Is the FCC ruling on consumer data a sign of the coming Stone Age — or the Modern Age?

The Federal Communications Commission’s (FCC’s) decision late last week about the use of consumer data by Net providers may be the first step toward a complete reinvention of how digital ads are targeted in the US.

Just look at Europe to get a sense of where this may lead.

Last Thursday, the FCC approved a new policy that requires Net providers like Comcast to obtain opt-in consent from their customers before they can use a customer’s behavioral data or share it with third parties like ad platforms.

Consumers have to opt in to allow, say, their browsing history or app history to be shared, as well as their health or financial info, Social Security numbers, search data or SMS messaging, or the content of their emails. Excluded from this category of sensitive data are IP addresses and device identifiers.

This doesn’t apply to the data collected by websites or social networking platforms like Facebook, which fall under the supervision of the Federal Trade Commission.

Consumer groups like The Center for Democracy and Technology approve of the move. But the ad industry, as you might expect, thinks otherwise.

“It’s like going back to the Stone Age in terms of advertising in a non-targeted way to a mass audience you know nothing about,” ad agency DDB Executive Vice President and Director of Digital Azher Ahmed told Digiday.

Actually, it’s more like the Bronze Age. If you want to see what an advertiser’s Stone Age might look like, go to Europe in a little less than two years.

To be exact, go to May 25, 2018. That’s when the European Parliament’s new General Data Protection Regulation (GDPR) kicks in.

The reinvention

It tightens the regulations about collecting customer data in general by anyone, requiring that brands obtain specific opt-in consent for specific uses. Specific permission, not just an agreement buried in an unreadable Terms and Conditions (which burial is not yet prohibited in the FCC ruling.)

There are still unknowns about exactly what GDPR covers, but it may well cover anonymized, third-party data, since inventive vendors have developed ways to re-identify actual users through matching of attributes, like location, device ID and IP address. And it’s not completely clear yet if search engine-related data is included, in part because it’s not clear if, say, a Google search engine user is a Google customer and therefore able to give or withhold consent.

But the answers need to be clear to everyone eventually, since the penalty can be stiff — as much as four percent of a violator’s global revenue.

GDPR, and the less inclusive FCC ruling, point toward one eventual outcome, according to Henry Lawson, CEO and cofounder of Seattle-based profile management firm autoGraph.

“The whole thing gets reinvented,” he told me recently.

By “whole thing,” he means virtually the entire digital ad/marketing infrastructure and industry, which has been built on targeting and retargeting individuals and segments of users based on a largely unencumbered use of their behavioral and profile data.

His company offers a cloud-based brand platform that allows digital users to answer questions when they sign up, generating a profile whose data they approve for use in personalized websites, email and SMS. It’s not unlike, say, a Facebook profile being used by a website via Gigya, which provides a social login infrastructure where you can grant access to your profile — except approval of data use through autoGraph is more specific for each brand. (In fact, autoGraph can be one of the profiles offered by Gigya.)

Lawson embraces the emerging European ethos for customer data, which he sees as also catching hold in the US following the FCC decision.

“First-party data becomes king”

First and foremost, he said, his company and its client brands “absolutely understand that consumers’ profiles belong to them, not the company.”

This means that consumers choose which companies have permission to use content in their profile, and for what specific purposes. autoGraph says it currently has 10 clients in the US and Europe.

A brand could look at this vision as very bad news for the future of digital advertising. After all, if this kind of consumers-own-their-data catches hold worldwide, it will mean that anonymized third-party data could become extinct, and first-party data will become weighted by a truckload of permissions.

Technically, GDPR allows first-party data retargeting and third-party data targeting, but Lawson notes that the permission requirements will be so burdensome that this kind of advertising will probably become uncommon. For instance, if I’m a post-GDPR European user who looks at a product page about red sneakers on a retailer’s site, the retailer has to get my specific permission to retarget me with follow-up ads when I go to another site.

“First-party data becomes king” in that scenario, Lawson pointed out — if you accept the idea that the king can only do what the subjects agree to. He noted that data management firm Acxiom has essentially abandoned third-party data business in Europe, as has Callcredit, a kind of European FICO.

But it just might turn out that brands will love this new Modern Age.

That’s because users will be telling brands, “Send me info on these things that interest me.”

Advertising could become more like signing up for email lists. If I say in a profile or through a granting of browser data that I’m interested in info about red sneakers, it would stand to reason that I’d pay attention when I get an ad or email about red sneakers. I will be more likely to pay attention, instead of reaching for the nearest ad blocker out of annoyance at all the ad pitches.

Opening the door

And, as Lawson points out, verified data can be better data. A marketing company making assumptions about your purchasing patterns — even if it has access to your credit card history — could land much closer to your actual interests if you have provided them.

This kind of data ownership could also lead to more sophisticated buyers. GDPR, for instance, includes your ownership of data about your electrical consumption, to better enable comparison shopping.

And brands could also benefit by an additional layer of trust.

Lawson said his company found that 92 percent of users opt in to allowing the use of the data in their profile by a specific brand. That profile can convey the same interest graph and location relevance as, say, tracking your browser history and location. But, he added, only about five percent of users agree to let advertisers access their browser history and location.

autoGraph’s clients only target consenting users when they are logged in, and it doesn’t use cookies or mobile IDs. But mobile IDs are also facing new challenges, such as Apple’s recent update in its Limit Ad Tracking (LAT) setting.

In that update, activation of the LAT setting automatically sets the IDFA (Identifier for Advertising) to zero, making it impossible to track that individual device except by probabilistic device fingerprinting. The device can still receive advertising, of course, but its owner’s behavior cannot be tracked by companies with whom there is no relationship.

In fact, these moves by the FCC, the GDPR, and Apple can be seen as steps toward a marketing environment that is almost entirely governed by something brands have long valued: relationships.

In that case, untargeted digital ads could still help to create demand where it wasn’t before, just as broadcast TV ads reach some interested viewers with its relatively broad brush.

But the day may be coming for every market when targeted digital ads, personalized web pages and follow-up emails are only sent when you’ve opened the door. And people tend to be much more welcoming when they know who’s knocking.