IAB Tech Lab Finalizes Global Privacy Platform And Advises The Industry To Prepare For Updated US State-Level Signaling – IAB Tech Lab
IAB Tech Lab announces finishing its Global Privacy Platform (GPP) which it is now ready for the industry to apply. GPP is one of the solutions that came to life as a fruit of the Project Rearc initiative and its main goals are said to be: to communicate, consolidate, and manage consent signals through the ad tech supply chain across different regulatory environments.
The GPP currently supports the US Privacy and the IAB Europe TCF consent strings which are promised to be enhanced with US state-specific privacy strings and the IAB Canada TCF consent string in the coming weeks/months.
GPP’s perspectives in Europe, however, are not clear as, according to the AdExchanger’s article, the TCF’s future in Europe is to be decided by the EU’s high court. The author recalls the roots of the lawsuit (where IAB Europe appealed the DPA’s – Belgian Data Protection Authority – ruling which claimed the TCF was not compliant with GDPR) and points out that the Belgian court wanted to get the EU high court’s standing regarding 2 major issues: whether IAB Europe is a data controller for the TCF and whether TC Strings (the term for TCF data signals packaged with an RTB bid) should be considered personal data. It is also suggested in the article that getting answers is unlikely to happen earlier than 2024 and a negative one would most likely cause the Belgian court to drop the case while a positive one would result in IAB Europe’s financial liability for GDPR claims against the programmatic supply chain.
In the meantime, according to this IAB Europe’s press release, DPA intends to continue investigating the TCF, which is frowned upon by IAB Europe as its case is based on assumptions (the 2 issues described above) which are yet to be resolved by the Court of Justice of the European Union. IAB Europe claims any actions taken before the resolution should be deemed unlawful.
Topics, Fenced Frames, and Attribution Reporting APIs are ramping up to 1% of Chrome Stable traffic on Android – GitHub
On 9th September 2022 it was announced on GitHub that Topics, Fenced Frames, and Attribution Reporting APIs are ramping up to 1% of Chrome Stable traffic on Android for the Privacy Sandbox Relevance and Measurement Origin Trials.
The list of entities which theoretically test the Privacy Sandbox (available here) entails a solid number of mobile players, which is hopeful, but RTB House reminds you that for the trials to be meaningful, a lot of ad tech players must participate in them. The whole industry would benefit if the situation similar to the one described in the article above, where the FLEDGE web trials lacked sufficient engagement, did not happen again.
New ways for publishers to manage first-party data – Google Blog
In the middle of September, Google launched a beta-test of Seller-Defined Audiences (SDA) signals within Google Ads and DV360. It is supposed to be the first part of its “publisher provided signals” tool.
Achim Schlosser expressed concerns in his LinkedIn post that an excerpt from one of the court transcripts, in which representatives of Google participated, indicated that Google maps its PPID against other identifiers. The author of the post points out that this practice is not compliant with Google own’s policies. In connection to that, SDA could potentially create yet another data point enriching the aforementioned graph, enabling Google to use it to target across its own inventory, rather than on publishers’ properties.
Last but not least, Google announced adding controls to Encrypted Signals and changing their official name to “Secure Signals” to better reflect their customizability.
Will SKAdNetwork 4.0 finally kill device fingerprinting? – Mobile Dev Memo
The author brings back Apple’s problem of enforcing its strict policies against fingerprinting and gives an opinion that there are 2 reasons for which it will probably be eradicated soon.
The first reason, listed in the article, is that SKAdNetwork is going to be upgraded from version 3.0 to 4.0 in Q4 2022 and the author theorizes that its improved attribution reporting will leave companies with no need for leveraging “imprecise, unreliable” fingerprinting practices.
The second reason, pointed out in the article, is that Google started the Privacy Sandbox initiative for Android, which would limit access to the Android device identifier (similarly to what Apple achieved with its ATT) and introduce a “SDK Runtime” feature which is intended to block access to a device’s technical parameters (which are essential for fingerprinting to work). The author concludes that it would leave Apple as the only large mobile system provider which doesn’t actively block fingerprinting.
If you have any questions, comments or issues, or you’re interested in meeting with us, please get in touch.