There has been a shift in public communications over privacy and third-party access to data
22 October 2019 (Cannes, France) – I just finished an update session sponsored by AdWeek based on sessions at Cannes Lions which I attend every year, held in early Spring. It’s the annual advertising conference … or to give it its full honorific, the Cannes Lions International Festival of Creativity.
Cannes Lions is what I like to call “The Conference of the World’s Attention Merchants”. Because over the last decade, the festival has evolved to include not only more brand clients but also, due to media fragmentation which has led to the change of some and the birth of others, an expansion into tech companies, social media platforms, consultancies, entertainment and media companies — essentially the entire attention ecosystem.
These days, conversations overheard at this international celebration of creativity are just as likely to be about machine learning and programmatic ad technology as they are about imagination and storytelling. There is the stark reality that the advertising industry has been fundamentally turned upside down in the digital age.
So it is no surprise that since the arrival last year of the General Data Protection Regulation (GDPR) in Europe and the looming California Consumer Privacy Act (CCPA) in the U.S. … oh, and the data manipulation scandals that embroiled the 2016 U.S. presidential election plus Silicon Valley’s use of personally identifiable information … lots of sessions have been given over to the lawyers.
All of the above has colored public perception, and over the last 18 months, CEOs of these giants have been hauled in front of Congress for public inquisition over how well they protect their audience’s personal data. Such scrutiny has prompted a shift from such players both in their public communications over privacy and – much more crucially for advertisers – how they let third parties access swaths of data.
The following are a few points from today’s update session:
Communication changes
At Facebook’s F8 developer conference this year, CEO Mark Zuckerberg took to a stage bedecked with “The future is private” where he spoke of a “cultural shift” over the two years following Cambridge Analytica. His performance was adorable. This was followed by Google unveiling a host of online tracking restrictions in its market-leading Chrome browser as well as tools that let users dispense with third-party cookies at its I/O conference.
Meanwhile, Apple followed suit by unveiling several privacy features at its Worldwide Developer Conference as part of iOS 13. Most notably, this included its “Sign in With Apple” feature, with svp of software engineering Craig Federighi declaring onstage that “privacy is a fundamental human right.”
This chorus of consumer advocacy marks a stark change from earlier communications from this trio of California-headquartered companies, with one executive with direct knowledge of one of Silicon Valley’s most notable companies, who asked to remain anonymous, saying how such players “are going to lean in on privacy more and more” in marketing and advertising collateral.
In the case of Facebook and Google, however, this poses something of a dilemma as their respective revenue streams depend primarily on allowing advertisers to target their users, often with an outcomes-based model.
Google has gradually introduced a series of targeting restrictions primarily within its programmatic offering. And in an example of the tightrope the advertising-dependent titans of Silicon Valley have to tread, Google recently lifted the lid on its Privacy Sandbox. Engineers explained how they’re “trying to explore how to deliver ads to large groups of similar people without individually identifying data.”
This clean room concept is something that Amazon is also exploring as it continues to rise to prominence in the online advertising industry. And Facebook is erecting its walls even higher, thus affecting how advertisers can target its granular audience information.
The escalating walled gardens
Such restrictions frustrate advertisers as they make media buyers heavily reliant on the advertising ecosystems of such tech behemoths. According to some, many of the government-mandated privacy laws (ironically) play into the big tech playbook.
Why? Simple. The third-party data ecosystem is in danger. We are seeing smaller ad-tech companies that depend on third-party data go out of business as they struggle to keep up with policy changes or be forced to make major changes to their core business model. The demise of these smaller companies and third-party ad networks will further elevate the Facebook/Google duopoly within the ad ecosystem. It just has to happen and not quite what the EU Commission had in mind: it will make Facebook and Google stronger. GDPR has become the bogeyman in the real data world, not quite understood in the cloistered hallways of Brussels.
But in the industry, it was totally expected. Google and Facebook can easily box out rivals further. The two control more than three-quarters of digital advertising and have the cash to pay lawyers for compliance steps and handle any fines (Google apparently has 3,500 people working on GDPR compliance and CCPA preparation based on internal leaks). Smaller ad firms, which provide alternative services for marketers to target ads, have less financial muscle. So many have simply gone to the “dark side” for protection.
According to Ben Williams, director of advocacy at eyeo, it is the data claw-backs within browsers that are having the biggest effect on advertisers. “You have to look at the corporate motivations of the parties involved,” he said, commenting on targeting restrictions within Chrome and Safari.
There has been a years-long battle waging between Apple’s closed-system approach and Google’s open-source philosophy. This, of course, poses challenges to advertisers and media owners looking to cash in on both companies’ data sets. “Everyone else is just collateral,” said one source, granted anonymity because of working with both companies, referring to all the middlemen like ad-tech companies and media buyers.
Oh, the irony. This could entrench monopolies. It could play into Google’s hands. It could easily turn off audience targeting in general and remove personal data in bid requests, then introduce federated learning to help advertisers target on contextuality.
And then we have, simultaneously, the IAB Tech Lab which is lobbying these powerful stakeholders to operate in a more open manner with its proposal of an enhanced accountability framework. This proposes using an encryption technology that it hopes will maintain a more diverse industry that facilitates “independent ad tech,” in addition to big tech as the industry transitions to a modus operandi that satisfies restrictions signified by the CCPA.
The “let’s talk about this in the bar” topics
The power of Facebook and Google. Ok, some obvious points. The data laws (including GDPR) are simply not fit for purpose. The advertising/media industry has transformed itself while still regulated by antiquated frameworks. GDPR has come a long way but innovation is running circles around legislation. And let’s not glory in the CCPA. That citizen initiative was 90% incoherent and 10% class action, ambulance chaser heaven. One would think the legislature promoted the initiative so as to collect bribes … er, campaign contributions … from both defendants and trial lawyers. Lawyers and legal vendors are salivating: two independent studies say it could cost U.S. companies $55 billion to comply. More on the CCPA is a subsequent post.
But it has reached a point I discussed a year ago. At the time I said some companies will offer iron clad data privacy as part of their “value proposition”. It would be good business sense. You know, a “Terms and Conditions” that would start off with something like this:
FIRST, we have no right to collect and/or aggregate your personal information from multiple sources without your direct op-in permission calling out the specific information we will collect or monitor, the sources we will use, and the time period this information will be kept before being destroyed.
Ok. Maybe not quite like that so back in the real world …
Traditionally technology companies have argued that they host information neutrally, but that defense is slipping. As laws such as the GDPR try to take a bite, acting as a publisher with broader freedom than others to handle and to disclose personal information starts to be attractive. Why not, lawyers whisper, combine the advantages of both?
As scandals over the misuse of personal information proliferate and data protection laws are tightened, technology companies are leaping to a surprising conclusion: they are publishers. Not always, of course, but when it suits them.
Facebook emphasised its role as a publisher with editorial discretion in a California court last year in an effort to block a lawsuit from a developer. Google attempted something even more audacious in a UK case last year involving the “right to be forgotten” in search engine results. It laid claim to an exemption for publishers of journalism, art and literature under European law.
Now THAT was cheeky. Such claims sit awkwardly with the customary insistence of Facebook, Google and other tech platforms that, in Facebook’s careful formulation, they are not “the arbiter of the truth”. And I’ll get to Mark’s big speech at Georgetown last week, but in tomorrow’s post. However, correct me if I am wrong but wasn’t it Mark Zuckerberg last year who told the U.S. Senate “I agree that we are responsible for the content, but we don’t produce the content.”
This sort of thing is inevitable when laws overlap and the same item of information can be defined differently. Is a photo snapped in a public place publishable as journalism or protected as a sensitive piece of personal data that identifies the subject’s ethnic origin and physical or mental condition? At a technical level, when everything is broken into bytes, there is no simple distinction.
European law balances the right to freedom of expression with the right to privacy (which is hard to distinguish from data protection). But the law is not supposed to be a pick and mix. Those who want to facilitate the former and override the latter, whether as individuals or companies, must do so carefully and in the public interest.
Interpretations of what GDPR says about publishers is still up for debate (due in no small part to the “connective tissue” deleted between numerous sections during the negotiations), and may only be settled in court years from now. Many at Cannes Lions were unconvinced that Google and Facebook are meeting even the spirit of the law:
Look, everybody expected a change in culture. Ain’t gonna happen. Brilliant lawyers will always be able to fashion ingenious arguments to justify almost any practice. But with personal data processing we needed to move to a different model. We did not get it.
The implications of the intentional abuse of market power. [sigh] I could write a book.
ENDNOTE
I published this earlier in the year but many of you did not see it because you were not on the distribution. It is fascinating.
President John F. Kennedy never got a chance to deliver his 1963 speech at the Dallas Trade Mart, where he hoped to address America’s role in the world and the principles that must guide the nation. Kennedy was assassinated en route to the venue, and those who arrived hoping to hear him speak instead were some of the first to learn of his death.
The U.K. news outlet The Times and Irish agency Rothco unveiled a digital recreation of the speech he had prepared. The sound engineering required was simply incredible. They were able to connect the dots from a data perspective and a technology perspective. To build the speech, the production team began with recordings from 831 speeches and interviews, resulting in 116,000 sound units. The wide array of sound qualities and background noises made it an especially difficult challenge to create a seamless final product.
It is called “JFK Unsilenced” and while it sets a new bar for audio restoration and engineering, it also posed plenty of ethical questions about how this technology might be used moving forward. Many said “just because technology can do something, should it?” But the researchers noted the potential of this approach which is already being used to improve the voice tools available to ALS sufferers unable to speak.
Here is a short video of how they did it, and a recording of the end result: