Both the UK data reform and the newest ePrivacy Regulation draft propositions suggest that no approval ought to be needed for non-privacy-intrusive cookies that improve internet experience (like retaining shopping cart history), or for cookies for the purpose of audience measurement (i.e., web analytics) and for security and performance purposes. In February 2019, the UK ICO released an evaluation of real-time bidding (RTB). Is it a method to avoid being the one to pull the plug on RTB, which would cause the collapse of numerous ad tech business and contribute, in the eyes of the UK government, to the financial downturn triggered by Brexit and the COVID-19 pandemic? Its also crucial to remember that absolutely nothing would have prevented the UK government and the UK ICO to press in this direction, even before leaving the EU.
As the Financial Times puts it: “In any case, for UK companies doing any kind of organization in the EU, having a different domestic program to comply with seems burdensome, not innovative.”.
“The Sell Sider” is a column written by the sell side of the digital media neighborhood. Todays column is written by Alessandro De Zanche, an audience and data strategy expert.
Development is not a smooth path or a straight line, as numerous in history have actually advised us..
It seems to be the case for information and personal privacy policies, too, as the spotlight was just recently on the UK and its require information reform it released in September, “Data: A New Direction.” Some interpreted the piece as a stance against the European Unions General Data Protection Regulation (GDPR).
In June, the EU Commission revealed that “adequacy” decisions for the UK have been approved– suggesting that the EU considers UK GDPR provides an “essentially comparable” level of data defense to that which exists within the EU.
At the end of August 2021, UKs Secretary of State for Digital, Culture, Media and Sport, Oliver Dowden, declared the UKs intention of “reforming our own information laws so that theyre based on typical sense, not box-ticking,” and labeling it as a “Brexit dividend” for people and businesses throughout the UK..
Days later on, the UK Information Commissioner Elizabeth Denham shined a light on what this implied by asking her G7 counterparts to sign up with forces to reconsider cookie pop-ups, pointing out cookie “fatigue” amongst users.
The poster topic of the cookie pop-up.
It is intriguing that pop-up tiredness is advanced as the issue (which impacts other types of identifiers aside from cookies), rather than the manifestation of a larger, unsettled contradiction. The dispute between real-time bidding (RTB) and GDPR is produced by the method approval is dripped down across hundreds of business unknown to the user and how that information is shared throughout them through the digital advertising community. Which, among other things, makes impossible the standardization of consent for advertising.
The RTB-GDPR conflict, when speaking about cookie tiredness, will have an even larger negative impact in the future. In truth, both the UK information reform and the most current ePrivacy Regulation draft proposals suggest that no permission must be needed for non-privacy-intrusive cookies that enhance internet experience (like maintaining shopping cart history), or for cookies for the purpose of audience measurement (i.e., web analytics) and for security and performance functions. Which leaves us– and the pop-up– with the intricacy of permission for marketing and personalization purposes.
The relationship between the UK ICO and RTB along the years.
In February 2019, the UK ICO introduced a review of real-time bidding (RTB). In their June 2019 report, they determined a variety of problems, finding that “there is a considerable lack of openness due to the nature of the supply chain and the role different actors play.” They offered 6 months time to the industry to set their home in order, however their investigation dropped in May 2020 due to the pandemic. It resumed in January 2021.
Almost three years and billions of pop-ups later on, RTBs GDPR compliance still feels like the squaring of a circle without an indication of a last position for the UK ICO on the horizon.
Non-compliance of consent collection practices.
Given that GDPR entered into force in May 2018, cookie and consent pop-ups have gone through several trends of non-compliance.
Researchers at MIT CSAIL, Denmarks Aarhus University and University College London released a study in January 2020, discovering that just 11.8% of the most popular Content Management Platforms (CMPs) utilized on the top 10,000 websites in the UK met the minimal requirements they set, which are based upon GDPR. They then found that “getting rid of the opt-out button from the very first page increases permission by 22 to 23 percentage points; and providing more granular controls on the very first page decreases approval by 8 to 20 percentage points.”.
Even IAB Europe itself has acted on the prevalent bad practices, punishing consent management platforms (CMP) and sending out a clear message to their members.
What has been the enforcement activity of the UK ICO in that area so far? Near to no. In the meantime, users are a growing number of pop-up tired out.
The real concern.
The overall picture pleads a concern: Why hasnt the UK ICO acted upon their RTB examination yet? Why the general public cookie crusade now, as if RTB wasnt part of the issue– and stopping working to even point out RTB issues?
Is it a technique to avoid being the one to pull the plug on RTB, which would cause the collapse of many advertisement tech companies and contribute, in the eyes of the UK federal government, to the financial downturn caused by Brexit and the COVID-19 pandemic? Is that the reason for the G7 proposal– a basically specific effort to unload the blame on the EU and GDPR? Its also important to bear in mind that nothing would have prevented the UK federal government and the UK ICO to press in this instructions, even before leaving the EU.
There is no silver bullet to fix the permission pop-up user experience issue. However a couple of actions that need to take precedence before more extreme relocations: first, the enforcement of existing guidelines (a problem for the whole of the EU, too) and, once cleared up, the establishment of a proactive and collective relationship with the EU to maintain adequacy. As the Financial Times puts it: “In any case, for UK business doing any type of company in the EU, having a different domestic routine to comply with seems onerous, not innovative.”.
Doubling standards and requirements might not be a great concept. Working together on improving the existing guidelines and how they translate into the user experience– and then implementing it– would bring a much larger benefit and, most likely, an increased status.
For media owners and marketers, it is generally through trust and clarity that the permission topic can be streamlined and structured, way prior to the extremely much needed conversation around the technical act of collecting it.
Follow Alessandro De Zanche (@adzandads) and AdExchanger (@adexchanger) on Twitter.