European telcos are moving ahead with a plan to create a joint venture to offer opt-in “personalized” ad targeting of regional mobile network users following trials last year in Germany. Although it remains to be seen whether European Union regulators will sign off on their plan.
The Commission has until February 10 to make a decision on whether to clear the joint venture (JV) and, therefore, whether or not to let the carriers go ahead with a commercial launch.
A spokesman for Vodafone said the telcos are not in a position to comment on the intended JV at this stage while the Commission considers whether to clear the initiative — and wouldn’t be drawn on a potential launch timeframe. They suggested public messaging on the project will follow approval — assuming the telcos do get a green light from Brussels to work together on the mobile ad targeting infrastructure.
The project also faced some early attention from data protection authorities in Germany and Spain. We’re told engagement with regulators led to some tweaks to how the telcos proposed to gather consent — to make the process more explicit.
The telcos’ filing submission proposing to create a JV, which is dated January 6, 2023, confirms that “explicit user consent” (via an opt-in) is the intended legal basis for the targeting, writing:
Subject to explicit user consent provided to a brand or publisher (on an opt-in basis only), the JV will generate a secure, pseudonymized token derived from a hashed/encrypted pseudonymous internal identity linked to a user’s network subscription which will be provided by participating network operators. This token will allow the brand/publisher concerned to recognize a user without revealing any directly identifiable personal data and thereby enable them to optimize the delivery of online display advertising and perform site/app optimization. Users will have access to a user-friendly privacy portal. They can review which brands and publishers they have given consent to, and withdraw their consent.
The distinction the four telcos behind the proposed JV are seeking to claim for their proposal for consent-based ad targeting — versus current-gen (legally clouded) adtech targeting — is, firstly, that it’s based on first-party data (the claim for the TrustPid project is no syncing and/or enriching of the individual-linked targeting tokens is allowed or possible between participating advertisers). So it’s not the kind of consentless-by-design background “superprofiling” of users that’s landed current-gen adtech into such legal (and reputational) hot water. The proposed tracking is siloed per brand/advertiser — with each needing to gain upfront consent from their own users and only able to target against data points they gather. (Plus we’re told user-linked tokens would be cycled regularly, with the initial proposal being to reset them every 90 days.)
Secondly, the telcos are proposing to put contractual limits on participants — such as requiring that no special category data (e.g., health data, political affiliation) can be attached by an advertiser as a targetable interest to a user-linked token. They also want the JV to have the final say on the language/design of consent pop-ups (which they say will offer users a top-level refusal, rather than burying that option as routinely happens with cookie consent pop-ups). And they say they will audit all participating websites on a regular basis.
There is a third check: a portal where mobile users can view (and revoke) any consents they have provided to individual brands/publishers to use their first-party data for ads — and that, we’re told, will provide an option that lets mobile users block the entire system (so a hard opt-out). Although we understand it’s not currently the case (in the trial) that users who apply such a block are prevented from receiving pop-ups asking for their consent to the ad targeting — so, again, consent spam and consent fatigue look set to continue. (And, well, could plausibly multiply as consent gets unbundled — that is, if the system takes off with lots of brands and advertisers.) At least, unless or until they can figure out an appropriate legal basis that does not require ongoing pestering of users who already denied consent with pop-ups.
If the telcos’ JV gets the green light from the Commission, scrutiny on the project will of course dial up — and close attention to technical (and contractual) details may well throw up fresh concerns. So it’s too soon to judge whether the approach will/would pass muster with regulators and privacy experts.
There could also be friction from mobile network users themselves — if they suddenly find they’re encountering a fresh, irritating layer of consent spam when browsing the mobile web, a service they do, after all, pay the telcos to provide them with. So tolerance for extra consent spam could be very low.
Moreover, convincing mobile users to actually opt in to ads — assuming they are indeed provided with a genuinely free (and fair/non-manipulative) choice to deny tracking, rather than being forced or bamboozled into it as has been the dark pattern rule for years — presents a major barrier for uptake. Plenty of people will deny tracking if they are actually asked about it (see, for example, the impact of Apple’s App Tracking Transparency requirement on third-party iOS apps’ ability to track users).
So even if the telcos are allowed to build their ad targeting JV, there’s no guarantee mobile users on their networks will agree to play ball.
Still, if this flies, there could be a chance for brands to win web users over with a fresh approach. Being transparently upfront about wanting to process people’s personal data for ads — and, potentially, also able to offer incentives for users to agree — offers an opportunity to do things differently versus a creepy status quo that can’t clearly explain how people’s data got sucked up, where it may have ended up, or what’s really been done with it.
An upfront approach could thus provide a route for savvier brands to deepen their relationships with loyal customers by making straightforward asks, not resorting to sneaky surveillance.
European carriers file to create joint venture for opt-in ad targeting of mobile users by Natasha Lomas originally published on TechCrunch