With the future of third-party addressability on the open web hanging in the balance, the ad industry divides in two

By Seb Joseph

A decision on guardrails to help the ad industry gain consent to track people across the European Union was meant to leave everyone with no doubts about one thing: whether the tracking and profiling of people across the web by a swarm of vendors is legal. Instead, it’s done anything but unify opinion.

But first, a recap: earlier this month, the Belgian Data Protection Authority said the way large swathes of the ads industry tracks people for advertising is unlawful under the General Data Protection Regulation. That’s because the Transparency & Consent Framework (TCF) the IAB Europe developed to standardize how someone’s consent for targeted advertising is collected and managed is neither transparent enough about what happens to that data nor does it secure it all properly.

Simply put, the news is a headache to anyone whose ability to precisely target people with ads online across Europe has been reliant on consent gained via TCF. Yes, the IAB is appealing the Belgian regulator’s decision, but TCF remains unlawful to use it today.

In the short term, this will mean that data gained from the framework must be deleted, which will affect targeting, profiling and reach. In the longer term, the consequences are far bigger. This data has, after all, been gathered since May 2018 so could ultimately affect what’s been collected and processed over the past four years. Not to mention the fact that cross-site tracking and targeting will be dampened. Think about it: companies can no longer collect someone’s data for advertising purposes without their consent because this ruling has decided that legitimate interests (more on that here) can not be a legal basis for processing it.

The industry’s reaction?

Panic: marketers are bracing themselves for a reduction in targeting data and reach as a result of TCF being unlawful to use to gather the consent needed to facilitate real-time bidding on impressions. It’s a logistical quagmire for marketers — one that’s made all the trickier because the regulators aren’t entirely on the same wavelength.

Of the 30 data regulators across the EU that Digiday contacted, four responded. All those responses said the same thing: the Belgian data regulator has acted as the lead authority in this case, but its decision reflects views that are widely shared among its counterparts across Europe.

Some, however, like the Danish and Dutch regulators are being more assertive in getting that message across. The Dutch regulator, for example, has urged local publishers to look for alternatives to the large-scale tracking and targeting of users across the open web after coming to the conclusion that it is unlikely the IAB Europe will be able to contort the TCF far enough to comply with the GDPR.

“A lot of the behavior of web publishers and online advertisers in the EU is already contrary to the GDPR (and the U.K. GDPR) so I don’t think this Dutch guidance (if that is what it is) changes anything greatly outside the Netherlands,” said Nigel Jones, co-founder …read more

Source:: Digiday