The California State Legislature changed the definition of “personal data” by inserting the word “reasonably” before the term “capable” in the statement – “information that identifies, refers to, describes, [and] is capable of being associated with…a particular consumer or household.” This one tiny word allowed the whole ad tech community to breathe a sigh of relief.
Despite the fact that their lobbying efforts were unsuccessful, this is a triumph for the business because it opens the door to anonymous tracking. However, some on the privacy side will undoubtedly see this as a risky concession on clarity. Aggregated or de-identified consumer data is specifically exempted from the definition of personal information under AB-1355, which was recently passed by the Legislature. This is related to “de-identified” data, which is data that has been processed to make it impossible to link to a specific person. What does the CCPA mean by “reasonability”?
For decades, de-identified data has been at the center of privacy debates. It is associated with the risk of oversimplifying the topic’s complexity.
The obvious question is: what does it mean to be “reasonable”?
The larger a data set is, the easier it is to re-identify using statistical approaches. However, the ability of an advertiser or publisher to connect a de-identified record with personally identifiable information provided by customers after completing an order form or signing up for a newsletter is more significant in marketing. In these situations, marketing platforms are reasonably capable of linking anonymous data with any specific individual. For instance, this will support the argument of many privacy advocates that deidentification is unrelated to the problem of widespread Internet surveillance.
Industry advocates decamp to Brussels, Sacramento, and other places where privacy rules are being developed or changed to explain de-identification and its economic value to publishers and brands. The issue is persuading lawmakers and a doubting public to believe in a system that is manifestly flawed.
Firms need to be more innovative in this area. Here are a few suggestions:
- Converge Consent and Preference Management Platforms (CPMPs) with Customer Data Platforms as quickly as possible (CDPs). CDPs must support clear, visible privacy compliance rules that prohibit the violation of privacy policies or regulations.
- To make privacy regulations and metadata categories interoperable across marketing platforms, the industry needs open standards. Organizations like ISO and the IAB Tech Lab are working on similar privacy standards, but industry-wide deidentification-related protocols need to pay greater attention to marketers’ compliance.
- ISPs must wake up and take an active role in the dialogue. They’ve invested heavily in advertising and content technologies, but they’ve remained conspicuously mute on a problem they can fix by providing consumers with network-based services that allow for regulated exposure of their identities. Instead of campaigning for freedom, they might use this chance to use their personal network deidentification solutions to mediate privacy.
For more blogs checkout: Blogs
No Comments