Google Sharply Limits DoubleClick ID Use, Citing GDPR
Google is making it more difficult for advertisers to have an independent view of the data generated from ad buys in its ecosystem. In a note to partners sent Friday and obtained by AdExchanger, Google said it will no longer let buyers use the DoubeClick ID when leveraging its data transfer service. The DoubleClick ID pulls together data from the company’s various ad and consumer-facing products around a unique user ID associated with the DoubleClick cookie. As of May 25th, the same day the EU’s GDPR goes into effect, the DoubleClick ID will no longer be available for data transfers on YouTube impressions and those recorded by the DCM ad server and the DoubleClick Bid Manager DSP. Those IDs also won’t be available for DBM first in the EU, and eventually globally.
Google will also remove encrypted cookie IDs, IP addresses and user list names from data transfer for all bids in Google Ad Exchange. For buyers, stripping out the DoubleClick ID cuts off visibility to user activity within the DoubleClick ecosystem. The change will limit advertisers’ ability to measure the reach and frequency of Google campaigns against other platforms by limiting any measurement using the DoubleClick ID to Google’s own Ads Data Hub. In its note to advertisers, Google has included that the DoubleClick ID, tied to sensitive information like user search histories, could violate the strict data privacy requirements of GDPR. But for marketers, the changes make common analyses, like attribution, reach and frequency, difficult or impossible to do, said Ari Paparo, CEO of Beeswax.
Google could be banking on the fact that the long tail of advertisers will buy into its entire stack and use the DoubleClick ID as the default understanding of their audience, Heimlich said. This isn’t the first time Google has tried to get marketers on Ads Data Hub – and deeper inside the walls of its ecosystem – this month. A few weeks ago, Google suspended third-party ad serving in the EU on YouTube citing concerns over GDPR compliance. Google also said this month that a plan announced in January to discontinue third-party pixel tracking on YouTube will come into effect under GDPR. Update: This story has been updated to reflect that the DoubleClick ID is not associated with PII like names and addresses but the DoubleClick cookie.
InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework: Technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and
Hosted in this repository are the technical specifications for IAB Europe Transparency and Consent Framework that will help the digital advertising industry interpret and comply with EU rules on data protection and privacy – notably the General Data Protection Regulation that comes into effect on May 25, 2018. In November 2017, IAB Europe and a cross-section of the publishing and advertising industry, announced a new Transparency & Consent Framework to help publishers, advertisers and technology companies comply with key elements of GDPR. The Framework will give the publishing and advertising industries a common language with which to communicate consumer consent for the delivery of relevant online advertising and content. IAB Tech Lab is charged with the technical governance of these specifications. Consent string and vendor list formats v1.1 Final.
The IAB Technology Laboratory is a non-profit research and development consortium that produces and provides standards, software, and services to drive growth of an effective and sustainable global digital media ecosystem. Comprised of digital publishers and ad technology firms, as well as marketers, agencies, and other companies with interests in the interactive marketing arena, IAB Tech Lab aims to enable brand and media growth via a transparent, safe, effective supply chain, simpler and more consistent measurement, and better advertising experiences for consumers, with a focus on mobile and TV/digital video channel enablement. The IAB Tech Lab portfolio includes the DigiTrust real-time standardized identity service designed to improve the digital experience for consumers, publishers, advertisers, and third-party platforms. Established in 2014, the IAB Tech Lab is headquartered in New York City with an office in San Francisco and representation in Seattle and London. IAB Europe is the voice of digital business and the leading European-level industry association for the interactive advertising ecosystem.
GDPR Technical Working Group members provide contributions to this repository. Participants in the GDPR Technical Working group must be members of IAB Tech Lab. Technical Governance for the project is provided by the IAB Tech Lab GDPR Commit Group.
GDPR and the End of the Internet’s Grand Bargain
In May the European Union’s General Data Protection Regulation goes into effect, two years after passage by the European Parliament. Data collectors can be held responsible for violations by third-party users. Though the new law was intended to unify and simplify European data practices the minimum cost of compliance for anyone doing business with any EU resident is estimated by one survey at $1 million just for changes to IT systems, not to mention the costs of a newly designated data protection officer. While European data may still be legally stored outside of the EU, for example, it’s much easier to comply with GDPR if data remains within the borders – a boon to a fledgling European cloud services industry. Internet companies have had over a decade to integrate basic data collection and use safeguards into their operations, including limiting the data they collect and adopting international information security standards.
Until now, a fast-spreading epidemic of data misuse incidents has been largely overlooked by lawmakers, including breaches and data misuse at Yahoo, Facebook, Target, Equifax, and Under Armour. That’s bad news, and not just for companies increasingly reliant for revenue on data collection, analysis and intelligence. While GDPR is certain to improve choice, control, and transparency for EU consumers, these new powers come with new responsibilities and new costs for users, not least of which are ballooning budgets for government data management and enforcement bureaucracies worldwide. Governments are hardly the experts on data security. There have been even bigger breaches of sensitive data controlled by U.S.
and EU governments themselves. Social media providers, and e-commerce platforms, along with user forums, news sites, and emerging internet-of-things service providers large and small, may rationally conclude that the new costs and potential penalties associated with collecting, analyzing, and marketing user-provided information have become unsustainable, requiring a new business model altogether. If the grand bargain unravels, entrepreneurs will no doubt innovate new ways to make money and continue developing disruptive products and services.