IAB Tech Lab unveils proposed privacy standards
Best practices for user-enabled identity tokens are controversial following Google's recent opposition to any form of tracking.
IAB Tech Lab’s Project Rearc, initiated a year ago, today bore fruit with the release of a portfolio of proposed standards. The IAB is calling for comments and feedback. The standards represent a response to the challenge expressed to us by Bill Tucker, executive director of the Partnership for Responsible Addressable Media (PRAM), which participated in Project Rear.
Said Tucker, “The pressing issue is that there will be significant disruptions in how business is done in addressable media. Proper solutions need to be devised that enable the economic model of digital marketing to continue.”
The standards. The specifications and best practices comprise two platforms and two addressability-related releases.
- The Accountability Platform aims at ensuring that all eco-system participants can demonstrate that they are complying with user preferences. It includes specifications for open, auditable data structures, and standard practices.
- The Global Privacy Platform aims both to give users reliable transparency and control over their data, and to support efficient compliance for industry participants in an environment where regulations vary from region to region, and the evolution of regulations is ongoing.
- Taxonomy and Data Transparency Standards to Support Seller-defined Audience and Context Signaling is an attempt to bring order to the contextual advertising space, where hitherto there has been inconsistency in specifying content and placement when making inventory available.
- Best Practices for User-Enabled Identity Tokens provides security and privacy guidelines for identifiers tied to a user-provided email or phone number.
Google’s intervention. The Best Practices for User-Enabled Identity Tokens was an anticipated element of the standards Project Rearc set out to create. The tokens are at the heart of the solutions being offered by a range of adtech and data players, including The Trade Desk, LiveRamp, Infutor and Neustar.
What seemed to be an uncontroversial move to introduce best practices for those tokens has been disrupted by Google’s announcement that, with the deprecation of third-party cookies, it will also renounce any kind of tracking — even tracking based on first-party data voluntarily offered up by the user. Google has said it will not build or use alternate identifiers to track users across the web.
“People shouldn’t have to accept being tracked across the web in order to get the benefits of relevant advertising,” said a Google spokesperson.
Prospects for the portfolio. With the exception of the standards for identity tokens, the other proposals — in broad outline, at least — seem likely to be acceptable to all parties. The seller-defined audience and context signaling best practices, for example, are designed to support advertising which is precisely not based on tracking.
Google has been invited by PRAM to engage in discussions about the proposals. Google’s preferred FLoC initiative does, of course, track online behavior, but stores and manages the data an aggregate and not as personal data.
Why we care. However belatedly, advertisers, publishers and tech vendors seemed to be doing the right thing by coming together to develop an eco-system which respected consumer privacy. Google has disrupted the effort by reject the kinds of first-party-based identifiers that offered an alternative to third-party cookies. But right now, there are questions to be answered about how secure FLoC will be. This story is far from over.