🚨🚨🚨😺
The Belgian data authority finds that the IAB TCF infringes the GDPR. This isn’t surprising: the @IABEurope CEO had said the same thing. The only unexpected aspect is how long it took for enforcement to step in.
First, it’s good for people. The TCF was designed to support the existing status quo in real-time bidding (RTB). RTB is a data free-for-all that operates with complete disregard for the safety and privacy of individuals.
We can fix this! But this requires putting people first.
Second, it’s good for publishers. Broadcasting personal data also means broadcasting audience data. In turn, this leads to devalued audiences and lower revenue since the adtech companies in the RTB system can target high-value news audiences without paying news outlets.
Third, it’s good for adtech. The adtech world has become hooked on “consent”. But people simply cannot genuinely consent to such complexity at such scale. It’s just a legal fiction.
The TCF is just about protecting the status quo; but what adtech needs is innovation.
The adtech industry is having its lunch eaten by Google. In my humble opinion, that’s from trying to beat Google in a race to the bottom. Trying to be less mindful of privacy and a free, independent press than Google, at greater scale and faster, isn’t really doable.
The only way out is up. The future of adtech (adtech not eaten by monopoly) is in respecting users and delivering honest value to publishers.
But the hard path works better than the impossible one.
Which brings me to the final point: finding the TCF out of line with GDPR is a good decision, but Google’s bidding system is no better and its lack of purpose limitation is staggering.
It would be unfair for regulators to enforce on only part of the market. 🔚
Appendix: if you want more details, Johnny has the goods as always.
The @IABEurope has written up an article to try to distance their consent framework from the recent @CNIL decision finding issues with Vectaury's application of consent. I didn't expect much, but I was disappointed anyway. Read it at iabeurope.eu/policy/the-cni…, some notes follow. 👇
But first: you MUST consent.
Much of the IAB's argument is that Vectaury did not follow the framework's policies. This is disputable, but even if true it's an issue in itself: their framework has no real verification and no enforcement. It's yet another trust-everyone festival.
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
This is a good question: what is the root cause of the lack of privacy online today? Why does media track so much? My personal take is that it boils down to browsers and mobile platforms. Not only is that the master fix, but it is within reach. Follow the thread❗👇
First, I have some assumptions that I want to ensure you know: 1) Without a free and well-funded press before long we'd have no privacy at all. This does NOT justify an exception regime for media, but it constrains the solution. Getting rid of media is not the right option.
2) I do not buy into strict deontologism. It's not enough to make a rule, we need to make it work. If you force people into a choice between the law and survival, don't be surprised that they at least bend the rules. If you incentivise defection, expect defectors.