© Getty Images
With a software update, Apple has triggered a new wave of privacy discussions inside ad tech. At the same time, a privacy directive in the European Union promises to turn up the volume on that conversation. With apologies to Bob Dylan, the codes — legal and binary — are a changing, although what’s less clear are the motives behind these changes.
Apple’s latest Safari 11 update imposes Apple cookie standards across the board. First and foremost, the new update blocks all third-party cookies, making Apple a de facto digital gatekeeper for consumers operating Apple software and devices. But the new update goes a step further by blocking or purging first-party cookies from users’ browsers without giving notice to consumers.
Right behind Apple’s announcement was the 2018 deadline of the EU General Data Protection Regulations. The impact of this law includes a revised definition of personal data to include any information relating to an individual, whether classified as part of their private, professional or public life. Personal data would include a name, postal address, photo, email address, bank details, posts on social networking websites, cookies and locations. In effect, the law would essentially require opt-in before any data can be used for targeting. But the core focus of the law isn’t privacy, it’s revenue. Any collection of personal data by the EU, or any other organization (think: Google and Facebook) will result in a four percent tax on all worldwide revenues.
The challenges presented by the Apple update and the new EU Data Protection Law involve how we address consumer consent. In both cases, whether tactically or through regulation, the new requirement is that we must ask consumers to consent to use any information that, up until now, has been the fundamental driver of online commerce. On the surface, we have what appears to be a core principle worth of debate — privacy. But pulling back the curtain reveals profit, not principle, as a handful of overzealous regulators and a single vendor grab control of the pace and direction of online commerce.
The fact is, multiple agencies, well-intentioned interest groups, and corporate compliance officers in and around the industry have worked long and hard to define online consumer protection in a manner that sufficiently addresses the use of personal data, so that consumers are viewed as non-PII actions and behaviors.
Are consumers in any way at risk if an online retailer, with a justifiable purpose in reaching a prospect online, is able to discern from online behavior that an anonymous user prefers gourmet food to fast food? Are consumers harmed if advertisers know that anonymous users favor high end clothing stores to discount brands? Exactly what harms are these anonymous consumers being protected from? And if you can think of a harm, isn’t any risk or annoyance to the anonymous user sufficiently addressed by always having the ability to opt-out?
Consider for a moment that opt-in might just be fear mongering by overzealous lawmakers searching for a way to turn the tide on the explosion in online commerce. Are they just wielding the sword of privacy to leverage their way into an enhanced tax base that replaces what they stand to lose as EU consumers migrate from Harrod’s to Amazon?
And as for Apple, how does turning off the collection of all first and third-party information occurring on your iPhone help the consumer? Such a decision is obviously a win for Apple on the PR front, but what’s the upside to decimating online retailers, health care providers, doctors and financial institutions? Remember, these parties are what the privacy attorneys currently call “vendors with permissible purpose,” because those purposes include providing consumers with goods to purchase, health care to use, and financial tools to pay for it all. Of course, Apple still knows who you are, what sites you visit, and where you shop — both online and offline. I bet this information remains relevant to the folks at Apple Pay, Apple Store, iTunes, and whatever new products and services the folks in Cupertino can dream up.
The bottom line is that if we are going to wield the “pet rock of privacy” on behalf of the consumer, our actions cannot be a bait-and-switch. Consumers have been receiving postal direct mail from the local big box store for years. They get fundraising calls from candidates for office every two years. They get credit card offers and home loan promotions from the local bank in between innings on the local cable TV feed.
Codes of conduct and opt-out regulations like “do not call” provide choices that give consumers sensible controls over their privacy, including the right to be left alone whenever phone calls from the police benevolent society or pop-ups for reverse mortgages become too much to take. Removing choice doesn’t make consumers safer, nor does it guard their privacy, but it will make Apple and the EU a lot of money.
Ray Kingman is the CEO of Semcasting, a data management platform built on patented targeting technology. He served previously as the CEO of LightSpeed Software, and as the founder and president of a division of Thomson Reuters.