UK Facebook users now have a tool to report scam ads

Facebook has launched a tool for UK users to report ads they suspect of being scams.

The feature can be accessed by clicking the three dots in the top right corner of each ad on Facebook, then selecting ‘Report ad’, then ‘Misleading or scam ad’ and finally: ‘Send a detailed scam report’.

So if you want to think of it as a reporting ‘button’ it’s a button that actually requires four presses to function as intended…

Flow of reporting mock up.png.rendition.992.992

Once a scam ad report has been filed, the feature will alert a dedicated internal ops team at Facebook that is tasked with handling reports — so will be reviewing reports and removing violating ads.

The new consumer safety feature follows a defamation lawsuit filed in April last year by consumer advice personality, Martin Lewis, who had become exasperated by the volume of scam ads misappropriating his image on social media to try to trick users into parting with their savings.

Earlier this year Lewis announced he was withdrawing his lawsuit after Facebook agreed to beef up its response to the problem by saying it would add the scam ad reporting feature — which is exclusive to the UK for now — and establish a local team to monitor ad trends for dubious activity.

Facebook also agreed to donate £3M worth of support in cash and Facebook ad credits to UK consumer advice charity, Citizens Advice, to fund the setting up of a Citizens Advice Scams Action (Casa) service — which has also launched today.

This service will provide specialist one-on-one help to those worried they’re being scammed or who have already lost money as a result of fake ads. It will also undertaken scam prevention work, including by raising awareness of online scams in the UK.

Writing in a blog post today on the money saving advice website he founded, Lewis confirms both the Facebook scam ad report tool and Casa have launched — the former some three months tardier than Facebook had suggested at their joint press conference in January.

As regards Casa, UK Internet users who think they have been, or are being, scammed online — either by ads or other methods — can now call the service on 0300 330 3003 for one-on-one help, or access http://www.citizensadvice.org.uk/scamsaction for more info or a web chat.

Face to face appointments will also be available in England, Wales and Scotland at local Citizens Advice bureaus. Lewis writes that the service is expected to help at least 20,000 people in the first year.

“These initiatives, which are available from today, are crucial, as scam ads can have devastating consequences,” he adds, noting that his own complaints to Facebook vis-a-vis scam ads bearing his image led to more than 1,000 ads being taken down.

“The adverts, placed by criminals, often use fake celebrity images or endorsements to dupe people into investing in fake ‘get rich quick’ schemes, buying diet pills and more.

“They can lead to many people being conned out of their cash – in the case below a man in his 80s lost almost £50,000 – and have a serious impact on people’s mental health and self-esteem.”

We’ve reached out to Facebook with questions, including whether it has plans to extend the scam ads reporting tool to other markets.

In a statement provided to Lewis, Steve Hatch, Facebook’s vice president for northern Europe, said: “Scam ads are an industry-wide problem caused by criminals and have no place on Facebook. Through our work with Martin Lewis, we’re taking a market leading position and our new reporting tool and dedicated team are important steps to stop the misuse of our platform.

“Prevention is also key. Our £3 million donation to Citizens Advice will not only help those who have been impacted by scammers, but raise awareness of how to avoid scams too. At a global level we’ve tripled the size of our safety and security team to 30,000 people and continue to invest heavily in removing bad content from our platform.”

Also commenting in a statement, Gillian Guy, chief executive of Citizens Advice, added: “We know online scams affect thousands of people every year. We’re pleased the agreement between Martin Lewis and Facebook meant we could set up this dedicated service to give more help to people who have fallen victim to online scams.

“This project means we can not only support people who have been targeted, but also raise awareness of what to look out for to help prevent online scams happening in the first place. Citizens Advice Scams Action will work alongside the free and impartial help we already offer to anyone who needs advice — whoever they are, whatever their problem.”

While celebrating the launch of Casa, Lewis’ blog post points out that the initial funding “won’t last for ever” — and he calls on other big online ad players to “follow Facebook’s lead, and put their hands in their pockets”.

At the press conference in January Lewis was especially critical of Google for being less responsive to the issue and for not having easy ways for users to report scam ads running on its networks.

We’ve reached out to Google for a response.

In another recent change to its ads platform, Facebook is also now providing users with more information about why they are seeing an ad — if they click through the menu to the option ‘why I am seeing this ad?’.

The company had been criticized for displaying only extremely general targeting criteria — making the feature appear more like a smokescreen than a genuine step towards ad targeting transparency. But last week Facebook said it was now showing “more detailed targeting, including the interests or categories that matched you with a specific ad”.

It also said it will be “clearer where that information came from (e.g. the website you may have visited or Page you may have liked)”. 

Facebook also announced updates to the Ad Preferences menu to provide its users with more information about businesses and third parties that upload lists containing their personal data, such as their email address or phone number, to Facebook to target them with ads — though limiting the data to a 90-day snapshot.

“This section aims to help you understand the third parties and businesses who have uploaded and shared lists with your information,” it wrote of the changes. “In this section, you’ll see the business that initially uploaded a list, along with any advertiser who used that list to serve you an ad within the last 90 days.”

Despite this, Facebook still does not let users deny advertiser uploads of their personal data to Facebook via Facebook itself.

In order to do that a Facebook user would have to contact each and every advertiser individually.

Why commerce companies are the advertising players to watch in a privacy-centric world

The unchecked digital land grab for consumers’ personal data that has been going on for more than a decade is coming to an end, and the dominoes have begun to fall when it comes to the regulation of consumer privacy and data security.

We’re witnessing the beginning of a sweeping upheaval in how companies are allowed to obtain, process, manage, use and sell consumer data, and the implications for the digital ad competitive landscape are massive.

On the backdrop of evolving privacy expectations and requirements, we’re seeing the rise of a new class of digital advertising player: consumer-facing apps and commerce platforms. These commerce companies are emerging as the most likely beneficiaries of this new regulatory privacy landscape — and we’re not just talking about e-commerce giants like Amazon.

Traditional commerce companies like eBay, Target and Walmart have publicly spoken about advertising as a major focus area for growth, but even companies like Starbucks and Uber have an edge in consumer data consent and, thus, an edge over incumbent media players in the fight for ad revenues.

Tectonic regulatory shifts

GettyImages 912948496

Image via Getty Images / alashi

By now, most executives, investors and entrepreneurs are aware of the growing acronym soup of privacy regulation, the two most prominent ingredients being the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act).

Three great opportunities for startups in the entertainment space

With over-the-top (OTT) changing the way we consume entertainment across devices, most of the media attention is going to the big players trying to elbow their way into the streaming space with big new subscription services and original programming. Less discussed is the suite of technologies that pave the way for those services to connect to their audience and monetize the content.

Okay, it’s true video compression, identity management, analytics, front-end personalization and device-specific experience optimization are not the sexiest topics in the media world. But without those core features and functions, the OTT revolution would be dead in its tracks. And with the big providers focused on content development, user acquisition and business model optimization, development of those technologies is wide open for innovative startups.

As always, entrepreneurs should look for cracks and gaps in the existing processes to find better solutions. Right now, the biggest systemic pains in the emerging OTT ecosystem are around the complexity of the fragmented user experience – having to sign in and out of multiple systems to get to the content we want to watch – and around adapting old mass-audience advertising models to the new era of multi-device, multi-platform, personalized viewing.

Here are three areas where small, nimble startups could make a real contribution to the industry.

Enabling the Evolving Advertising Model

Currently the streaming market is divided between ad-supported services and premium-fee subscription models, but that hard division is unlikely to survive the next wave of market disruption. Premium services like Netflix will need to introduce a lower-fee ad-based tier to expand their audience and compete with lower-priced offerings like Disney+. More fundamentally, streamers will need additional sources of revenue once they have harvested all the low-hanging fruit in terms of subscriber base growth. And because streamers have access to so much user-specific data, the potential for personalized advertising is vast.

Online ad-tech platforms are already scrambling to retool their marketplaces to serve streamers. Is that the right way to look at the new OTT ecosystem, or does the way we sell, serve and measure ads for streaming services need to evolve to address audiences binge-watching longform content rather than snacking on short-form listicles, GIFs and short videos?

There’s also a blue sky opportunity to monitor and measure the performance of interactive ads that provide click-through transactions for viewers watching on tablets or handheld devices. Early data shows these ads can be extremely effective… or they can be so annoying and intrusive that they risk alienating viewers entirely. Do we trust the big companies to get this balance right? Sounds to me like this is a job for small, focused, innovative startups with a single-minded devotion to solving one facet of this problem for the industry.

Screen Shot 2019 07 11 at 1.26.04 PM 1

Reducing Platform Friction

One byproduct of the fragmentation of the old bundled cable viewing experience is the demise of the relatively simply program grid. What we found in the 00’s is that, even with 500+ channels available through some cable systems, you can make that simple and consumable for viewers if you present it intuitively and augment it with a little bit of intelligence.

Now that we’re entering a world which each content provider requires membership in its private OTT service to access original content plus its archive of movies and shows, it’s no longer so simple. In fact, there’s a lot of friction and overhead between the user and their shows.

We see a huge opportunity for startups to address this by creating a meta-layer on top of the fragmented streaming environment that abstracts away the complexity for viewers while preserving the underlying integrity of the individual services. This layer would act like a web browser, passing user access credentials seamlessly to each site to simplify sign in, standardizing the presentation of content and ads, and securely passing user data to each back end system.

The big players have invested specifically in making these platforms closed and proprietary to maximize their own competitive advantage. You can’t count on them to fix a situation that they perceive as being in their individual interests, even if it ends up hurting the industry and the ecosystem as a whole. But there’s a great opportunity for an outside innovator to come in and disrupt this model before it ossifies into a near-monopoly situation for a few carriers.

Telephone switchboard operators circa 1914. Photo courtesy Flickr and reynermedia.

Personalizing Content

The third big opportunity also addresses this big consumer pain point of complexity, specifically around having too many content choices and no road map for finding the programs we want to see. Once again, this is a problem we were able to solve in the old bunded cable era with smart collaborative filtering technologies, recommendations, and automation that allowed people to essentially build their own personalized content channels featuring stuff they already liked and might possibly like.

Fragmentation of content across closed services makes that more challenging. Luckily, AI capabilities have evolved as well, to the point that we don’t need to think only in terms of personalizing viewing options, but personalizing the entire viewing experience.

Again, business incentives dictate that each OTT service develop its own UX to differentiate itself from competitors, but those incentives work against the desires of viewers to have a simple way to find and view content that’s standard across whatever services they use. There’s a great opportunity for startups to bring forward all that we’ve learned about UX design, customization and personalization, plus a layer of AI to simplify search and discovery of content users prefer, to make the whole streaming world much simpler.

Open Innovation Starts with IP

These are just a few examples of areas where disruptive innovators can fix problems that the industry leaders can’t or won’t. We believe that an open model for innovation needs to be part of the conversation around the future of entertainment, and that conversation must include small insurgent companies as well as the giant incumbents. But for that model to work, we need to ensure that the IP rights of those companies are protected and respected.

If we can stick by those principles, we can create a more stable foundation for the post-cable world of TV entertainment, bring new solutions to market more quickly and more efficiently, and continue to delight audiences with great content rather than frustrating them with complexity and impossible choices.

Google debuts ‘Code with Google’ coding education resource for teachers

Google is offering a new coding resource for educators via Code with Google, which collects Google’s own free course curriculum on teaching computer science and a variety of programs to help students learn to code or build on their existing skills, with stuff for people at all levels of ability.

The Code with Google resources extend beyond just learning, however, and include potential scholarships, for instance, was well as summer programs, internships and residencies.

In a blog post, Google VP of Education and University Relations Maggie Johnson noted that while recognition of the importance of computer science across all levels of education is relatively high, the actual availability of courses that include hands-on programming for students is surprisingly low, and generally only accessible to students in more affluent districts with access to more resources.

All of Google’s Code with Google resources are free, in keeping with many of its other educational offerings, as it continues to drive its education tech leadership position combined with affordable Chromebooks for schools. Google also announced a $1 million grant to the Computer Science Teachers Association alongside the unveiling of this new resource.

Google is smart to continue to approach its education strategy through free resources and easy-to-use, cloud-based software that is accessible to a broad range of both educators and students at all skill and expertise levels.

UK’s CMA launches investigation into digital advertising and its “potential harm” to consumers

Just two weeks after the UK’s Information Commissioner published a damning report setting out major privacy and other concerns about programmatic advertising, today the country’s Competition and Markets Authority poured more cold water on the digital advertising industry that could have a direct impact not just on digital advertising leaders like Google and Facebook, but the wider ecosystem of companies that form the adtech market.

The CMA has today launched an investigation to assess “three broad potential sources of harm to consumers in connection with the market for digital advertising”: the extent of market power held by platform providers; consumers’ control over their data; and competition in the space.

Or, in its own words:

to what extent online platforms have market power in user-facing markets, and what impact this has on consumers; whether consumers are able and willing to control how data about them is used and collected by online platforms; and whether competition in the digital advertising market may be distorted by any market power held by platforms.”

If competition, data protection or other violations are found, this could have a direct impact on the companies involved. The CMA has a track record of using its investigations to mandate changes at the company level, with one recent example being its order to Facebook and eBay to crack down on fake reviews. If companies fail to comply, there is then scope to use the evidence the CMA has amassed of illegal activity to take them to court and levy fines.

The online advertising industry is a massive beast that fuels a large part of how we interact online, with companies that account for the majority of our online activity, such as Facebook and Google, also some of the biggest names in digital ads. In the US, it’s predicted that digital ads will overtake spend on traditional marketing sometime this year, and the state of affairs in the UK is not far behind.

But while advertising is the great cash cow of the online world, it’s not all green fields and sunshine. Many consumers are not happy about the extent of commercial profiling, and — at a time when we are faced with daily examples of data breaches — even less so at how murky the business of online advertising really is. That’s before considering regulatory frameworks like GDPR that have also helped to raise awareness.

The launch of the investigation comes some four months after Philip Hammond, the Chancellor of the Exchequer, wrote to the CMA asking for it to launch an investigation. That request came on the heels of an independent review commissioned by the government recommended the investigation.

In the end, the CMA has coincided this investigation with the launch of its wider Digital Markets Strategy, a new framework that it has created to navigate the new and often tricky waters of providing consumer protection while at the same time fostering digital innovation. (The recent controversy around Superhuman is just the latest example of the contradiction that can sometimes exist between the two.)

The CMA said that it will be accepting comments relevant to the topic and the three areas it has outlined until the end of this month — July 30. To get a full picture of the situation, the CMA says it wants to hear from the full spectrum of organizations and businesses impacted, including online platforms themselves, advertisers, publishers, intermediaries within the ad tech stack, representative professional bodies, government and consumer groups.

These need to come in writing and can be emailed to [email protected]

From August to December, the CMA will then evaluate what it receives. If it decides that there is no need for further investigation, the CMA says that it will publish a statement closing the matter by January 2, 2020. If it decides that it will dig deeper, the resulting report will come out by July 2, 2020.

One important caveat: the investigation and any subsequent actions that might get taken are dependent on the UK not being spun into chaos over a no-deal Brexit, where the UK exits the European Union with no trade, immigration or other agreements in place. Such a situation could create unexpected (extra) work for different government organizations, which would likely take precedence over this, making this yet another example of how the Brexit mess is getting in the way of actually useful work getting done.

What startup names are most effective?

Entrepreneurs take a long journey when naming their brainchild, comparable to a parent naming their own flesh and blood.

There are many reasons behind naming – one untalked-of and probably the most important. This is, how to choose a name that gets you more business.

Technology changes how we do business. So, when developing a business name, putting some thought into how people are going to find you and what you want them to do after they find you could go a long way.

Ignoring this could do just the opposite and result in being harder to find, getting less return from your advertising and having your competitors capitalize off your brand.

Businesses have been using things like alphabetical order, call to action, keywords and more to shape business names for optimized discovery, recall and responsiveness since the phone book.

When looking for a business, I’m sure you’ve seen at least one of these two business name optimizations frequently used in the past for discovery:

1. Optimizing for discovery in phone books

Pre-internet, a listing in the phone book was key to getting your business discovered – but how did businesses get to the top of the list in their category? Piece of cake. Free listings in the white pages were categorized by business type and ordered alphabetically. Many companies ended their name with a describing word of their category and started it with something like “AAA” “AA”, “AA1” and “A AAA” to be one of the first listings in their category. You will still find thousands of these business names in different locations by typing “AAA” into yellowpages.com.

2. And a similar strategy was used for search-engine discovery

Prior to 2012, search engine algorithms gave weight in their rankings to sites that included keywords in their domain, otherwise known as exact-match domains. So, Google was more likely to rank “accountantsmelbourne-dot-com” higher than “abc-partners-dot-com” if a user searched for “Accountants Melbourne” because the keywords matched the search with similar words in its domain.

Over time, domain names and business names alike grew longer. Many were purposefully packed with every major keyword applicable to their niche.

Behavioural advertising is out of control, warns UK watchdog

The online behavioural advertising industry is illegally profiling Internet users.

That’s the damning assessment of the UK’s data protection regulator in an update report published today, in which it sets out major concerns about the programmatic advertising process known as real-time bidding (RTB) which makes up a large chunk of online advertising.

In what sounds like a knock-out blow for highly invasive data-driven ads, the Information Commissioner’s Office (ICO) concludes that systematic profiling of web users via invasive tracking technologies such as cookies is in breach of UK and pan-EU privacy laws.

“The adtech industry appears immature in its understanding of data protection requirements,” it writes. “Whilst the automated delivery of ad impressions is here to stay, we have general, systemic concerns around the level of compliance of RTB.”

As we’ve previously reported, multiple complaints have been filed with European regulators arguing that RTB is in breach of the pan-EU General Data Protection Regulation (GDPR), including the ICO.

The UK watchdog has not yet issued a formal legal decision against RTB. But with this report it’s giving the industry a clear signal that practices must change.

Its full list of conclusions is well worth reading — so we’ve pasted it below, along with our own ‘plainer English’ paraphrasing of what’s actually being said (formatted in italics):

1. Processing of non-special category data is taking place unlawfully at the point of collection due to the perception that legitimate interests can be used for placing and/or reading a cookie or other technology (rather than obtaining the consent PECR [Privacy and Electronic Communications Regulations] requires).

The ICO has found that consents for dropping trackers like cookies are not being legally obtained. The law requires obtaining consent before dropping and/or reading from a tracker. This means Internet users must be asked for consent before tracking starts happening, and also — at the point they are asked — provided with ”clear and comprehensive information” about what’s intended in order that they can make a free and informed choice about whether they want to consent or not. Whereas what’s happening now is web users are being tracked without being asked if that’s okay and also without the extent and implications of all this mass surveillance being made plain to them

2. Any processing of special category data is taking place unlawfully as explicit consent is not being collected (and no other condition applies). In general, processing such data requires more protection as it brings an increased potential for harm to individuals.

Sensitive personal data (such as political views, health information, sexual orientation) is being processed by the behavioural advertising industry — but not legally because, under UK and EU law, handling this sort of information requires a higher standard of explicit consent, given there are much greater risks of harms were it to be misused or go astray. The problem is the adtech industry is not asking Internet users for explicit consent to make and share these sensitive inferences — likely because if a pop-up asked you to agree to, for example, your political or sexual preferences being broadcast to hundreds of advertisers you’d be sure to click ‘hell no’. Trying to get around the law by just not asking also isn’t legal

3. Even if an argument could be made for reliance on legitimate interests, participants within the ecosystem are unable to demonstrate that they have properly carried out the legitimate interests tests and implemented appropriate safeguards.

Here the ICO is doubly crushing the industry’s bogus reliance on claiming what’s known as ‘legitimate interest’ as the legal basis for violating Internet users’ personal space and intimacy by spying on them. Even if it were possible to use this basis for this data purpose, the watchdog points out they haven’t even fulfilled the standard for LI — which requires carrying out various assessments and taking steps to secure people’s data. What’s actually happening is RTB does the equivalent of blasting everything it knows about you through a giant global megaphone. So, er, not at all safe then

4. There appears to be a lack of understanding of, and potentially compliance with, the DPIA requirements of data protection law more broadly (and specifically as regards the ICO’s Article 35(4) list). We therefore have little confidence that the risks associated with RTB have been fully assessed and mitigated.

The ICO says it believes the adtech industry has also failed to do due diligence on RTB — because it’s found companies haven’t even bothered to carry out data protection impact assessments (DPIAs). That in turn suggests they haven’t even tried to get a handle on privacy risks, and therefore are demonstrably not making any effort to try to reduce those risks. Epic fail

5. Privacy information provided to individuals lacks clarity whilst also being overly complex. The TCF and Authorized Buyers frameworks are insufficient to ensure transparency and fair processing of the personal data in question and therefore also insufficient to provide for free and informed consent, with attendant implications for PECR compliance.

What’s being said here is that privacy polices and consent pop ups are horribly confusing — which means Internet users have little hope of understanding what on earth they’re being asked to agree to. Yet for consent to be legal people need to understand that. The ICO also specifically calls out industry mechanisms created by the Internet Advertising Bureau and Google for publishers and advertisers to gather consents as falling short of the legal standard. So, again, another major, major fail

6. The profiles created about individuals are extremely detailed and are repeatedly shared among hundreds of organisations for any one bid request, all without the individuals’ knowledge.

If you thought Internet ads were creepy here’s the proof: The ICO is saying the behavioural advertising industry’s mass surveillance of web users results in all of us being profiled in crazy detail — and those spy files then being routinely handed off to (at least) hundreds of companies who are involved in the adtech chain every time there’s a programmatic ad transaction. These Stasi-esque dossiers are also being handed over, no strings attached, billions of times per day — so goodness knows where they end up. Still browsing comfortably?

7. Thousands of organisations are processing billions of bid requests in the UK each week with (at best) inconsistent application of adequate technical and organisational measures to secure the data in transit and at rest, and with little or no consideration as to the requirements of data protection law about international transfers of personal data.

Here the watchdog makes it clear that it agrees with the substance of the RTB complaints — i.e. that people’s information is not being lawfully handled because it’s not being properly protected. It also essentially makes the point that these illegal spy files could end up in Timbuktu and you’d be none the wiser

8. There are similar inconsistencies about the application of data minimisation and retention controls.

If all that wasn’t enough, the ICO is saying the adtech industry is failing on other core legal requirements to collect as little data as possible and to place strict limits on how long it keeps data for. Insert your own *unsurprised face*

9. Individuals have no guarantees about the security of their personal data within the ecosystem.

If it wasn’t already really obvious, the watchdog rams the point home: Basically behavioural advertising is out of control

“The processing operations involved in RTB are of a nature likely to result in a high risk to the rights and freedoms of individuals,” it further warns.

The complexity and opacity involved in data-driven advertising also means Internet users are hopelessly outgunned as their rights are systematically steamrollered. (Or as the ICO puts it: “The complex nature of the ecosystem means that in our view participants are engaging with it without fully understanding the privacy and ethical issues involved.”)

While you might think such a long laundry list of staggeringly massive rights violations should be more than enough for any watchdog to bring down the hammer and order the illegal practices to cease, the ICO is taking a different tack.

It’s creeping ahead cautiously — saying it wants to gather more data from the industry, perhaps issue another report next year, while also signalling to adtech companies that practices must change.

This is frustratingly contradictory — because the ICO also writes that it doesn’t believe the industry will change without a regulatory smack down.

“Our work has highlighted the lack of maturity of some market participants, and the ongoing commercial incentives to associate personal data with bid requests. We do not think these issues will be addressed without intervention. We are therefore planning a measured and iterative approach, so that we act decisively and transparently, but also in ways in which we can observe the markets reaction and adapt our approach accordingly,” it says in the report.

“We intend to provide market participants with an appropriate period of time to adjust their practices. After this period, we expect data controllers and market participants to have addressed our concerns.”

The contrast between the view that it’s now putting out there — that massive violations of laws and rights are occurring — and yet more regulatory inaction means it is coming in for some major flak from data protection and privacy experts, who make the salient point that rules don’t exist unless they’re enforced. Nor indeed do rights unless they’re defended and upheld…

Reached for comment on the ICO’s report, Dr Johnny Ryan, chief policy and industry relations officer of private browser Brave — and also one of the individuals behind the original RTB complaints — told us: “The ICO’s report recognises the data protection issues that we raised back in September last year. This is a useful confirmation of what was already clear. However, there is an urgent need for action now to prevent the identified illegality that undermines the privacy and data protection of every person using the Internet, the regulator must now take action.”

We’ve reached out to the IAB and Google for comment but at the time of writing neither had sent a response to the report.

The ICO’s earlier Technology Strategy planning document highlighted the risks posed by data-driven advertising. It followed that by making interrogating adtech practices a regulatory priority — hence today’s update.

Attention has also been concentrated on the sector since GDPR came into force by privacy and rights campaigners filing complaints about the legality of behavioural advertising.

In May the Irish DPC announced it had opened a formal investigation into Google’s adtech, after an initial assessment of a RTB complaint filed in Ireland.

It’s likely the ICO is taking a wait and see approach now to await the outcome of the DPC’s formal probe.

In its report the UK regulator does say it will “continue to liaise and share information with our European colleagues” — and also commits to “identify opportunities to work together where appropriate”. So there is likely co-ordination going on between the two DPAs.

There is also a hint of a solution in the report, when the ICO says it will “further consult with IAB Europe and Google about the detailed schema they are utilising in their respective frameworks to identify whether specific data fields are excessive and intrusive, and possibly agree (or mandate) revised schema”.

This sounds like it’s coming round to the view that online advertising doesn’t need masses of personal data to function — but can in fact be targeted contextually, delivering ad clicks while simultaneously protecting individuals’ privacy and fundamental rights.

A view that some online publishers also share. (Also relevant: Revenues generated by the current structure of the adtech market disproportionately flows to the tech giant duopoly of Facebook and Google, whereas publisher revenues have not enjoyed massive growth… )

“We understand that advertisements fund much of what we enjoy online. We understand the need for a system that allows revenue for publishers and audiences for advertisers. We understand a need for the process to happen in a heartbeat. Our aim is to prompt changes that reflect this reality, but also to ensure respect for internet users’ legal rights,” writes information commissioner Elizabeth Denham .

“The rules that protect people’s personal data must be followed. Companies do not need to choose between innovation and privacy.”

(For context on the -4% figure cited in the above tweet see here.)

China says apps should get user consent before tracking

Chinese regulators might follow the European Union’s lead to make life harder for internet companies such as TikTok that closely track behavior of their users in a move that could significantly hurt their revenue.

Last week, Beijing proposed a new set of measures to enforce data security for individuals and the nation overall. According to Article 23 of the draft (see translation from China Law Translate), companies that are “using user data and algorithms to deliver news information or commercial advertisements shall conspicuously label them with the words ‘targeted’ and provide users with functionality to stop receiving information from targeted delivery.”

This is good news for users in China, who could potentially take more control over what they are shown and what tech companies collect about them.

On the flip side of the coin, stepped up data protection will “definitely have an impact” on companies that rely heavily on data crunching business, Michael Tan, partner at law firm Taylor Wessing specializing in data policies, told TechCrunch.

Advances in artificial intelligence have helped adtech players get better at predicting people’s clicks, and, boost their income. Few have done it better in the Chinese mobile age than Bytedance, the startup that operates TikTok and the popular Chinese news app Jinri Toutiao. In between viral videos and news are customized ads that help the eight-year-old company, which was last valued at a whopping $75 billion, make money.

Bytedance’s success with programmatic ads prompted more entrenched tech giants to follow suit. Baidu, which is China’s answer to Google with a lucrative ad business, added a personalized news feed to its search app in 2016 as Toutiao hit the mainstream. Tencent and Alibaba also incorporated customized feeds into their main products.

“Data is too important for internet companies,” a product manager at a Shenzhen-based tech firm told TechCrunch. A lot of businesses, he said, including Bytedance, are well-prepared for regulatory scrutiny so they have plenty of backup plans and have explored alternative revenue streams.

“For instance, the apps might trick you into giving them access to your data,” the person added. “Even if you consent, you still don’t know how your data is being used.”

Traffic control

In mid-2017, China introduced a sweeping Cybersecurity Law as Beijing sought more control over how data flows within its online borders. A lot of the clauses are broad and vague, but the government has taken incremental steps to solidify them overtime, including efforts like the proposed measures for data protection.

“So far there is no unified data protection legal framework in place, though the topic is addressed by various laws and regulations including the PRC Cybersecurity Law,” explained Tan. “This is quite different from many other jurisdictions like that of the E.U. where there is unified protection framework in place with primary focus on personal data and privacy protection.”

While the set of data regulations touch on individual privacy, Tan noted that the laws’ real focus is on topics “relating to national security protection.”

For example, Article 29 of the proposed data policies stipulates that “where mainland users visit the mainland internet, their traffic must not be routed outside the mainland.” The authority does not elaborate on what counts as “routing,” though some speculate that it might be targeting people accessing overseas websites through a VPN, the tool that allows them to get around China’s censorship apparatus.

Tan suggested otherwise, arguing that the clause might be introduced “with good intention to prevent fraudulent cases including conscious or unconscious visits to overseas websites which promote illegal business under Chinese law, for example, gambling sites,” although doing so may “inadvertently hurt China-based multinational companies that have their I.T. facilities deployed globally.”

The draft measures for data protection, which were published by the Cyberspace Administration of China, the country’s top internet authority, are currently soliciting public comment until June 28.

China says apps should get user consent before tracking

Chinese regulators might follow the European Union’s lead to make life harder for internet companies such as TikTok that closely track behavior of their users in a move that could significantly hurt their revenue.

Last week, Beijing proposed a new set of measures to enforce data security for individuals and the nation overall. According to Article 23 of the draft (see translation from China Law Translate), companies that are “using user data and algorithms to deliver news information or commercial advertisements shall conspicuously label them with the words ‘targeted’ and provide users with functionality to stop receiving information from targeted delivery.”

This is good news for users in China, who could potentially take more control over what they are shown and what tech companies collect about them.

On the flip side of the coin, stepped up data protection will “definitely have an impact” on companies that rely heavily on data crunching business, Michael Tan, partner at law firm Taylor Wessing specializing in data policies, told TechCrunch.

Advances in artificial intelligence have helped adtech players get better at predicting people’s clicks, and, boost their income. Few have done it better in the Chinese mobile age than Bytedance, the startup that operates TikTok and the popular Chinese news app Jinri Toutiao. In between viral videos and news are customized ads that help the eight-year-old company, which was last valued at a whopping $75 billion, make money.

Bytedance’s success with programmatic ads prompted more entrenched tech giants to follow suit. Baidu, which is China’s answer to Google with a lucrative ad business, added a personalized news feed to its search app in 2016 as Toutiao hit the mainstream. Tencent and Alibaba also incorporated customized feeds into their main products.

“Data is too important for internet companies,” a product manager at a Shenzhen-based tech firm told TechCrunch. A lot of businesses, he said, including Bytedance, are well-prepared for regulatory scrutiny so they have plenty of backup plans and have explored alternative revenue streams.

“For instance, the apps might trick you into giving them access to your data,” the person added. “Even if you consent, you still don’t know how your data is being used.”

Traffic control

In mid-2017, China introduced a sweeping Cybersecurity Law as Beijing sought more control over how data flows within its online borders. A lot of the clauses are broad and vague, but the government has taken incremental steps to solidify them overtime, including efforts like the proposed measures for data protection.

“So far there is no unified data protection legal framework in place, though the topic is addressed by various laws and regulations including the PRC Cybersecurity Law,” explained Tan. “This is quite different from many other jurisdictions like that of the E.U. where there is unified protection framework in place with primary focus on personal data and privacy protection.”

While the set of data regulations touch on individual privacy, Tan noted that the laws’ real focus is on topics “relating to national security protection.”

For example, Article 29 of the proposed data policies stipulates that “where mainland users visit the mainland internet, their traffic must not be routed outside the mainland.” The authority does not elaborate on what counts as “routing,” though some speculate that it might be targeting people accessing overseas websites through a VPN, the tool that allows them to get around China’s censorship apparatus.

Tan suggested otherwise, arguing that the clause might be introduced “with good intention to prevent fraudulent cases including conscious or unconscious visits to overseas websites which promote illegal business under Chinese law, for example, gambling sites,” although doing so may “inadvertently hurt China-based multinational companies that have their I.T. facilities deployed globally.”

The draft measures for data protection, which were published by the Cyberspace Administration of China, the country’s top internet authority, are currently soliciting public comment until June 28.

Targeted ads offer little extra value for online publishers, study suggests

How much value do online publishers derive from behaviorally targeted advertising that uses privacy-hostile tracking technologies to determine which advert to show a website user?

A new piece of research suggests publishers make just 4% more vs if they were to serve a non-targeted ad.

It’s a finding that sheds suggestive light on why so many newsroom budgets are shrinking and journalists finding themselves out of work — even as adtech giants continue stuffing their coffers with massive profits.

Visit the average news website lousy with third party cookies (yes, we know, it’s true of TC too) and you’d be forgiven for thinking the publisher is also getting fat profits from the data creamed off their users as they plug into programmatic ad systems that trade info on Internet users’ browsing habits to determine the ad which gets displayed.

Yet while the online ad market is massive and growing — $88BN in revenues in the US in 2017, per IAB data, a 21% year-on-year increase — publishers are not the entities getting filthy rich off of their own content.

On the contrary, research in recent years has suggested that a large proportion of publishers are being squeezed by digital display advertising economics, with some 40% reporting either stagnant or shrinking ad revenue, per a 2015 Econsultancy study. (Hence, we can posit, the rise in publishers branching into subscriptions — TC’s own offering can be found here: Extra Crunch).

The lion’s share of value being created by digital advertising ends up in the coffers of adtech giants, Google and Facebook . Aka the adtech duopoly. In the US, the pair account for around 60% of digital ad market spending, per eMarketer — or circa $76.57BN.

Their annual revenues have mirrored overall growth in digital ad spend — rising from $74.9BN to $136.8BN, between 2015 and 2018, in the case of Google’s parent Alphabet; and $17.9BN to $55.8BN for Facebook. (While US online ad spend stepped up from $59.6BN to $88BN between 2015 and 2017.)

eMarketer projects 2019 will mark the first decline in the duopoly’s collective share. But not because publishers’ fortunes are suddenly set for a bonanza turnaround. Rather another tech giant — Amazon — has been growing its share of the digital ad market, and is expected to make what eMarketer dubs the start of “a small dent in the duopoly”.

Behavioral advertising — aka targeted ads — has come to dominate the online ad market, fuelled by platform dynamics encouraging a proliferation of tracking technologies and techniques in the unregulated background. And by, it seems, greater effectiveness from the perspective of online advertisers, as the paper notes. (“Despite measurement and attribution challenges… many studies seem to concur that targeted advertising is beneficial and effective for advertising firms.”

This has had the effect of squeezing out non-targeted display ads, such as those that rely on contextual factors to select the ad — e.g. the content being viewed, device type or location.

The latter are now the exception; a fall-back such as for when cookies have been blocked. (Albeit, one that veteran pro-privacy search engine, DuckDuckGo, has nonetheless turned into a profitable contextual ad business).

One 2017 study by IHS Markit, suggested that 86% of programmatic advertising in Europe was using behavioural data. While even a quarter (24%) of non-programmatic advertising was found to be using behavioural data, per its model. 

“In 2016, 90% of the digital display advertising market growth came from formats and processes that use behavioural data,” it observed, projecting growth of 106% for behaviourally targeted advertising between 2016 and 2020, and a decline of 63.6% for forms of digital advertising that don’t use such data.

The economic incentives to push behavioral advertising vs non-targeted ads look clear for dominant platforms that rely on amassing scale — across advertisers, other people’s eyeballs, content and behavioral data — to extract value from the Internet’s dispersed and diverse audience.

But the incentives for content producers to subject themselves — and their engaged communities of users — to these privacy-hostile economies of scale look a whole lot more fuzzy.

Concern about potential imbalances in the online ad market is also leading policymakers and regulators on both sides of the Atlantic to question the opacity of the market — and call for greater transparency.

A price on people tracking’s head

The new research, which will be presented at the Workshop on the Economics of Information Security conference in Boston next week, aims to contribute a new piece to this digital ad revenue puzzle by trying to quantify the value to a single publisher of choosing ads that are behaviorally targeted vs those that aren’t.

We’ve flagged the research before — when the findings were cited by one of the academics involved in the study at an FTC hearing — but the full paper has now been published.

It’s called Online Tracking and Publishers’ Revenues: An Empirical Analysis, and is co-authored by three academics: Veronica Marotta, an assistant professor in information and decision sciences at the Carlson School of Management, University of Minnesota; Vibhanshu Abhishek, associate professor of information systems at the Paul Merage School of Business, University California Irvine; and Alessandro Acquisti, professor of IT and public policy at Carnegie Mellon University.

“While the impact of targeted advertising on advertisers’ campaign effectiveness has been vastly documented, much less is known about the value generated by online tracking and targeting technologies for publishers – the websites that sell ad spaces,” the researchers write. “In fact, the conventional wisdom that publishers benefit too from behaviorally targeted advertising has rarely been scrutinized in academic studies.”

“As we briefly mention in the paper, notwithstanding claims about the shared benefits of online tracking and behaviorally targeting for multiple stakeholders (merchants, publishers, consumers, intermediaries…), there is a surprising paucity of empirical estimates of economic outcomes from independent researchers,”  Acquisti also tells us.

In fact, most of the estimates focus on the advertisers’ side of the market (for instance, there have been quite a few studies estimating the increase in click-through or conversion rates associated with targeted ads); much less is known about the publishers’ side of the market. So, going into the study, we were genuinely curious about what we may find, as there was little in terms of data that could anchor our predictions.

“We did have theoretical bases to make possible predictions, but those predictions could be quite antithetical. Under one story, targeting increases the value of the audience, which increases advertisers’ bids, which increases publishers’ revenues; under a different story, targeting decreases the ‘pool’ of audience interested in an ad, which decreases competition to display ads, which reduces advertisers’ bids, eventually reducing publishers’ revenues.”

For the study the researchers were provided with a data-set comprising “millions” of display ad transactions completed in a week across multiple online outlets owned by a single (unidentified) large publisher which operates websites in a range of verticals such as news, entertainment and fashion.

The data-set also included whether or not the site visitor’s cookie ID is available — enabling analysis of the price difference between behaviorally targeted and non-targeted ads. (The researchers used a statistical mechanism to control for systematic differences between users who impede cookies.)

As noted above, the top-line finding is only a very small gain for the publisher whose data they were analyzing — of around 4%. Or an average increase of $0.00008 per advertisement. 

It’s a finding that contrasts wildly with some of the loud yet unsubstantiated opinions which can be found being promulgated online — claiming the ‘vital necessity’ of behavorial ads to support publishers/journalism.

(For example, this article, published earlier this month by a freelance journalist writing for The American Prospect, includes the claim that: “An online advertisement without a third-party cookie sells for just 2 percent of the cost of the same ad with the cookie.” Yet does not specify a source for the statistic it cites. We’ve asked the author for the reference she was using and will update if we get a response.)

At the same time policymakers in the US now appear painfully aware how far behind Europe they are lagging where privacy regulation is concerned — and are fast dialling up their scrutiny of and verbal horror over how Internet users are tracked and profiled by adtech giants.

At a Senate Judiciary Committee hearing earlier this month — convened with the aim of “understanding the digital ad ecosystem and the impact of data privacy and competition policy” — the talk was not if to regulate big tech but how hard they must crack down on monopolistic ad giants.

“That’s what brings us here today. The lack of choice [for consumers to preserve their privacy online],” said senator Richard Blumenthal. “The excessive and extraordinary power of Google and Facebook and others who dominate the market is a fact of life. And so privacy protection is absolutely vital in the short run.”

The kind of “invasive surveillance” that the adtech industry systematically deploys is “something we would never tolerate from a government but Facebook and Google have the power of government never envisaged by our founders,” Blumenthal went on, before a few of the types of personal data that are sucked up and exploited by the adtech industrial surveillance complex: “Health, dating, location, finance, extremely personal details — offered to anyone with almost no restraint.”

Bearing that “invasive surveillance” in mind, a 4% publisher ‘premium’ for privacy-hostile ads vs adverts that are merely contextually served (and so don’t require pervasive tracking of web users) starts to look like a massive rip off — of both publisher brand and audience value, as well as Internet users’ rights and privacy.

Yes, targeted ads do appear to generate a small revenue increase, per the study. But as the researchers also point out that needs to be offset against the cost to publishers of complying with privacy regulations.

“If setting tracking cookies on visitors was cost free, the website would definitely be losing money. However, the widespread use of tracking cookies – and, more broadly, the practice of tracking users online – has been raising privacy concerns that have led to the adoption of stringent regulations, in particular in the European Union,” they write — going on to cite an estimate by the International Association of Privacy Professionals that Fortune’s Global 500 companies will spend around $7.8BN on compliant costs to meet the requirements of Europe’s General Data Protection Regulation (GDPR). 

Wider costs to systematically eroding online privacy are harder to put a value on for publishers. But should also be considered — whether it’s the costs to a brand reputation and user loyalty as a result of a publisher larding their sites with unwanted trackers; to wider societal costs — linked to the risks of data-fuelled manipulation and exploitation of vulnerable groups. Simply put, it’s not a good look.

Publishers may appear complicit in the asset stripping of their own content and audiences for what — per this study — seems only marginal gain, but the opacity of the adtech industry implies that most likely don’t realize exactly what kind of ‘deal’ they’re getting at the hands of the ad giants who grip them.

Which makes this research paper a very compelling read for the online publishing industry… and, well, a pretty awkward newsflash for anyone working in adtech.

 

While the study only provides a snapshot of ad market economics, as experienced by a single publisher, the glimpse it presents is distinctly different from the picture the adtech lobby has sought to paint, as it has ploughed money into arguing against privacy legislation — on the claimed grounds that ‘killing behavioural advertising would kill free online content’. 

Saying no more creepy ads might only marginally reduce publishers’ revenue doesn’t have quite the same doom-laden ring, clearly.

“In a nutshell, this study provides an initial data point on a portion of the advertising ecosystem over which claims had been made but little empirical verification was completed. The results highlight the need for more transparency over how the value generated by flows of data gets allocated to different stakeholders,” says Acquisti, summing up how the study should be read against the ad market as a whole.

Contacted for a response to the research, Randall Rothenberg, CEO of advertising business organization, the IAB, agreed that the digital supply chain is “too complex and too opaque” — and also expressed concern about how relatively little value generated by targeted ads is trickling down to publishers.

“One week’s worth of data from one unidentified publisher does not make for a projectible (sic) piece of research. Still, the study shows that targeted advertising creates immense value for brands — more than 90% of the unnamed publisher’s auctioned ads were sold with targeting attached, and advertisers were willing to pay a 60% premium for those ads. Yet very little of that value flowed to the publisher,” he told TechCrunch. “As IAB has been saying for a decade, the digital supply chain is too complex and too opaque, and this diversion of value is more proof that transparency is required so that publishers can benefit from the value they create.”

The research paper includes discussion of the limitations to the approach, as well as ideas for additional research work — such as looking at how the value of cookies changes depending on how much information they contain (on that they write of their initial findings: “Information seem to be very valuable (from the publisher’s perspective) when we compare cookies with very little information to cookies with some information; after a certain point, adding more information to a cookie does not seem to create additional value for the publisher”); and investigating how “the (un)availability of a cookie changes the competition in the auction” — to try to understand ad auction competition dynamics and the potential mechanisms at play.

“This is one new and hopefully useful data point, to which others must be added,” Acquisti also told us in concluding remarks. “The key to research work is incremental progress, with more studies progressively adding a clearer understanding of an issue, and we look forward to more research in this area.”