstrate that we are responsible stewards. The self-regulatory framework the industry has used thus far has been policy based, but this time we have some technical proposals as well as policies to ensure compliance.”

The IAB focuses on three ideas for building consumer privacy and security into the media ecosystem: an encrypted, revocable token; joint accountability system; and enhanced security controls.

Mitchell hopes these foundational blocks will win the backing of the major platform providers, i.e., internet browser providers, all of whom have taken significant privacy measures recently.

An encrypted, revocable token

The proposed encrypted token includes an identifier that is bound to the privacy preferences expressed by a consumer which can be accessed only by third parties, such as ad-tech and mar-tech companies, who respect said preferences.

“The idea is that, without access to the token, companies would not have access to any consumer identifier and therefore be unable to collect, process, track, share, sell or buy personal data, nor be in a position to provide basic analytics, measurement, attribution, et cetera,” explained Mitchell.

Joint accountability system

To ensure compliance with the proposed measures, the trade body is also proposing that companies in the space provide a centralized auditing system, whereby they provide evidence of how they used the encrypted token which can then be verified by outside parties.

Mitchell added, “This allows a centralized system to analyze activities over multiple parties to quickly surface malicious or erroneous noncompliant activity and supplement our industry’s self-regulatory programs.”

Controlled container for ad delivery

Additionally, the proposed introduction of a standardized, controlled container for that better protects any personal identifiable information contained within an ad unit. Mitchell maintains this will more tightly control how first-party data is used to limit security concerns over how consumer behavior is tracked online.

Next steps

Before any technical specifics over the proposed identifier or accountability mechanisms on the table are decided upon, the IAB Tech Lab is sounding feedback from key industry stakeholders in the ecosystem in the weeks ahead. “Our proposal is meant to convey our ideas and a good-faith willingness to collaborate further with the browser and privacy community,” said Mitchell.

“Indeed, we must be agnostic to region, and the ongoing evolution of policy across regions, the technical mechanisms available for identifiers, the specific privacy preferences afforded or required by law, et cetera.”

Recommended articles