Advertising and Privacy: Two Contrasting Ingredients That Need to Mix in the Changing Ad Tech Recipe

It’s been one year since Europe enacted its General Data Protection Regulation (GDPR), and thus far it has had a demonstrable impact on many companies operating in the region. Not only has GDPR led to additional diligence by companies to protect consumer data (some were sorely lacking in this regard), but the push for privacy has opened consumers’ eyes to some of the realities of data storage/exchange/use/etc. It has empowered an increasing number to voice their concerns and demand follow-through, if not additional change. To date, seven European markets (United Kingdom, Ireland, Poland, Spain, Netherlands, Belgium, and Luxembourg) have pending requests with their managing bodies to investigate aspects of the advertising workflow, most notably Real-Time Bidding (RTB). A principal issue is the amount of personal data that is made available to bidders during the RTB process, along with security concerns around the handling of this data.

While it is still relatively early days for GDPR, it is but one, albeit a very significant one, push towards additional privacy and consumer protections. Other regulations, such as Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), which received presidential sanction and will go into effect in February 2020; India’s Personal Data Protection Bill; and California’s California Consumer Privacy Act (CCPA), which goes into effect January 2020, are on the horizon and will further extend similar protections as GDPR. In addition to these relatively comprehensive regulations, more targeted laws, such as limiting facial recognition technology, are starting to gain traction. What does all of this mean for advertising and ad technologies?

In a recent application analysis report, Advertising Technologies in Video Services (AN-5047), ABI Research examined the video ad tech space and addressed some of the impacts of privacy, but new developments like San Francisco’s ban on facial recognition (for police and other city/public agencies) create new wrinkles. Within the video market, initiatives like GDPR have caused some companies to delay investments into new opportunities like location-based technologies, and in some cases, there is perceived value in data sources that obscure a users’ personal identity, despite the strong desire for better cross-platform attribution (between pay TV, CTV, and mobile). It is noteworthy that the San Francisco ban is somewhat forward-looking because the SFPD currently does not use facial recognition, and within the city, those public areas where facial recognition technology is deployed, it currently falls under federal jurisdiction (and therefore outside the purview of this new law), e.g., international airports and ports of entry. In the context of video advertising, this ban may not appear to have much bearing on the ad tech space, but it speaks to the general trends that will shape the future of data collection and advertising.

Setting a precedent like the ban in San Francisco could compel more groups to seek protections from facial recognition beyond the public agencies, extending coverage to corporations and operators as well. This might sound extreme, but past attempts to deploy facial (or individual) recognition technology within the home (e.g., Microsoft’s Xbox Kinect, which used facial and body biometrics) have already shown some trepidation from consumers; even Amazon’s new Echo Show device includes a shutter for the camera. In addition, the attention brought to major platforms/services and how data is stored and consumed (e.g., Google/Android, Facebook, Apple, etc.) could engender further reluctance to accept adding facial recognition (or other means to identify the user, such as voice) to these platforms’ data collection points—this is highlighted by features like Amazon’s Alexa that allows users to delete past recordings. Even the use of cookies has come under increased scrutiny. In the coming years, addressing the need for privacy and the demand for better data will become an increasingly difficult balancing act.

This is impactful for companies looking to better track users for targeted advertising and for cross-platform attribution. Companies within the value chain are starting to coordinate in order to offer better ad campaign management across platforms. These initiatives currently leverage partnerships (e.g., sharing data and matching users between datasets) and tech like Automatic Content Recognition (ACR) (e.g., Roku’s Activation Insights tool) to match Over-the-Top (OTT) and linear/broadcast programming. However, as more consumers use virtual assistants for a growing number of applications, these broader privacy trends/concerns will prove more impactful to the development of these types of initiatives (i.e., cross-platform advertising).

Companies have little recourse but to allow for more transparencies (to consumers) regarding how data is stored and used, particularly as new laws and regulations enter the market. Further, advertisers and marketers will need to better balance value (to the consumer) and collected data in order to receive buy-in from consumers, in effect making the transaction between advertisers and consumers more explicit. Consumers will need to willingly opt-in and trade their personal data for content, services, and/or features. The use of computer vision or voice recognition to personally identify users within the household will need to see tangible benefits for allowing services to collect data about their household—for example, tight integration between personal calendars, content recording, live event reminders, personalized content recommendations and hand-off between devices, integration with other applications like smart home, etc. Virtual assistants are already receiving interest from pay TV operators, so integrating these features into the video viewing experience is one point of entry to provide value-added features in exchange for additional personal data.

The period of transition as the industry makes adjustments to these new and future regulations will continue, but in the meantime, opportunities are available for companies to start establishing healthier relationships with customers and their data. Companies like Google have started moving in this direction, with more easily accessible privacy controls (albeit not all favoring privacy by default), but the other part of the transaction (value-add) is still largely missing beyond content and “information used to improve user experiences.”