Industry Discussion | Author: Alyce Erikson, LinkedIn
The internet has drawn a new line on what we expect of digital privacy. The line has moved from being an objective concept, representing data breaches, theft, fraud, and personal exposure, to a subjective line representing a redefining of privacy of which the dust hasn’t yet settled.
As this new, subjective line takes shape we see privacy driven not by government legislation, but by proactive industry reform.
These emerging ideas of privacy look like:
- The (eventual) removal of third-party cookies from Chrome
- Apple’s App Tracking Transparency (ATT)
- Secure multi-party computation
- Differential privacy
- On-device analytics
If you’re scratching your head wondering how privacy became so complicated, you’re not the only one. Privacy has become a subjective experience, with industry players like Google and Apple taking charge of defining what that experience means for internet users. And for we digital marketing practitioners, the further we explore the rabbit hole of industry-driven privacy reform, the more confused we get about what digital privacy is.
So, what does this new line mean for brands, publishers, and agencies? The IAB SEA+India Data and Attribution Council discussed this new line and how much of it we should understand in depth.
The old privacy line:
The old privacy line protects one’s identity from malicious activity. In The Asia-Pacific Privacy Guide (2020-2021) from Deloitte, three key trends summarise the old privacy line.
- Trend #1: Governments strengthening privacy frameworks into consolidated laws – reducing the complexity of privacy into singular, overarching laws to protect us from breaches.
- Trend #2: Increasing consumer awareness of privacy breaches such as passwords to personally identifiable information (PII) shared with third parties.
- Trend #3: Governments introducing mandatory data breach notification laws forcing organizations to alert their users if a data breach has taken place.
These laws and consumer expectations are related to the first of three layers of digital identity – what you share. Privacy means protecting internet users from having their PII transferred from one source to another without consent.
The three layers of digital identity:
As shared by Quartz, this first layer of digital identity is what you share on social media and apps – such as your personal information, financial details, the action you take on platforms, and the content you upload. This layer is what we as users and practitioners experience as the old line of privacy.
The second layer of digital identity is the actions you take. These actions provide context to support those actions such as your location data, ads clicked, time spent on content, and whether you’re online or offline. Reporting on campaign activity is fair game in digital marketing.
The third layer is an analysis of the first and second layers to move beyond understanding what actions you take. This analysis will infer characteristics of who you are that you may not have otherwise revealed. For example, whether you’re a compulsive shopper, newly married, have new eating habits, or are battling addictions. This layer is invaluable for advertisers and platforms to surface relevant content. It’s also the most ethically ambiguous.
The new privacy line:
In 2019, Apple launched its ‘Privacy. That’s iPhone’ campaign to highlight how they limit the information that’s shared with third parties. It’s here that the new privacy line started to be drawn by Apple through their stance on what data is shared about you with the websites you visit.
The new privacy line acknowledges that your data is shared between organizations and third parties. Organisations understand your behaviors and build profiles based on this data, but it’s not personally identifiable to you. The new privacy line shares the second and third layers of digital identity but obfuscates the first layer to implement privacy.
There are three levers that tech organisations and publishers are using to carve the new privacy line – secure multi-party computation, differential privacy, and on-device analytics. Let’s break them down:
Secure multi-party computation refers to sharing, matching, and querying data from multiple business partners without sharing or revealing the personal information of individuals. For example, Meta reports on the deal size of customers who clicked on an ad without revealing who it was.
Differential privacy involves analysing data and extracting required business metrics without knowing the details of the individual in the data set. For example, Google uses the Privacy Sandbox to cluster people into large groups to target site visitors based on Topics they might be interested in vs. an individual’s browsing history.
On-device analytics involves limiting the transfer of data by performing processing functions on the user’s device. For example, LinkedIn uses on-device conversion tracking to track ad engagement and conversions without sharing individual member-level third-party data back to LinkedIn.
The question – how much should we know about the new privacy line?
The IAB SEA+India Data and Attribution Council members discussed this new privacy line and how much we should know about it. As a cohort, we recognise the importance of understanding this new line and how it affects our industry, albeit at a high level.
The Council found that the ever-changing, technically heavy privacy line was important to recognise and be familiar with. We recognise the line is no longer about just protecting users from malicious activity and that a balance exists between content relevance and data privacy.
So, what does this mean for practitioners? You can’t really see digital privacy in practice. Our goal shouldn’t be to understand the nuances of how Meta, Apple, Google, LinkedIn or any other organisation is defining the new line of digital privacy for its users. Instead, it’s our responsibility to understand the implications of these reforms to the social definition of digital privacy alongside how it impacts the efficacy of our marketing activities. It’s important to know there’s a new privacy line emerging, but we shouldn’t place an unrealistic expectation on ourselves to know everything about it.