MediaMath Blog - Privacy

main

Privacy

What Will Consent Look Like in the Post-Third-Party Cookie Era?

February 15, 2022 — by MediaMath

On Jan. 26th, MediaMath Chief Privacy Officer Fiona Campbell-Webster joined a panel at ID5’s Identity 2022 conference along with Didomi and IAB Europe. The panelists tackled the question, “What will consent look like in the post-third-party cookie era?” Here were some of the key themes discussed that advertisers should consider as they fortify their plans for third-party cookie deprecation this year.

The nuances of user consent across privacy regulations

Consent pop-ups are aggravating to consumers, says Thomas Adhumeau, Chief Privacy Officer at Didomi. They leave much to be desired by way of their design and disruptive placement on web pages, so much so that users quickly accept them because they want to see the content, not because they actually understand the implications of consenting. “Consent as we think about it in Europe is not a great outcome,” he told the panel. “It’s not the reason the E.U. came up with the GDPR in the first place.”

Campbell-Webster noted that much of this disharmony is due to the varying definitions of consent in different European privacy laws. “The challenge there is that under the ePrivacy Directive, the definition of consent previously referred to the definition of consent in the previous version of the directive prior to GDPR,” she said. “And that wasn’t updated when GDPR came into play. And the ePrivacy regulation was meant to be put in place there along with GDPR. That’s why we’ve ended up with these various interpretations of what that unambiguous, meaningful prior consent looks like under GDPR for cookie consent, as it still applies under a state-by-state basis with the ePrivacy directive still in force.”

A new pathway to consent

In the future without third-party cookies, companies doing business in the E.U. will still face the challenge of GDPR consent for further processing of personal data for targeting purposes, Campbell-Webster said. And even with pseudo-anonymous information, the fact that you can still, at some level, tie back to a user means companies have to provide disclosures so consumers can understand what their data might be used for, even after it’s hashed or salted.

“The model of consent that applies isn’t just about the individual user’s consideration of the disclosures, but what that consent maps to in relation to the applicable law,” she said.

Adhumeau of Didomi looks at the evolution of consent in three phases, with the third improving the value exchange between advertisers and consumers.

“I think we are entering a new area where first- or even zero-party data is going to be the new oil,” he said. “I think we are on the verge of entering a new era where we are not going to be asking for consent because the law requires it but we want users to trust the companies are going to behave with their data. That goes beyond consent – it’s about building a new relationship, a trusted relationship, built on full transparency of what’s happening with the data.”

Campbell-Webster says as part of this work, MediaMath has been exploring what privacy looks like within the bidstreams and privacy-scoring signals. “To the extent that we can be supporting the ecosystem with privacy-first inventory and leaning into that, it’s something that we’re focused on and that I am very focused on in my privacy program. And part of that is getting above and out beyond what the laws are on a granular level and thinking more about the consumer and the individual and what it means to them in normal terms and normal language.”

Collaborating to improve the user experience around consent

Both she, Adhumeau and Rafael Marti, Head of Legal at ID5, agree that the new era of consent will involve making website banners more user-friendly, perhaps using elements like graphics and video.

“We need to make it simpler and easier for the end user to engage with the content they are looking for without having to go through different cookie banners,” Marti said.

Improving the user experience will help both consumers who want to read the content behind a consent pop-up and advertisers that want to reach users in a seamless way. What it will take to build this new consumer journey is industry collaboration.

The industry can use privacy as an opportunity “to help us towards easing that journey from the consumer to the content provider to the advertiser,” Campbell-Webster said. “And that’s where we want to get to.”

Privacy

The Belgian DPA’s (DPA) decision is a call-to-action for the industry

February 9, 2022 — by MediaMath

A decision by the DPA’s Litigation Chamber on the merits of the complaints against the IAB Europe (IAB) was released on 2 February 2022, prompting widespread commentary and response from an expectant audience. Almost a sigh of relief – the perspective of not just the Belgian DPA but most EU regulators on TCF is in the open, and the industry can now respond.

It is welcome and whilst the path ahead is tricky, there is now a path.

Is this decision good for consumers? Yes of course, consumers should absolutely be in control of how their personal data is used.

Is this decision good for MediaMath and the wider industry? Our view is again yes, but there is much work to be done.

The IAB EU are now tasked with presenting their plan for implementing the decision’s corrective measures, but in fact this decision is a call to action for the industry to ensure transparency and choice are offered and actioned in a meaningful, effective way. MediaMath were instrumental in spearheading the initial development of the TCF, and its evolution to v2. Perfect is hard, perhaps impossible, but the evolution continues, and this decision highlights the requirements of the next iteration of TCF.

MediaMath is committed to supporting industry collaboration, which is now needed across the whole supply chain from publishers, SSP, DSPs and advertisers to reach the goal and lawful requirements of enhancing transparency to individuals (both as a data ethics principle and as required by GDPR) through meaningful and easy to understand disclosures to users, and by ensuring respect for those user preferences is honoured and clearly actioned along the entire user journey.

MediaMath’s view is that TCF has not been invalidated by this decision. A clear pathway to compliance has been set and the IAB have commented publicly that they “look forward to working with the APD on an action plan”. We welcome this, and we hope that successful implementation of corrective measures provides a bright line for the industry’s continued compliance with GDPR.

The industry needs to work together across the full supply chain to avoid unintended consequences from this decision. There is much to pore over in the decision, and we expect considerable focus to be placed on the lawful basis for processing personal data for the purposes of advertising. The decision casts doubt on the lawfulness of any consent given by consumers, and prohibits reliance on legitimate interest. This requires careful consideration, to avoid any unintended consequences. Publications rely on advertising, and indeed consumers expect (or have grown accustomed to) advertising in media whether that be print or digital. To crystalise the issue, prohibiting legitimate interest has a direct impact on the ability to deliver even a basic ad, resulting in white space on the consumer’s screen. A way through is needed – for consumers, publishers, and advertisers.

MediaMath champions radical transparency. We believe that consumers should understand how their data is being used, and how it is being protected. This is fundamental to our modernized ecosystem. We are putting consumer choice in the hands of the consumer, with the launch of our access request portal.

MediaMath is committed to ensuring Privacy by Design principles informed by data ethics, is implemented in our own services, and by championing the same data ethics approach across all our partners in the supply chain, with ensuring the consumer is always at the heart of privacy by design, at each stage of the consumer journey. The corrective measures set out in the DPA’s decision are a blueprint for all industry partners to measure themselves against, and we have a compelling story in that respect.

MediaMath has assembled a strong privacy team to demonstrate and implement global privacy compliance. Headed up by our Chief Privacy Officer, Fiona Campbell-Webster, in the USA, as well our official Data Protection Officer, James Kerr in Europe and the U.K, each with clearly delineated responsibilities and who work together with Ferdinand David, VP, Product, Policy & Compliance, to continuously assess and refine our capability to technically comply with the legal and privacy requirements of GDPR and all other applicable laws. We have a clear goal to support positive business outcomes for our clients by building and scaling privacy-first trusted programmatic journeys through transparency and choice for the consumer.

The coming weeks and months will be an exciting time for our industry.

Privacy

The CCPA is in Effect. Now What?

January 3, 2020 — by MediaMath

The California Consumer Privacy Act came into effect on New Year’s Day. As a recent Campaign US article details, it is already “both under question and under renovation.”

Under the law, California residents are required to know “what personal data of theirs is being collected and to whom it is sold or disclosed.” Residents can also access their personal data, stop its sale, request its deletion and avoid discrimination if they assert their right to privacy.

Daniel Sepulveda, our SVP of Policy & Advocacy, shared his thoughts on what’s next now that the CCPA is in effect in several media publications this week. Read excerpts below:

The impact of regulations and the consumer POV in 2020

“The majority of companies in the advertising industry want to do the right thing,” Sepulveda told AdExchanger. “Our industry is in the process of winning back trust. In the future, we’ll see more scrutiny of companies and, inevitably, more accusations of companies using backdoor workarounds in an attempt to not comply with the law.

Consumers will tend to consent less and opt out more, particularly in the beginning, because they may believe there is no downside to doing so. If publishers wish to continue processing consumers’ personal data in order to monetize their content – and if advertisers wish to continue delivering targeted advertisements to individuals or measuring the effectiveness of contextual ads – then both parties will need to adapt their messaging to consumers to demonstrate the value consumers receive from the processing of their personal data.”

What a CCPA compliance solution requires

“What we’re trying to do as an industry is say what are the analytics and measurement type services that we can still provide,” Sepulveda told AdAge. “This is what everybody is trying to figure out, how to come into compliance with the California law.”

“The tech for enabling the exercise of consumer rights under CCPA exists, it just needs to be modified for that purpose,” he shared with Campaign US. “We, as people and an industry, must solve for the law’s purpose – to increase consumer control and understanding of the use of their data. This is particularly important for those of us in the digital advertising industry because our ecosystem is complex, interconnected, and somewhat opaque.

We believe that a compliance solution requires four key elements:

1) Surfacing to consumers the fact that the company they are directly interacting with and third party companies are engaged in the collection and sale of their personal information when that is happening,

2) Ensuring that consumers have the option to bar any or all of them from “selling” (as CCPA defines it) that information,

3) Signaling those choices to the rest of the ecosystem, and

4) Creating legally binding obligations on all participants to respect those choices.”

Privacy Uncategorized

We Support Privacy for America’s Call for Federal Privacy Legislation

November 21, 2019 — by MediaMath

Through a coalition called Privacy for America, the nation’s principal advertising trade associations sent a letter to Congress today calling for it to consider and pass privacy legislation to set a single federal standard for the country. We strongly support the effort.

The ongoing debate over how to protect privacy in the digital age is not about advertising. It’s about people’s right to freedom from fear of harm or abuse in the market for their data. It’s also about their ability to engage and control how their information is accessed, used, and distributed in the marketplace. How those challenges are met in law will profoundly impact our business along with our clients’ and partners’. We are prepared to rise to that challenge. As citizens and members of our larger communities, we want to support a consumer protection standard and law that our neighbors can embrace.

As technology, media, data, and marketing professionals, we need to modernize our infrastructure, ensure accountability to consumers and regulators across the actors touching people’s data, and provide transparency into our data practices to reverse the crisis in trust in what we do. And we need to update law to ensure rules are enforced.

The proposed outline by Privacy for America for a law constitutes the right framework to relieve consumers of the burden of sorting through myriad onerous privacy notices in an effort to protect their privacy and instead creates clear, enforceable requirements for businesses to collect and use data responsibly. It’s a path forward I think we in this industry can all walk together.

Newer Posts