Code Warriors Are Putting Google And Apple’s Privacy Changes Under The Microscope
“Data-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Allison Schiff, senior editor at AdExchanger. It’s part of a series of perspectives from AdExchanger’s editorial team.
When the big platforms say “jump,” the ad industry warily asks, “how high?”
Apple and Google are both old pros at making unilateral changes to their ad policies that throw mobile developers into disarray and leave web publishers scrambling.
Google’s plan to block third-party cookies in Chrome next year, and Apple’s imminent rollout of its AppTrackingTransparency framework, are two of the most recent and high-profile examples of this, but by far not the only ones.
When Apple or Google makes a move, the impact is felt more widely and deeply than when regulators get involved, because enforcement of a corporate policy can be immediate, decisive and nearly incontestable.
But the mighty elephants are beginning to notice the flies on their back.
An army of developers and extremely savvy industry stakeholders are combing through GitHub repositories and examining sample code and other documentation for Apple’s and Google’s arcane privacy-related modifications. They’re analyzing it with a bloodhound’s nose for minute detail and they’re tweeting out the most salient bits.
Within hours of an iOS beta being released, there’s a lively discussion on Twitter and in Slack back channels to unpack every technicality.
Ad tech companies are digging into every element of every proposal within the Chrome Privacy Sandbox. Much of this analysis and debate is being spearheaded by ad tech company members of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium.
For example, in the two months since Google claimed that advertisers can expect to see at least 95% of the conversions per dollar spent with FLoCs when compared to cookie-based advertising, IWABG members have been relentlessly pushing Google to share more information about how it reached that number.
As it turns out, Google’s FLoC experiment did not include support for frequency capping. Google also appears to have relied on real-time access to cross-site publisher data that won’t be available when cookies go away.
And although Google has repeatedly hammered home the point in recent weeks that it will not use unique identifiers in its ad-buying products, it seems that in Google’s FLoC test unique browser identifiers were used to train the bidding models.
In other words, the devil is in the details and there are technically adept individuals peeking behind the curtains (where possible), asking pointed questions, poking holes and accepting nothing without careful examination.
This technical but important work helps bring the complex mechanisms of online privacy out from the backend and into the light where regulators can also scrutinize it.
In January, having received complaints, the UK’s Competition and Markets Authority launched an investigation into the Privacy Sandbox and the potential negative impact that killing third-party cookies in Chrome could have on the digital advertising market, particularly publishers. That investigation is ongoing.
And just a few days ago, the antitrust complaint against Google led by Texas Attorney General Ken Paxton (which now includes 15 state AGs) was updated to include an entire section on the Privacy Sandbox. [The amended complaint is available here if you want to check it out.]
The revised suit now references Google’s cookie-related intentions as “anticompetitive because they raise barriers to entry and exclude competition in the exchange and ad buying tool markets, which will further expand the already dominant market power of Google’s advertising business.”
But Google isn’t the only tech giant being scrutinized for its privacy plans.
France’s competition watchdog the Autorité de la Concurrence (ADLC) has been investigating since October whether Apple’s AppTrackingTransparency framework is an abuse of Apple’s dominant market position. Just this week, the ADLC, working closely with the CNIL (France’s data protection authority), decided not to call for Apple to suspend the feature.
Even so, it’s noteworthy that French regulators considered going the other way, and the existence of the probe itself shows they’ve got their ears pricked and an appetite to peel the onion.
They’re also more than hip to the concept of privacy theater.
“There may be privacy washing, we’re not naive,” said the ADLC’s president Isabelle de Silva, according to Reuters. “However, the GDPR is binding on us.”
To be fair, ad tech companies have many of their own sins to answer for. (Who microwaved the fish??) The fact that people largely dislike and don’t trust how their data is being used online didn’t come out of nowhere and is by far not just the fault of the large platforms.
But the situation is far from black and white – and sharp-eyed analysts, technologists and strategists are making it their job to point out every shade of gray.
Follow Allison Schiff (@OSchiffey) and AdExchanger (@adexchanger) on Twitter.