By: Linda L. Goodman
The numerous State initiatives and regulations pertaining to data protection and consumer privacy are pressuring and eliminating tech-based ad-targeting techniques. The replacement is likely to be contextual targeting.
Both Google and Apple are implementing data privacy initiatives resulting in the near elimination of technology- based targeting systems in the current advertising ecosystem. Cross-device tracking was success only a few years ago. Essentially a marketer could link an individual to all the devices they used, from smartphone to connected TV, to laptop, desktop or tablet. By linking, the devices, the marketer could eliminate duplication and gain a greater profile of a consumer or consumer household. But as a result of CCPA and GDPR the methods used have dropped significantly and in Europe which has been under GDPR implementation and enforcement for over a year these systems have all but been dismantled.
Similarly, device “fingerprinting” had a windfall when ad tech players deployed it as a workaround to Apple’s anti-tracking blockages. Device fingerprinting is a technique used to forensically identify an electronic device on the internet. Device fingerprinting reportedly can identify unique mobile devices and computers by their distinct characteristics with a reasonable degree of certainty. Device fingerprints are built using information gathered about the hardware and software utilized by a website visitor. Hardware details are combined with the browser information to paint a picture that forms the core of the device fingerprint. This was largely undertaken by cookie technology and data collection. Thus, the identifying characteristics contained within each fingerprint could include internet history, device type, device capability, operating system, and user login. When combined with device data, users can be identified as they move from one device to another factoring in user information as part of a device fingerprint which increases its power and accuracy. Although a complicated and multilayered process, device fingerprinting is a tool that can be extremely valuable to an eCommerce merchant.
But last week, Google declared their alignment to privacy by essentially decrying the method as deceptive. This was seen through a series of blogs calling for developers to come up with ideas on how to ensure sustainable ad technologies that are data-privacy friendly and legally compliant. Moreover, Google attacked this method as way of obtaining and using user data without their knowledge or permission — a violation of the GDPR, CCPA and a myriad of other state laws. When you add that to the fact Apple is also curtailing the technique through its restrictions on tracking, it will be difficult for this sector to survive. Attribution modeling has also taken a massive hit thanks to the pivot to privacy. The biggest blow was when DoubleClick Ids was dropped by Google who cited GDPR compliance as the reason for dropping the product.
Going forward Geotracking is on the block. There has been a great deal of discussions between legal and tech about location data and how to ensure it is GDPR and CCPA compliant. The Internet Advertising Bureau (“IAB”) recently added a layer into their attempt to standardize GDPR compliance. In the rework location data targeting has been assigned a specific “feature,” meaning that advertisers and publishers must ensure that consumers are informed of location tracking and there must be an express purpose for it before asking and receiving permission. Notably, this is one area that the U.K. data protection authority the Information Commissioner’s Office is slamming.
Lastly, within the U.S. each of the multiple States now implementing privacy regulations, obtaining, and using personal data within bid requests will be next to impossible without explicit consent. In reality, the likelihood of people agreeing to have sensitive data are slim – at least until “everyone does it” numbs the consumers to vast transfer of their information. For now, if advertisers want to use sensitive data for targeting programmatic ads on the open exchange, they should prepare to get explicit and informed consent from users to do so. This will likely result in the type of data available within an RTB is going to change. The ICO has been clear that this kind of data is being exploited within bid requests, along with other information like device IDs, cookie IDs, and location data and that must change. So, using personally identifiable data available in an RTB will likely die out (for a while) while it is under the scope of the regulatory agencies.
With technology firms being removed, content and contextual marketing will again press to the forefront. But these are also not without their perils. But in the manner and method of data collection it will be an imperative path to targeting and ad sales.
______________________________________________________________________
This article was originally posted on Cliclaw.com as part of my ongoing efforts to share valuable legal insights. I regularly contribute guest blogs to leading websites in the field of internet compliance. In these posts, I cover a range of topics to help businesses stay compliant in the ever-evolving digital world. You can read my latest guest contributions on Cliclaw.com.
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
Linda L. Goodman is the founder of The Goodman Law Firm, concentrating its practice in internet business and law. Her firm’s clients include Advertisers, Affiliates, Affiliate Networks, and ISP’s.
© 2019 TGLF, A.P.C.