Who’s writing the data privacy rules anyway?

Picture of Judy Shapiro

Judy Shapiro

Editor-in-Chief at The Trust Web Times
Picture of Judy Shapiro

Judy Shapiro

Editor-in-Chief at The Trust Web Times

It would be helpful to know who is writing the rules in this complex game- changing landscape but clear answers are in short supply.

Every Marketer is worried about how to manage the coming data storm of increasing regulations, Apple/ Facebook tracking kerfuffle and Google’s plan to stop supporting cookies in Chrome. Every Marketer is trying to figure out how to navigate these treacherous waters because it is not easy to figure out. It would be helpful to know who is writing the rules in this complex game-changing landscape so that Marketers know who to trust for information and best practices.  

Instead, when the question comes up; “Who’s really writing the rules,” the real answer is that everyone and no one.

The cast of characters is broad, confusing and fluid because lots of organizations have a hand in it:

  • FTC – They regulate unfair or deceptive commercial practices and is the primary federal regulator in the privacy area. They bring enforcement actions against companies including failure to comply with posted privacy policies and failing to adequately protect personal information.
  • W3C – They oversee the collection, processing and publication of personal data. Privacy concerns are managed more often as applications built on the Web platform about how users’ activity on the Web is ubiquitously tracked. The W3C Privacy Activity coordinates standardization work to improve support for user privacy on the Web and develops general expertise in privacy-by-design for Web standards.
  • IAB – This body helps standardize the changing privacy landscape to help companies understand digital ad best practices across a variety of topics including privacy.

Then you have geographic and local governments creating an additional set of protocols;

  • EU’s GDPR regulations which require users to opt-in to being tracked. (Sidebar – many U.S. companies that force an opt-in on their site are just pretending they are GDPR compliant when they are not.)
  • California Consumer Privacy Act (CCPA), which took effect in 2020 to protect the privacy of California consumers by giving them greater control over businesses’ use of their personal information.  

Next, let’s not forget the “privacy police” folks like TAG and the Brand Safety Institute who, by and large, are technologically outflanked by the sophisticated dev capabilities of bad actors. Despite good intention, these companies are challenged to get ahead of fraudsters technically versus reacting to malicious activities after they happened.

We are not still done.

Traffic Verification companies (IAS) or the data companies racing to create universal ID for online tracking are, presumably, working to be advocates for privacy. Alas, we know this is not the case. These firms have a lot riding on AdTech’s continued ability to target “people” whatever politically correct name they give to their people tracking practices. They have a deeply conflicted agenda to say the least. Agencies, somewhat similarly, are tied to today’s prevalent tech stacks which works against leading the industry in best practices for being consumer’s privacy champions.

This leaves Clients in a painful pickle.

It’s not clear which rules are the ones that matter.

It’s not easy to deploy a sane and sustainable set of practices and guidelines.

It’s not obvious how all of this is supposed to work.

The irony of all this is that in an attempt to bring trust to the digital media buying ecosystem, new layers of tech verification; privacy vendors and industry standards bodies ties this up into a Gordian Knot never to be untangled despite AdTech’s declaration to the contrary.

As someone (or anyone) old enough to remember Netscape understands, the online advertising industry does not need to spy on everyone to thrive. We know this because for decades, advertising was very successful without tracking a single person. Worse, the tracking, surveillance marketing, and the current model of ad tech are at the root cause of much of the trauma and tension each of us experiences every day in our digital worlds.

Until AdTech acknowledges and is ready to address the irreconcilable tension between Users’ right to control their own data and their presumed right to control all that data, we cannot rehabilitate current practices.

I do not have confidence that AdTech will one day accept this truth. It rests with Advertisers to loudly communicate to AdTech vendors that tracking people is an unacceptable business practice. Advertisers need to mean it and not look the other way when data and buying platforms use data suspected of being loose on the privacy fronts. If Advertisers take a meaningful stance as consumer privacy champions, this will pay Brand dividends for years to come.

I realize it is a lot to ask of Advertisers. That’s why if you don’t know how to start – drop us a line. We will point you in the right direction to get you the help you need that is practical in putting privacy first.  My firm is not a privacy company so we are able to match you to the right partner vetted from the companies who have joined The Trust Web (no hidden agenda).

Talk to us. We can do this together. Reach me directly at judyshapiro@engageSimply.

Share: