We Can’t Let the Surveillance Ad Industry Create the new Rules for Privacy

Jeff Chester

Time for the FTC to intervene as marketers create new ways to leverage our “identity” data as cookies “crumble”

For decades, the U.S. has allowed private actors to basically create the rules regarding how our data is gathered and used online. A key reason that we do not have any real privacy for digital media is precisely because it has principally been online marketing interests that have shaped how the devices, platforms and applications we use ensnare us in the commercial surveillance complex. The Interactive Advertising Bureau (IAB) has long played this role through an array of standards committees that address everything from mobile devices to big data-driven targeting to ads harnessing virtual reality, to name a few. 

As this blog has previously covered, U.S. commercial online advertising, spearheaded by Google, the Trade Desk and others, is engaged in a major transformation of how it processes and characterizes data used for targeted marketing. For various reasons, the traditional ways we are profiled and tracked through the use of “cookies” are being replaced by a variety of schemes that enable advertisers to know and take advantage of our identities, but which they believe will (somehow!) pass muster with any privacy regulations now in force or potentially enacted. What’s important is that regardless of the industry rhetoric that these approaches will empower a person’s privacy, at the end of the day they are designed to ensure that the comprehensive tracking and targeting system remains firmly in place.

As an industry trade organization, the IAB serves as a place to generate consensus, or agreed-upon formats, for digital advertising practices. To help the industry’s search for a way to maintain its surveillance business model approach, it has created what’s called “Project Rearc” to “re-architect digital marketing.” The IAB explains that Project Rearc “is a global call-to-action for stakeholders across the digital supply chain to re-think and re-architect digital marketing to support core industry use cases, while balancing consumer privacy and personalization.” It has set up a number of industry-run working groups to advance various components of this “re-architecting,” including what’s called an “Accountability Working Group.” Its members include Experian, Facebook, Google, Axel Springer, Nielsen, Pandora, TikTok, Nielsen, Publicis, Group M, Amazon, IABs from the EU, Australia, and Canada, Disney, Microsoft, Adobe, News Corp., Roku and many more (including specialist companies with their own “identity” for digital marketing approaches, such as Neustar and LiveRamp).

The IAB Rearc effort has put out for “public comment” a number of proposed approaches for addressing elements of the new ways to target us via identifiers, cloud processing, and machine learning. Earlier this year, for example, it released for comment proposed standards on a “Global Privacy Platform;” an “Accountability Platform,” “Best Practices for User-Enabled Identity Tokens,” and a “Taxonomy and Data Transparency Standards to Support seller-defined Audience and Context Signaling.”

Now it has released for public comment (due by November 12, 2021) a proposed method to “Increase Transparency Across Entire Advertising Supply Chain for New ID usage.” This proposal involves critical elements on the data collected about us and how it can be used. It is designed to “provide a standard way for companies to declare which user identity sources they use” and “ease ad campaign execution between advertisers, publishers, and their chosen technology providers….” This helps online advertisers use “different identity solutions that will replace the role of the third-party cookie,” explains the IAB. While developed in part for a “transparent supply chain” and to help build “auditable data structures to ensure consumer privacy,” its ultimate function is to enable marketers to “activate addressable audiences.” In other words, it’s all about continuing to ensure that digital marketers are able to build and leverage numerous individual and group identifiers to empower their advertising activities, and withstand potential regulatory threats about privacy violations.

The IAB’s so-called public comment system is primarily designed for the special interests whose business model is the mass monetization of all our data and behaviors. We should not allow these actors to define how our everyday experiences with data operate, especially when privacy is involved. The longstanding role in which the IAB and online marketers have set many of the standards for our online lives should be challenged—by the FTC, Congress, state AGs and everyone else working on these issues.

We—the public—should be determining our “digital destiny”—not the same people that gave us surveillance marketing in the first place.