Supporting new European data regulation

Unusually for an ad-tech company, PageFair supports the proposed ePrivacy Regulation. Here is why.
[x_alert type=”success”]Additional note (11 May 2017): our position concerns the proposal’s impact on online behavioural advertising (OBA). Though there are kinks to work out, as we note in our recent statement to Parliament representatives, we strongly endorse the proposal’s broad approach to OBA.[/x_alert]

 The European Commission has proposed new rules for ePrivacy, which will supplement the GDPR.^[1] Unlike colleagues in other digital advertising companies, PageFair commends the proposed privacy protections for online advertising.
[prompt type=”left” title=”Access the GDPR/ePR repository” message=”A repository of GDPR and ePrivacy Regulation explainers, official docs, and current status.” button_text=”Access Now” href=”https://pagefair.com/datapolicydocs/”%5D
PageFair has taken this position for two reasons.

First, personal data are not required for online advertising. 

The online advertising system can deliver relevant ads without the need to use personal data, or third party cookies that collect personal data. Where cookies are required for advertising, non-tracking cookies are adequate.

Consider (A) and (B) below.

1. The online advertising industry already uses systems to target advertising online without using personal data. Advertising media have relied on ‘contextual’ targeting for over a century. Many of the digital tools that advertisers and their agencies use to buy advertising space already offer contextual targeting. This is often accompanied by ‘behavioural’ targeting that uses personal data, but these data are not strictly necessary for the placement of relevant advertising on websites.
2. Even if point A was not already the case, PageFair has developed a method of serving ‘group-interest based’ relevant ads that target ads relevant to reader’s interests without using personal data. We envisage sharing this freely with no commercial terms. This is an example of the kind of innovation that the proposed Regulation will stimulate.

Second, trustworthy publishers will benefit from the proposed rules.

By making Do Not Track (DNT) enforceable, the Regulation puts a new commercial value on trust. Publishers that have earned the trust of their users will benefit from the proposed Regulation. A small, niche topic website that has earned the trust of its users is more likely to gain a user’s consent to use her personal data than a large website that misleads with “click bait” headlines and so forth. Trust is the new asset that matters, and the size of the publisher is immaterial.

Publishers will gain power over advertising intermediaries (agencies, ad-tech companies), reversing the trend of two decades. Today, visiting a website exposes a citizen’s personal data to a cascade of third parties, and to third parties of third parties. Under the new Regulations, visiting a website will be like visiting one’s doctor: the new Regulations create a situation in which no one else is admitted to the consultation room unless both citizen and publisher invite them in.

Ad-tech companies that now extract more than half of the money spent by advertisers will have to cooperate with publishers to gain consent exceptions from visitors for the use of their personal data.^[2] This creates an opportunity for publishers to command a greater share of the advertising budget. Indeed, trustworthy publishers are likely to become attractive targets for acquisition by advertising holding companies.

 

Conclusion

The status quo is unsustainable in two respects. On the one hand, the aggregation and processing of personal data by data brokers and others with access to the OBA system poses threats to citizens’ individual interests, and to society.^[3] On the other hand, the brands that pay for online advertising are deeply dissatisfied with how it currently works. The world’s largest advertisers complain of poor or misleading data about advertising and its effectiveness.^[4] They also waste billions of dollars a year due to ‘ad fraud’, in which advertisers pay for clicks and views that are actually simulated by ‘ad fraud bots’.^[5]

The enormous growth of adblocking (to 615 million active devices) across the globe proves the terrible cost of not regulating. We are witnessing the collapse of the mechanism by which audiences support the majority of online news reports, entertainment videos, cartoons, blogs, and cat videos that make the Web so valuable and interesting. There is no future for a European digital media, content, or advertising industry based on the kind of data practice that self regulation and lax data protection have permitted.

The digital economy requires a foundation of trust to enable innovation and growth. The high data protection standards in the ePR as proposed are entirely compatible with the success of the publishing and media industry on the one hand, and the advertising industry on the other. Indeed, they are essential.

The ePR, together with the GDPR, puts a new premium on trust that will help publishers, and will change the web for the better.

See also 

See our analyses on the ePrivacy Regulation the GDPR:

• DSP contextual targeting offers solution to strict GDPR regulations
• Why the GDPR ‘legitimate interest’ provision will not save you
• European Commission proposal will kill 3rd party cookies 
• Europe’s new privacy regime will disrupt the adtech Lumascape 

 

[x_callout type=”center” title=”Perimeter: the regulatory firewall for online media and adtech. ” message=”Feature-rich adtech, even without personal data. Control user data and 3rd parties in websites + apps. Get robust consent.” button_text=”Learn more” href=”https://pagefair.com/perimeter”%5D

Notes

^[1] The European Commission’s proposed ePrivacy Regulation is currently under negotiation between the European Commission, the European Parliament, and the Council of Ministers of European Union Member States.

^[2] “Tracking Preference Expression (DNT): W3C Candidate Recommendation”, W3C, 20 August 2015 (URL: https://www.w3.org/TR/tracking-dnt/). For technical details of how publisher-specific exemptions function see https://www.w3.org/TR/tracking-dnt/#exceptions.

^[3] Two alarming examples of how OBA leakage in the United States has enabled the aggregation of sensitive personally identifiable information: Tanya O’Carroll and Joshua Franco, “‘Muslim registries’, Big Data and Human Rights”, Amnesty Interntional, 27 February 2017 (URL: https://www.amnesty.org/en/latest/research/2017/02/muslim-registries-big-data-and-human-rights/); and “Cambridge Analytica Explained: Data and Elections”, Privacy International, 13 April 2017 (URL: https://medium.com/@privacyint/cambridge-analytica-explained-data-and-elections-6d4e06549491).

^[4] For example, see one of several speeches by the CMO of the world’s largest advertiser: “P&G’s Pritchard Blasts Objections to His Digital Demands as ‘Head Fakes'”, Advertising Age, 2 March 2017 (URL: http://adage.com/article/cmo-strategy/p-g-s-pritchard-dismisses-objections-digital-demands-head-fakes/308144/).

^[5] Mikko Kotila, Ruben Cuevas Rumin, Shailin Dhar, “Compendium of ad fraud knowledge for media investors”, World Federation of Advertisers and The Advertising Fraud Council, 2016 (URL:  https://www.wfanet.org/app/uploads/2017/04/WFA_Compendium_Of_Ad_Fraud_Knowledge.pdf), p. 3.