The Ad Tech industry is going through several developments, like the deprecation of third-party cookies and new regulations around targeted advertising and dark patterns. Not only is there a growing public awareness around privacy, but regulators are also advocating for better privacy preferences. This puts advertisers in a tough spot where they need to ensure a fine balance between business and consumer requirements.

While we are seeing several pro-privacy changes, like Apple’s new transparency framework, these have also resulted in quite a stir in the advertising landscape. Advertisers are looking for ways to maximize the use of data while also respecting consumer privacy. Maximizing the value of data while preserving user privacy has been a major struggle for Ad Tech companies.

In this post, we delve into some of the important topics in Ad Tech and the major challenges for marketers. We also had a discussion around the same on our #SimplifyForSucess podcast feat. Alysa Hutnik. You can listen to the complete podcast here: Simplify for Success - Conversation with Alysa Hutnik

1. What counts as personal information and where do Ad Tech companies go wrong in this case?

Companies are usually under the impression that if a piece of information isn’t a name, then it’s not an identifier. However, we need to consider what data is being collected to make inferences or create a profile and whether that’s tied to an IP address, or a household, person or device, in which case, it will be considered as personal information.

Companies find it difficult to take accountability as they are not fully aware of all the intermediaries and the supply chain of digital advertising. But they need to look at the bigger picture to understand how privacy laws apply to them and where their responsibilities lie in terms of user data and privacy.

To ensure compliance with privacy laws, it is advisable to limit the collection of data to what is strictly necessary for the purpose and provide transparency in terms of what data is collected and its processing. In addition, with the recent debate around sale of personal information under the CCPA, companies should limit the sharing of user data with third parties in order to steer clear of such complications.

If you are someone who shares personal information with a third party, you should:

• Employ a data map to document the flow of data in transit and at rest

• Keep track of the third parties with whom you share personal information

• Identify what personal information is involved in those transactions

• Revise third-party contracts to clearly define the roles of each party

2. What is cross context behavioural advertising and how to truly opt someone out of it?

The CPRA defines cross-context behavioural advertising as “targeting of advertising to a consumer based on the consumer’s personal Information obtained from the consumer’s activity across businesses, distinctly-branded websites, applications, or services, other than the business, distinctly-branded website, application, or service with which the consumer intentionally Interacts.”

If a company is engaged in any kind of profiling that's not strictly within that one company’s first party site and when you go outside of that first party common branding company, and they are personalizing the advertising across the Internet or other devices, then that's going to trigger this obligation where companies need to offer consumers the opportunity to opt out. It is important to note that “non-personalized advertising” is distinguished from “cross-context behavioural advertising”. Non-personalized advertising will not constitute “sales” or “sharing” when the personal information is not disclosed to another third party.

In terms of opting out, businesses should provide adequate options to consumers for managing choices and opting out of cross context behavioral advertising. Companies need to offer the right to opt-out from third-party ads and cookie collection. It's important to consider the applicable laws of the region and how they impact targeted advertising and profiling.

3. Where does first-party data stand in today’s Ad Tech space?

With new changes like Apple's transparency framework and the ultimate deprecation of third-party cookies by Google, there’s a growing concern among the advertisers. Businesses are considering the use of first-party data as it can be used to reach individuals who are not in an opt-in framework. Those having a large amount of first-party data are realizing its value for their advertising network.

Companies must be prepared to face the inevitable in this case and develop the right strategy to make the transition from third-party cookies. Importance should be given to maximize the use of the data that you already have and focus on campaign effectiveness by analysing trends. The first-party data can help derive more accurate and insightful outcomes and should be utilized to the full. This information will help you understand your consumers up close and make better business decisions.

Here’s how you can start:

• Develop a strategy: Understand the data sources and the type of data you collect. Chalk out a strategy that is relevant to your business.

• Merge data from multiple platforms or channels into one single customer view

• Provide transparency to consumers on the type of data collected and how it's used

• Only collect what is necessary

Many companies are developing alternatives to third-party cookies, read more about them here.

4. What are dark patterns? What should we watch out for and how do we differentiate between a user-friendly environment and deceptive trade practices?

Dark patterns can be defined as a deceptive interface that manipulates users into behaving in a certain manner. We need to look at the whole context to identify a dark pattern, i.e., the colours, fonts, contrast, etc. to determine whether a practice will qualify as deceptive or not. For instance, in case of the Facebook and Google decisions in Europe, it was clear why it was considered a deceptive practice as users were presented with extra steps and confusing language about the cookie choices they were making.

We can also see some examples of dark patterns with auto renewals and cancellations. If we compare the user experience of signing up for a service with that of cancelling a service, and if the companies are making users go through a lot of extra steps for cancellations, then it’s going to be a matter of concern. If we are going to make it difficult for users to exercise their choice or make changes to their choices, then those practices can be scrutinized.

It's important to design privacy choices that are easy, dedicated space for customers to both revisit and exercise their privacy rights. In order to manage the privacy choices, it is important that companies have an efficient consent management mechanism to easily act upon the user request. Apart from that, the use of confusing or vague language should be avoided in privacy policies. You can read more about dark patterns and consent management in this post.