EDPO (European Data Protection Office)’s Post

More from the #Masterofprivacy!

[EN] Given that neither #privacy advocates nor #competition authorities or digital #advertising stakeholders found the #PrivacySandbox to be a reliable alternative to third-party #cookies, it was becoming clear that they were to be replaced by a combination of consent pop-up armageddon and far more intrusive ID-based targeting solutions. In sum, the worst of both worlds. We are instead presented with a single persistent choice (yet to be defined) and two alternative frameworks for interests-based or profile-based advertising -the line is more blurred than it sounds-, with the current solution (cookies) representing the latter. Again, a summary of all key facts on the timeline (in the context of my conversation with Carissa Véliz, hosted by Ethical Commerce Alliance) before kicking-off a couple of interviews expanding on those thoughts - on Masters of Privacy https://lnkd.in/d5FrgSuf

“Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region.    "An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data," the Court of Justice of the European Union (CJEU) said in a ruling on Friday.    In other words, social networks, such as Facebook, cannot keep using users' personal data for ad targeting indefinitely, the court said, adding limits must be set in place in order to comply with the bloc's General Data Protection Regulation (GDPR) data minimization requirements.”    Under GDPR Article 5(1)(c), companies can only process necessary personal data, preventing third-party data from being used for targeted ads without proper limits. Privacy activist Max Schrems filed a case in 2014, arguing that a social media platform targeted him with ads based on his sexual orientation. The European Court of Justice (CJEU) ruled that social platforms cannot aggregate and analyze personal data, like sexual orientation, from external sources for targeted advertising without explicit consent.    This highlights how GDPR plays a key role in protecting personal data from being used for targeted ads without clear consent. Companies also need to ensure they strictly comply with GDPR by limiting data processing to what is necessary and obtaining explicit consent for sensitive information. https://lnkd.in/gGwFy7uY     #cybertronium #cybertroniummalaysia #dataprivacy #adverstising 

GDPR-like restrictions on data privacy & ad targeting could be coming to the US. Will be interesting to see if this gathers steam in Congress while so many other issues are taking center stage. While ad targeting could be negatively impacted, marketers might actually benefit from a nationwide standard in data privacy regulation, as opposed to the state-by-state patchwork we have now. https://lnkd.in/dGgdPHNJ

The privacy organisation NOYB (None Of Your Business) has filed a GDPR complaint against Microsoft's advertising broker subsidiary, Xandr. NOYB said that Xandr is collecting extraordinary amounts of data to profile users to operate its services, but data on its own website shows that it complied with none of the 1,294 access requests and 660 deletion requests made under GDPR. Many people are not going to have heard of Microsoft's Xandr or what it does. NOYB has a nice explainer in its announcement: "If companies want to use targeted advertising to promote their products or services online, they have to go through so-called Real Time Bidding (RTB) platforms. One such platform is run by Microsoft subsidiary Xandr, which allows advertisers to buy ad space on websites or in mobile apps in a fully automated way. When a user visits a website, an algorithmic auction takes place in order to decide which company can display an advertisement. Because a users’ interests and characteristics ultimately determine an advertiser’s willingness to place an ad, Xandr collects and shares a massive amount of personal data in order to profile the users and to allow for targeting. Much of that data is bought by external parties like emetriq, a subsidiary of [Deutsche Telekom]." #databreach #GDPRbreach https://lnkd.in/d8cUR6S6

Front row seats on the 3P cookie deprecation rollercoaster 🎢 1. IAB task force says Chrome sandbox does not support most use cases (including lookalike modeling, competitive separation on the page, audience creation, video advertising, frequency capping and most forms of ad reporting): https://lnkd.in/gEe4tiz2 CMA says hold my beer… 2. Reporting Privacy Sandbox does not meet anti-competitive expectations - favouring Google services and limiting competitor access to same data whilst also rendering the ability of publishers and advertisers to be less effective on identifying fraudulent activity. https://lnkd.in/gQ3bG-yb #dataprivacy #privacy #cookieless #customerdatamanagement

It’s not just third-party cookies that will cause signal loss for brands. With privacy law reforms speeding towards the marketing and media industry, pretty much every identifier used for ad targeting is under threat. During this week’s D_Coded News Corp event, panellists from Journey Beyond, Omnicom, AdFixus and LiveRamp predicted chaos ahead but some emerging opportunities – including a 150 per cent lift in performance for Journey Beyond off its News Corp partnership – if consented first party data is harnessed right. News Corp Australia Kristiaan Kroon Daniella Harkins Pippa Leary Wade Stokes Roland Irwin Omnicom Media Group

Some of Australia’s largest and best-known brands are being urged to remove a tracking tool from Chinese-owned social media giant TikTok amid revelations it is harvesting Australians’ data including email addresses, mobile phone numbers and browsing histories without their knowledge or consent, in a potential breach of the nation’s privacy laws. TikTok’s tracking tool, known as a pixel, is an invisible piece of code that tracks a user’s web history and personal information, even if the user doesn’t have a TikTok account. The pixel can then track a user across the internet and piece together their identity including their email, phone number and buying habits – even if they don’t have TikTok on their phone. Marketers often use tracking pixels for legitimate purposes, including re-targeting campaigns and to deliver more relevant ads that follow users across websites. Tech giants such as Meta (owner of Facebook) and Google have their own tracking pixels. But tests show the pixel from TikTok, owned by Beijing-based parent company ByteDance, doesn’t wait for user consent and is more aggressive in how it scrapes the data – data that may be made available for sharing with other Chinese corporations and the Chinese government. The revelations have prompted calls for Australia’s information commissioner to urgently launch an investigation and for websites to remove TikTok’s tracking pixel. Read more in my story for The Age and The Sydney Morning Herald. https://lnkd.in/g68_9w-b

Google is updating its practices to comply with new state privacy laws and user opt-out preferences. This means they'll be enabling Restricted Data Processing (RDP) for new state laws and honoring Global Privacy Control opt-outs, which will disable personalized ad targeting for opted-out users. This change is a step towards keeping advertisers on the right side of the law, but may impact ad targeting efficiency and personalization capabilities. #Google #Privacy #DataProtection

Where do we draw the line in a marketing environment where consumers can opt out of “targeting?” Would an ad on a bus stop, targeting local people be in breach, if it didn’t run “exclusions?” This and other great questions were posed at the IAB Data and Privacy Summit this week. It left me questioning if the new Privacy reform may end up restrictive to the point it is unworkable. #Privacy #Marketing