How would you describe the state of privacy in the ad tech industry?
“In one word: fragmented,” said Tony Katsur, CEO of the IAB Tech Lab, speaking during a virtual event hosted by ID5 on Thursday.
You already need both hands and one foot to count the number of US states that have passed comprehensive consumer data protection laws so far, not to mention newly minted and existing privacy laws around the world.
“Solving for identity and solving for new forms of addressability in a privacy-by-design manner is going to be the issue of our industry’s time for easily five to 10 years,” Katsur said.
In other words, strap in – but also use this time as an opportunity to build back better.
Permission, please
For too long, the approach taken by most advertisers and publishers has been to minimize opt-outs rather than encourage opt-ins, said Lisa Abousaleh, CEO and co-founder of data verification startup Neutronian.
It’s almost as if companies don’t want to ask for permission, lest they call attention to their data collection practices.
But “what you risk by not being transparent and putting it all out there – by not giving individuals the ability to make that decision – is that you don’t gain their trust,” Abousaleh said.
There is, however, a spectrum when it comes to being transparent, from making a bare-minimum effort at compliance to actually asking people what they want from their online experience.
The answer to that question, however, is certainly not: “More cookie banners, please – and make them dysfunctional and confusing, too!”
Abousaleh said she’s seen some websites show more than one opt-in pop-up during a single session because no one at the company realized that both the privacy team and the marketing team had separately implemented their own cookie banners.
“There are multiple different teams making these decisions in a silo,” she said.
In other instances, businesses don’t implement their consent management platform properly and end up engaging, often unwittingly, in privacy theater.
“A cookie preference notice pops up, making it look like you have a choice, but there’s nothing you can actually turn off – and that just goes back to the user experience,” Abousaleh said. “What message does it send?”
Value exchange, baby
But if there’s a message that the ad industry needs to receive, it’s that the partnership between privacy and marketing has to be tighter.
“It’s not as ironclad as it could be,” said Arielle Garcia, founder of ASG Solutions and UM Worldwide’s former chief privacy and responsibility officer.
There’s the perception among marketers that because there are so many privacy solutions and tools cropping up – which, to be fair, are much needed – from consent management platforms to the IAB Tech Lab’s Global Privacy Platform, that privacy is taken care of or being “handled” by someone else, Garcia said.
But a lot of brands aren’t “living and breathing the privacy dialogue and evolution day in and day out,” she said.
Which is why it’s important for brands to collaborate more closely with partners in the privacy space, involve themselves in the privacy conversation and consider how privacy impacts (and can improve) their relationship with consumers.
“In true industry fashion,” Garcia said, “we’ve done a lot of work around technical standards for orchestrating and conveying preferences to mitigate disruption to data collection and use – and yet the core issue here around creating a fair value exchange for people and making them feel like they understand and have control over how their data is used seems to be a bit of an afterthought.”
But when the industry – as in all the different stakeholders – gets better at creating and communicating the value exchange and giving people meaningful choice, she said, “the more poised we are to achieve true durability.”
With this caveat, however: You can purchase the right technology, but it won’t matter if you don’t use it correctly.
Some companies, for example, feel that their job is done simply by virtue of having bought a consent management platform, said Linda Thielová, OneTrust’s data protection officer and head of its Privacy Centre of Excellence.
If they don’t implement the technology properly, however, Thielová said, “they’re literally just shooting themselves in the foot.”