Privacy regulations such as the European GDPR (General Data Protection Regulation) are smart for customers. Advertising generation corporations have been collecting their data for years without their knowledge, consent or recourse, as revealed through the Facebook-Cambridge Analytica scandal in 2016. Customers understood that they were the Facebook app and interacted with Facebook. What they didn’t know was that Facebook was promoting their knowledge and allowing other corporations to also collect and sell their knowledge. No client knew who Cambridge Analytica was at the time.
Advertising generation companies collect, purchase, and sell this customer knowledge, supposedly to help advertisers better target their ads. This type of knowledge collection is done through third-party crawlers (javascript code) on publishers’ websites and programmatic advertisements. The user’s scale in knowledge is collected through JavaScript and then sent to the servers of advertising generation corporations. Consumers know they are interacting with nytimes. com or usatoday. com, but they don’t know the loads, the thousands of other trackers that collect their knowledge. and send it to a lot of servers from other corporations, companies that customers have never heard of.
The following X-ray page of #FouAnalytics shows how this knowledge collection is uncontrollable, even on major sites like Smithsonian Magazine. The Javascript code on the page requires classified ads and crawlers, and those classified classified ads and crawlers in turn require even more classified ads and crawlers. This phenomenon is presented in a graphical tree to show ” what is called what ”. Note that this exclusive website generated approximately 1,500 ad server requests, 1,100 follow-up calls, and many other requests, more than 2,800 in total. The customer’s idea that they were going to a Smithsonian website. This is what were designed to govern privacy regulations. But, depending on the rigor of your application, it remains to be noticed whether there will be a genuine get. advantages for the customer.
Privacy regulations state that companies must obtain the user’s “consent” to collect their knowledge, use knowledge for ad targeting, and show them advertisements. Some regulations also use the concept of “informed consent”, which means that the customer will have to receive the law and then give their consent voluntarily. At most of our experience, this does not happen in genuine life. When a customer faces a 20-page “user agreement” written in “legal language,” what do virtually everyone do?Scroll down and click “I agree” without reading anything. They may have given their consent or accepted something; however, in fact it was not an “informed” consent. Also, would a customer consent to an ad-generating company, or 100, that he has literally never heard of?They think they were interacting with smithsonianmag. com in the example above.
Even if the online page editor bravely tried to do the right thing and comply with those privacy rules, the task is almost impossible. Take, for example, Condé ‘Nast’s efforts to comply with the consent requirement. The following YouTube video perfectly illustrates the demanding situations. Displays the pop-up window that is presented to the consumer. They should scroll down and literally check the box next to the other hundred ad generation vendor names to consent to ad tracking and targeting. Clearly, this poses a number of problems. Consumers hate classified ads in the first place. Consumers have never heard of these ad-generating companies. And although they took the time to tick all the boxes, they did so without reading the classified ads from the privacy policies connected next to the provider’s name. Even if Condé ‘Nast were to receive consent in this way, would that mean they were complying with the law?Even that is not yet clear, as historically there have not been enough examples of application to examine.
To solve this problem, more generation has been created. These are called CMPs or consent control platforms. These are third parties who help advertisers and publishers download customer consent. Once consent is obtained, those platforms also help the same advertisers and publishers if the customer has consented, and if so, to what? In accordance with the regulations, a client gives his consent for certain activities (data collection, cookie setting, etc. ) to certain parties (a specific website, an ad generation company, etc. ) for a specified period ( 1 month). , etc. ). CMPs want to track all of this, customer to customer, so that when that express customer accesses a website, the site, ad generation corporations, and advertisers can know if the customer has consented and what. consent. was provided, for example, to display an advertisement, set a cookie and / or collect your data. All of this has to happen in a matter of milliseconds; otherwise the customer’s delight will be bad (page and classifieds take too long to load).
The regulations are not only difficult for any customer to understand, but they are also difficult for government entities to enforce. It is not even known which approved government entity will ultimately be guilty of prosecuting violations of those regulations. Other problems will arise, such as the following: 1) Companies will insist that they have complied with the law by downloading their consent, but the customer was “informed” when they gave their consent. consent? 2) corporations may insist that they do not want to download their consent because they do not use any PII (“personally identifiable information” – name, address, phone number, email address), 3) companies would have possibly downloaded consent to posting ads but not selling users’ knowledge, 4) companies may not have provided a way for customers to find out their own knowledge and correct if there were any errors, 5) in which country was the knowledge collected? 6) Is this an IP constituting a PII, like it does in Germany ?, Etc. There are literally lots and lots of other scenarios and issues like the ones that go unresolved, making the app absolutely up in the air .
So in the meantime, while everyone else expects instances to continue and compliance measures are taken (this can take years), ad generation continues to do the things that invade the privacy it does. they’ve been doing it all along. Some of the largest advertising generation corporations can use their abundant resources to combat and combat law enforcement measures. Even if they are prosecuted, trials can last for years. Even the billion-dollar fines can be just a drop in the bucket for them or be canceled simply as the charge of doing business.
As a privacy practitioner and advocate, what I’m seeing right now is a combination of accidental results and new bad habits. An accidental result of privacy regulations is that companies are taking MORE fingerprints. Fingerprinting consists of combining many device and user characteristics and combining them to uniquely identify a person. The details of all the tactics that are carried out are covered elsewhere: “No more third-party cookies, no problem. ” Unlike tracking cookies, which are set in user browsers and can be deleted through the user, fingerprints live on the servers of ad-generating corporations that collected the knowledge and used it to identify the person. only. This is even more invasive of privacy and immune to privacy protections presented through browsers like Safari, Firefox, Brave and now Edge: delete cookies, block third party trackers, etc. Consumers have not consented to being fingerprinted remove fingerprints because they do not live in the browser.
Another challenge is that of bots. Robots used to advertise fraud easily consent to being baked, tracked and spread. That’s your job – to make the classified ads load. Not only have we noticed bots that have consented to GDPR, we are also seeing fake consent strings, like the example below. How do we know they are wrong? Consent strings are intended to correspond to a specific device (operating formula and browser), used through a specific person. The singles consent string below appears to be in use in classified ads or device classifieds in dozens of countries. It is not a true chain of consent. it is an imitation. And in many ad exchanges, even if they check for “consent”, they may be presented with a fake consent string like this one displayed by the ad. So to answer a query that I get repeatedly, “Will the GDPR and privacy regulations reduce ad fraud?” – The answer is no. It can even grow. Few humans have consented; many fraudulent robots have given their consent. So if a marketer tries to do the right thing and only shows classified ads to users who have consented, they may inadvertently show more classified ads to more bots (who have consented) ).
Finally, at the technical level, cookies are set when the page is first loaded, this occurs before the user has the opportunity to give their consent or reject it. So what do we do with those third-party cookies?Would these corporations even be in the right jurisdiction to be prosecuted?
It is perfectly transparent now that while privacy regulations are a smart concept and aim to protect customer privacy, implementing and enforcing those regulations will be difficult, especially for fair parties: publishers like Count ‘Nast. However, even then, it can be argued that customers simply gave their consent without reading or understanding anything in the pop-up window. also benefit from fraud, such as forgery of chains of consent for your robots, which can continue to generate money by making classified ads load.
If all this is so and ineffective, has all hope been lost?No, this is what I recommend.
Well, customer publishers deserve to extract as many third-party javascript code trackers as possible from their site. Even if the publisher does not violate the privacy of its users, the third parties they provide on the site may do so. for your acts of violation of the law of third parties that you have legal on the site?
Marketing specialists will need to download your consent. As a consumer, I would probably consent to Hersheys, Mercedes Benz, Heineken, etc. , because those are brands that I know and trust. If the advertiser has downloaded consumer consent to collect their knowledge and display ads. , regardless of the exchange of advertisements, the advertising partner, the ad server, etc. , used through the marketer, has the direct consent of the user himself. Therefore, it is very likely that the marketer will comply with the law even if all other intermediaries in the advertising generation are not.
I’ve been a virtual marketer for 25 years. Now, marketers audit their virtual campaigns to detect ad fraud that isn’t found through widely used ad verification services.
i have ever
I have been a virtual marketing specialist for 25 years. Marketing specialists now audit their virtual campaigns for undetected advertising fraud through widely used ad verification services.
I have witnessed the full arc of virtual marketing evolution since the mid-1990s. I have taught virtual strategy at New York University’s School of Continuous and Professional Studies and the Rutgers University Center for Management Development.
I worked on the “customer side” for American Express and on the “agency side” as digital director of Omnicom’s fitness consulting organization group and as senior vice president of digital strategy at McCann Worldorganization/MRM Worldwide. My new York career with McKinsey