There’s an interesting debate going on between Apple and Google. It’s focused on Apple’s Intelligent Tracking Prevention (ITP) update to its Safari web browser, which rolled out a few months ago.
Designed to prevent websites from tracking consumers as they move between websites, Apple’s ITP stops certain pieces of information about site visitors from being broadcast to the other sites they visit.
The major issue with the update, Google’s engineering researchers assert, is that the pattern of information not shared about each Safari user is so specific that these patterns themselves enable individuals to be tracked. It’s almost like a cartoon character running through a wall; there’s a space where they used to be, and you can tell who it was by the shape of the hole they left.
The drama playing out between the two tech behemoths is a great example of the importance of taking a measured and industry-wide approach to evolving privacy solutions. With a few very large organizations influencing so much of our daily lives, missteps by one player can bring huge consequences, and unforeseen risks, for us all.
In the name of protecting consumers, Apple appears to have reduced the flow of information at the expense of well-meaning companies, while increasing the risk of bad actors taking advantage of these new patterns. Additionally, Google’s researchers suggest that there is no easy fix, and ITP may be fatally and fundamentally flawed.
Google themselves recently announced that they’d be making changes to their Chrome browser to ‘phase out’ third-party cookies over the next two years, also in the name of its users’ privacy. For anyone with even a passing interest in the advertising technology space this didn’t come as a surprise. Cookies, especially third-party cookies (i.e. cookies served by companies other than the owner of the website users are visiting) have become the bad guys in the story of internet privacy.
While cookies are far from a perfect solution to providing a relevant online ad experience, they have been the staple that the internet’s economy has been built on for several decades. The effort to find their replacement should be approached carefully, lest the cure is worse than the disease itself.
Just recently, a senior Google executive admitted that if the company moves too fast with changes like this, it could break the web.
Importance of an industry-wide solution
Years of creepy data overreach and scandals have led to mistrust between consumers and the tech companies that serve them. Rebuilding that trust will likely take just as long, if it is possible at all. Compliance with new, onerous, and far-reaching data protection and privacy laws like the GDPR in the EU and California’s CCPA is the cost the industry must pay for breaking that trust. Voters have asked their politicians and lawmakers to step in with new regulations where the industry has failed to regulate itself.
Before the GDPR came into effect in May 2018, the Interactive Advertising Bureau (IAB) Europe developed a framework to enable and empower internet users to choose how and by whom their personal data was allowed to be used to provide relevant advertising and content. This framework has now become the de facto standard for compliance with the GDPR in Europe. Google has been notably slow to adapt the IAB’s framework, but is finally about to in the coming months.
Similarly, the IAB in the US has developed a framework specific to the recently implemented CCPA. Again, this framework aligns the best minds in the business to ensure control is put into the hands of consumers without tipping the scales in favor of any one company.
When industry behemoths take a siloed approach to solving consumer privacy, they run the risk of harming the economy of the internet — without necessarily enhancing consumer privacy. One company acting in haste to solve issues created by many won’t resolve the foundational challenges facing the internet today.
Internet users trust publishers and advertisers with their data to receive relevant ads in return for free access to content and services, and they expect companies who use their information to be good custodians of that data. For this fundamental deal of the internet to survive, the advertising industry must regain trust among consumers, privacy advocates and governments. Making this happen will require new, agreed upon rules within the advertising ecosystem. Internet users, browsers, publishers, advertisers, and ad tech companies must work together to create solutions that form the basis of a new deal upholding the core values of the free and open internet, while better protecting internet users’ privacy by empowering them to make meaningful choices.