Adtech Reacts to CCPA
We’ve discussed CCPA often in our previous roundups. From IAB releasing the CCPA framework and Google’s plan to integrate CCPA, the upcoming bill is pushing the adtech ecosystem to take a privacy-first approach.
Last week, Digiday interviewed several agencies and platforms to understand how the industry is prepping up for the CCPA. Well, the reactions aren’t too surprising.
– Some buyers are beginning to roll back their behaviorally targeted ad campaigns. This is what happened when GDPR came into effect. Several advertisers targeting EU users paused targeted ads to ensure they’re not getting into any unintended data breach issues.
– Ad tech companies are planning to limit data usage. Whether it is data received from third-parties or data they’re generating, imposing some limits are necessary until the term “sale” of the data is free from ambiguity. For instance, GumGum doesn’t sell data in exchange for money, but as it is part of programmatic advertising, the company plans to put a notice for California residents saying it sells data and also provide them opt-out methods, just to be cautious.
“Digital advertisers use a variety of types of information that may be personal and is exchanged with other companies in order to fulfill their purpose or their services. Whether that meets the definition of sale under CCPA is questionable in some cases”
– Aaron Tantleff, a partner at law firm Foley & Lardner.
– Yes, the industry is waiting for California’s Attorney General Office to clarify how the rules will be enforced as well.
Interestingly, on the other side, advertising trade bodies including the Interactive Advertising Bureau, Association of National Advertisers, American Association of Advertising Agencies, American Advertising Federation, and Network Advertising Initiative, are asking California’s Attorney General to remove “extralegal” do-not-track from the bill.
“It is not possible through these settings for a consumer to make discrete choices among businesses allowing the consumer to restrict certain businesses while permitting other businesses to transfer data to benefit the consumer”
Google to Limit Cross-site Tracking
Everyone is closely watching Google so that they can prepare if there are any updates against its third-party cookies. Because we knew Google proposed a new advertising standard ‘privacy sandbox’ to replace third-party cookies.
Recently, Google announced a small, but rather important change regarding how it will handle cookies according to standard flags.
So, what’s the update?
From Feb 4, 2020, with the release of Chrome 80, the Chrome browser will require cookies to be flagged as secure using an internal standard called ‘SameSite’. If it isn’t, the browser won’t send those cookies in cross-site requests. In other words, the cookies won’t be accessible to anyone for any use case.
“For those that don’t make the deadline, their third-party cookies will break, which means everything that relies on those cookies will break: audience recognition, analytics, attribution – you name it.”
– Ratko Vidakovic, founder of ad tech consultancy AdProfs (AdExchanger).
Why we need it?
With the SameSite flag, Chrome is ensuring cookies aren’t misused by fraudsters to manipulate clicks and prevent insecure data sharing between the domains. Cookies that aren’t labeled will cease to work in Chrome.
And, in case you didn’t know, SameSite isn’t a new concept. But it has never been a requirement in Chrome. But it will be from the next version.
Make sure you’re labeling your cookies with the SameSite flag. You can set it to
- Strict (SameSite=Strict). No cross-site sharing. So, no one except the domain that sets the cookies can access it.
- Lax (SameSite=Lax). It is less restrictive. Cookies can be shared b/w the domains owned by the publisher.
- None (SameSite=None). This is what you need to ensure ad tech platforms are reading cookies as they are now.
Currently, SameSite is set to None on Chrome by default. From Feb, it will be set to Lax. So, you and your partners need to set it to None again.
Prebid Welcomes New Publishers
Prebid, an open-source community formed to enable publishers to implement header bidding has been attracting new members. Recently, The Trade Desk become the first DSP to join the Prebid and last week, several media companies including News Corp, Insider Inc, Chegg, and SHE Media joined the Prebid.org.
“We are thrilled to see so many publishers interested in joining the Prebid community. Publishers have a critical role to play not only as users of Prebid but also as key contributors to the technology and product. A community approach is the best path forward to keep Prebid thriving and growing.”
– Tom Levesque, President of Prebid.org
The reason is quite simple. Prebid is the most-used wrapper to run header bidding. As it is an open-source, publishers can have more control and transparency. Besides, several header bidding providers built their wrappers on top of prebid. By bringing together the best in the industry (from all the sides), prebid can help the entire ecosystem to thrive.
Cookies are Causing Data Leakage
‘Cookies’ is easily the topic of our industry this year and it doesn’t seem to be ending. Last week, Redbud, an adtech consultancy scanned 68 of the top news and magazine sites in the U.K., Germany, and France to see the impact of third-party cookie syncing on the site.
Here are the highlights:
– 81% of the sites had vendors that are potentially causing privacy risks – either because they aren’t compliant or there’s a chance for data leakage.
– Third-party redirects delayed the site loading time to 19 seconds.
– Most importantly, 58% of the vendors registered with IAB TCF aren’t reading consents strings at all.
Agreed that the top sites tend to have more partners and trackers. But that doesn’t mean, your site won’t be impacted at all. It is always better to constantly assess and cut down the partners that aren’t adding any value.
Chart of the week
Facebook has acted as one of the most predictable sources of referral traffic available to publishers, according to Parsely data – From Digiday.
Moments that matter
Privacy, Cookies, And Personalization: Ad Tech Needs To Get Over It – AdExchanger.
Global ad spends to rise by 4% in 2020 as the UK outperforms with a 5% growth – Campaign.
Why GDPR Didn’t Inhibit Programmatic Growth in the UK as Anticipated – eMarketer.