Taming the Wild West of Consumer Data Sharing in AdTech

AdTech Industry, Data & Privacy, GDPR

Taming the Wild West of Consumer Data Sharing in AdTech

,

The Wild West era in America during the late 1880s gave rise to a new genre of film known as Westerns, which depicted vast and rugged landscapes with men riding on horseback, regularly engaging in gunfights.

Indeed, the Wild West is famous for lawlessness, vigilantism, and outlaws on the run. 

Are there any similarities to how the online advertising industry operates today?

Authorities Slow to Act

The Wild West saw an influx of new land – and later, gold – for the taking, which happened at such a fast rate that authorities were slow to introduce laws to regulate and control it. 

The introduction of the public internet in the mid-1990s created a similar situation, but instead of land and gold, user data was the prize. 

Since the mid-2000s, online advertising-technology companies have been collecting, segmenting and sharing huge amounts of consumer data, and just like in the Wild West era, authorities and governments have been slow to act.

It’s not like advertising companies have done all of this without any safeguards; concepts like privacy by design and data minimization have been around for a number of years. 

This has brought us to the current state where companies have amassed user data to the point where it’s become the backbone of the online advertising industry, and where user-data collection happens on any device with an internet connection (just look at how many tags and pixels are fired on some websites), and is passed to multiple vendors via piggybacking and cookie syncing.

However, several events over the past few years suggest that these days are numbered. 

The EU’s General Data-Protection Regulation (GDPR) kicked things off, with other countries like Brazil and India looking to introduce similar regulation. 

Even large tech companies like Cisco, Microsoft and Apple are pushing for a GDPR-style law in the US, not to mention the lingering proposed ePrivacy regulation, which will likely have a bigger and more direct impact on AdTech than the GDPR has had. 

Despite being stuck between negotiations on the text of the draft and the all-important trilogue discussions, it would be wise to think about how it will impact AdTech and the changes needed to comply with it now.

Over the coming years, AdTech companies will need to ensure their data-collection activities are compliant with various data-protection and privacy laws – or face the wrath from authorities.

Vigilantism in the Form of Self-Regulation

Violence and theft were rife in the days of the Wild West, with local authorities unable to control the sheer number of crimes due to lack of manpower. 

In response, vigilante justice groups were formed by members of the community to play judge, jury and executioner, essentially doing what the authorities couldn’t. 

In the online advertising world, there’s a sense of vigilantism in the form of self-regulation. 

Governments and other authorities have simply lacked the resources needed to control and regulate the sprawling online advertising ecosystem, leaving the industry to form self-regulatory organizations such as the Interactive Advertising Bureau (IAB) and the Network Advertising Initiative (NAI), among others. 

However, unlike the vigilante justice groups of the Wild West, the self-regulatory groups in online advertising have done little to properly regulate and manage the out-of-control data-sharing activities conducted by AdTech companies. This is despite attempts to do so with failed initiatives such as AdChoices (which requires users to opt out by clicking on tiny icon found on ads, and then wait as a new page loads the user’s browser and cookie statuses) and the IAB’s Transparency and Consent Framework.

Time’s Up for Shady Actors

The infamous outlaws and bandits of the Wild West would hide out in the badlands, away from the prying eyes of authorities and vigilantes. 

For the better part of a decade, advertising companies and data brokers have collected and distributed user data, all without the user’s knowledge or explicit consent, but the online-advertising bandits can hide no longer.

Consumers are more aware of the extent of data collection by walled gardens (Google, Facebook, etc.) and independent AdTech and data companies, thanks in part to complaints filed by privacy groups, such as the recent ones by Brave and the Open Rights Group. These filings formed the basis for a separate complaint filed by Panoptykon as well.

A recent report by Piwik PRO highlighted that 74% of websites placed third-party cookies without valid consent and 86% of websites preloaded possible tracking cookies even before the user expressed their consent decision. The third-party cookies almost always belong to AdTech or MarTech companies, meaning personal data is being passed outside the EU, exposing them to retargeting, profiling or even sale of their data.

Successful AdTech companies of the future will be the ones that respect user privacy; both clients and consumers will simply not support companies that don’t.

This means the onus is on AdTech and data companies to prove to both clients and consumers that their data-collection practices are privacy-friendly and in compliance with the GDPR (and whatever other data-protection and privacy laws may follow). 

The Events That Ended the Wild West

It’s hard to pinpoint one event that ended the Wild West era, but it was likely a combination of new laws that regulated land ownership and gold mining, as well as the takedown of many prominent outlaw figures.

With all that has happened in the past few years (ad blockers, GDPR, and ITP), could the Wild West days of mass user-data collection in online advertising be coming to an end?

The evidence for this is mounting. 

While the introduction of the GDPR didn’t have an immediate impact and clearly wasn’t the catalyst for change for a large majority of AdTech companies, the recent investigations by French Data-Protection Authority CNIL and the UK’s Information Commissioner’s Office (ICO) into Google’s violation of the GDPR regarding user consent could be a clear sign of things to come for all AdTech companies.

The next few years will likely establish law and order regarding user-data collection, regulate what self-regulation couldn’t, and expose the AdTech companies that fail to adhere to data-protection and privacy rules.

Now is the time to act to make AdTech more privacy-friendly, reduce the amount of user data companies collect, and regain trust of online users to ensure our business models remain viable for the future.

Fifty years from now, the AdTech world of today may be seen as a chaotic, user data free-for-all – just don’t expect any motion pictures to be made about it.

This article was originally posted on Clearcode’s Medium publication.

Got questions about the GDPR?

We specialize in building GDPR-compliant AdTech & MarTech platforms. Ask our team a question today!

Get your questions answered

FREE AdTech & MarTech Resources

Thousands of C-level executives, software engineers, marketers, and advertisers all learn about the inner workings of AdTech and MarTech with our bimonthly newsletter — and so can you! Subscribe today and get access to the latest and best articles, videos, and guides!