This article is written by Julia Shullman, General Counsel and Chief Privacy Officer at TripleLift. It was originally featured in AdAge.
This week, Apple announced several new privacy features for devices and apps running on iOS 14, in its latest attempt to demonstrate superiority in privacy, especially in online advertising.
Apple users will now be able to restrict their devices from sending precise location data; control access to their clipboard; see when apps are using cameras or the microphone; see standardized information and have an opportunity to make a choice on app data uses across different apps or involving third parties. These new features also require app developers to declare how they and their vendors use data and to update the existing high-level reporting API made available for attribution and conversion by advertisers and their ad tech vendors.
At first glance, these are all welcome, user-friendly improvements. However, on deeper reflection, the announcements service to highlight Apple’s disconnect from the advertising industry—that its unilateral approach creates consumer confusion and has an anti-competitive impact.
Proprietary vs. industry-driven standards
Transparency and control over the use of data in digital advertising, and accountability to prove support for them, are particular areas of focus for companies.
Each of these new Apple privacy features appears aimed at empowering users with greater transparency and control over data collection and use. This is in marked contrast to other approaches, particularly by browsers, such as Apple’s own Safari’s Intelligent Tracking Protection, Firefox’s Enhanced Tracking Protection and Google Chrome’s Privacy Sandbox proposals, which make privacy decisions for users without asking them.
The problem is, Apple is disengaged with the rest of the digital advertising industry, which is generally focused on designing collaborative, standardized solutions that can meet user privacy and data protection needs across different browsers, device makers, operating systems, apps and their vendors.
Collaboration is hard, and it takes time to rethink industry interoperability. Even Google opened Privacy Sandbox to public collaboration and comment for two years, and now supports GDPR standards like IAB Europe’s Transparency and Consent Framework. Both decisions are likely motivated by commercial and competitive concerns, but are driving collaboration nonetheless.
Apple receives a lot of public credit for its privacy features. But, its AppTrackingTransparency and additional controls over access to its Identifier for Advertisers (IDFA) look and sound a lot like industry’s collaborative, consensus-driven privacy work in aligning standard data-use categories and user choice for GDPR and IAB, TechLab and other industry association work on CCPA, Privacy Sandbox and Project Rearc.
Fragmented solutions
Privacy is a fundamental consumer right, and consumers deserve standardized solutions which meet a range of user choices and data protection needs across all device makers, operating systems, apps and their vendors.
These new Apple features come at a time when the digital advertising ecosystem is attempting to re-architect its systems and data-sharing practices to keep up with fragmented privacy regulations, user expectations and commercial product and strategic changes. Now, instead of devoting time to collaborative technical standards influenced by collaborative policy and legal alignment, the digital advertising ecosystem will need to divert resources to build for yet another proprietary solution—designed without their input or expertise.
Apple’s specification is just different enough from other solutions—like IAB’s Transparency and Consent Framework and CCPA Solution; Google’s Consented Providers solution for GDPR and Restricted Data Processing solution for CCPA; Android’s Limit Ad Tracking solution; MoPub’s GDPR and CCPA solutions; proprietary “cookie” banner controls; and the standards set forth by the Digital Advertising Alliance and the Network Advertising Initiative—that companies have yet another standard to build to, and support.
Consumer experience
The launch of proprietary privacy features don’t just impact the road maps of businesses. Consider the user experience of moving between an increasing list of connected devices, operating systems and apps. Each presents a different (but overlapping) set of data uses and different choices to make, and each handles the transparency and control differently. The picture is fragmented and makes no sense. That experience can only lead to more confusion and demands from the public and, likely, well-intentioned but commercially influenced legislation to “fix” opacity in data collection, uses and choices in digital advertising. And, inevitably, the commercially influenced solution puts control in the hands of a few companies.
A collaborative approach
We need to push the industry to break this cycle of increasing fragmentation before we all lose credibility to do the right thing collaboratively. If not, only a few companies will survive, and publishers and advertisers will lose choice in the vendors they wish to use. The few survivors will be those that are able to build to these fragmented standards and somehow convince their clients, regulators and consumers that their solutions make sense and are legally compliant. We’ve already seen that support for multiple GDPR proprietary and industry standards is nearly impossible for companies and makes little to no sense to users.
What if, instead of developing its own interpretations and standards which undercut its app publishers, Apple promoted standard-setting work instead? What if, similar to Google, Apple supported technical standards work in privacy through its position as a device, operating system and app maker, to help the digital advertising industry be held accountable to user transparency and choice through an access-controlled identifier—and one which doesn’t just place power in itself or platforms?
What if Apple aligned on standard definitions and taxonomies for data uses, and other major companies’ controlling devices and operating systems followed suit?
User transparency and control over identity, data collection and use are broken, and are influenced by many commercial and strategic factors. It is time for a truly collaborative technical and policy reset.
