Can companies with competing interests reach consensus while walking across a minefield?
Yes, according to the IAB Tech Lab.
Getting industry stakeholders to collaborate on technical solutions to ad tech’s thorniest issues is the Tech Lab’s whole jam. And there’s “no shortage” of issues facing the digital advertising industry today, said Michael Hahn, EVP and general counsel for both the IAB and the IAB Tech Lab.
But one of the industry’s thorniest and most time-sensitive challenges is to grapple with the growing number of privacy laws and regulations in the US.
In April, the IAB Tech Lab and IAB’s Legal Affairs Council launched a new working group called the Privacy Implementation & Accountability Task Force (PIAT). Its mission is the same as its name: get the ball rolling on developing standards and best practices that strike the tricky balance between consumer privacy and preserving addressability.
PIAT has more than 100 members, who range from lawyers, product folks and engineers to privacy tech vendors, ad tech companies and publishers. The group has met twice so far, but will soon start getting together every other week.
Privacy lingua franca
As its first order of business, PIAT will work on developing a standard taxonomy for categorizing data, not unlike the Tech Lab’s taxonomies for content and audience classification.
There’s currently little consistency in how companies sort and bucket personal information, which is a recipe for chaos and potential noncompliance.
“It’s very difficult for us to make substantial progress as an industry on accountability and privacy compliance if we’re not all talking the same language,” Hahn said. “Our goal is to eventually develop tools, but to get there we need to create a pathway, and that begins with the privacy taxonomy.”
I caught up with Hahn and Rowena Lam, the IAB Tech Lab’s senior director of privacy and data, to get an update on PIAT’s plans.
AdExchanger: The people in the stock image accompanying the PIAT launch press release look like they’re having way too much fun to be discussing the privacy implementation and accountability challenges facing the digital ad industry. What would the actual expressions be on the faces of people struggling with these issues?
MICHAEL HAHN: Imagine a different stock image of people in a conference room. One person is pointing at a document or some kind of demonstrative exhibit, and everyone is reflecting on it looking very serious.
So, not a stock image of people pulling out their hair in frustration?
(No answer.)
OK, fair enough. What are the group’s other priorities beyond developing the privacy taxonomy?
HAHN: We surveyed our member companies to see what they say their top challenges are, and a lot of different things came up: server-to-server “Do Not Sell” signaling, issues surrounding pixels in ad creative and developing more common UI experiences for privacy compliance.
But before any of that, we need the taxonomy and we need to create a set of standards and best practices around what constitutes adequate due diligence under the new state privacy laws and regulations.
We want to take general legal requirements and make them meaningful in a practical way. The law doesn’t specifically talk about publishers and advertisers. That’s the gap we’re trying to cover.
What’s an example of that?
HAHN: Each state privacy law requires that businesses include certain language in their service provider or processor contracts related to audit and other aspects of accountability. But the law doesn’t always tell you how rights should be exercised.
You also have the CPPA [California Privacy Protection Agency] saying that it will take into account whether or not you do due diligence not only for your service providers but also for any third parties you disclose information to. The question of whether you do due diligence determines if you have personal responsibility for their wrongdoing.
That’s a significant change in the current landscape and the requirements are not specific. We’re trying to make them more specific to publishers and advertisers.
Including third-party pixel providers?
HAHN: When ad creative renders on your page and pixels fire, it can be difficult to control, and there’s also the question of honoring opt-outs. That’s why we’re bringing people together with backgrounds in legal, product and technology so that we can see what’s technically feasible.
ROWENA LAM: This is where the partnership aspect is really important. Because due diligence also means taking a close look at what tools and privacy-enhancing technologies are available today that we can build into the standard.
We also need to align them to the due diligence requirements in order to provide real support.
But we’re not evaluating individual privacy technology vendors. We’re categorizing types of technologies, which is why building the privacy taxonomy is foundational. That’s what companies will be able to use to navigate the growing landscape of privacy tech vendors.
Thanks for reading! Hope you had a good long weekend (and hopefully a better time than this little guy is having). As always, feel free to drop me a line at [email protected] with any comments, feedback or cat links.